BWContextHandler[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BWContextHandler.dll
Size

45KB
MD5

e1cf223eb52c92967ea8fcd85cc5a639
SHA1

1f471141d9c5a236292c61d30a9c1aee27c37cd8
SHA256

1994bf8ca29d721f587bad23543de488e528597ddd5c8668bbcc151b2dc146aa
SHA512

4ea36882f41391c21c34a4d22ce901bcc3ead29d6afcb6d33fa8e7a3db128f428df3b68924d558361960b2aa0066dcbe8dd6ea8ff3259eb358be332feeb2d391
SSDEEP

768:JtTzLAZ6WwVR+wjT5C1iagtsYScJ10lg0c4XW+0AENP6AXfTC34:J9pWyjdC1YScJu20FXW4APT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BWContextHandler.dll

Files

BWContextHandler.dll
.dll regsvr32 windows:6 windows x86 arch:x86

a9431b95e4b8588e2c52b95b3519a295

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BWContextHandler.pdb

Imports

msvcrt

wcscpy_s
free
wcscat_s
malloc
??_U@YAPAXI@Z
??2@YAPAXI@Z
_vsnwprintf
wcsncpy_s
memmove_s
wcsftime
_localtime64_s
_purecall
memset
_mktime64
??_V@YAXPAX@Z
??3@YAXPAX@Z
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
_errno
realloc
_except_handler4_common
memcpy_s

advapi32

TraceMessage
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
EventWrite

kernel32

GetCurrentProcess
UnhandledExceptionFilter
Sleep
TerminateProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
GetThreadLocale
DisableThreadLibraryCalls
GetCurrentThreadId
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetLastError
GetModuleHandleA
LoadLibraryA
LoadLibraryW
OutputDebugStringA
FreeLibrary
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
FileTimeToSystemTime
FileTimeToLocalFileTime
LockResource
GetLocaleInfoW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

ole32

PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2

oleaut32

VarUI4FromStr

shell32

SHCreateItemFromIDList
ShellExecuteW
DuplicateIcon
ord893
SHGetItemFromObject
ord155
ord727
ord77

shlwapi

StrToInt64ExW

user32

UnregisterClassA
GetDlgItemTextW
SendMessageW
ShowWindow
GetDlgItem
EnableWindow
SetDlgItemTextW
GetParent
LoadStringW
SetWindowLongW
GetWindowLongW
DestroyIcon
CharNextW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9431b95e4b8588e2c52b95b3519a295

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB