BWContextHandler[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BWContextHandler.dll
Size

62KB
MD5

e15077b67747451508f75ba718ad4f8e
SHA1

c0898d2b7ce029be01cb782d909b481445b38dbb
SHA256

923458b51a1f95a2554f178c551708d35cfc28faf076b43acb148261a38b5b99
SHA512

df025c1576958fe01576665847f199d9f46bd766ced63d236ceb128d33db8f6626b8e010adb9c0bacf4c25bcef1c5e584636b6002d68531acb469217d112e515
SSDEEP

1536:cT/BChoG/u4jxXi43vplIArQwzKXF2I64isT:Awpjk43Rljp+ssf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BWContextHandler.dll

Files

BWContextHandler.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7b083986681d748784b2ca3b05f3fe24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BWContextHandler.pdb

Imports

msvcrt

wcscpy_s
wcsncpy_s
wcscat_s
malloc
_vsnwprintf
_mktime64
memmove_s
memset
_purecall
??_U@YAPAXI@Z
??2@YAPAXI@Z
wcsftime
_localtime64_s
_XcptFilter
free
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
realloc
_errno
??_V@YAXPAX@Z
_initterm
??3@YAXPAX@Z
memcpy_s

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
EventWrite
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
EventUnregister
EventRegister
RegCloseKey
RegOpenKeyExW

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
LoadLibraryA
lstrcmpiW
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareStringOrdinal
LoadLibraryExW
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
FreeLibrary
MultiByteToWideChar
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLocaleInfoW

ole32

StringFromGUID2
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetObject
CoAllowSetForegroundWindow
CoUninitialize
CoInitializeEx

oleaut32

SysStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

shell32

ShellExecuteW
ord727
ord77
ord18
DuplicateIcon
SHCreateItemFromIDList
ord730
ord100
SHGetItemFromObject
ord155
ord893

shlwapi

SHStrDupW
ord16

user32

CharNextW
LoadStringW
SendMessageW
DestroyIcon
AllowSetForegroundWindow
GetForegroundWindow
GetDlgItemTextW
ShowWindow
EnableWindow
GetDlgItem
SetDlgItemTextW
SetWindowLongW
GetParent
GetWindowLongW
PostMessageW
UnregisterClassA

winspool.drv

ord204
ord203

propsys

PropVariantToStringAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b083986681d748784b2ca3b05f3fe24

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

winspool.drv

propsys

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB