BcastDVRCommon[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BcastDVRCommon.dll
Size

197KB
MD5

77ef0dca03b1ac26a91b368a4ca6c7a8
SHA1

fe45887e0b43df2cb60f398e01a72d6a44f20b98
SHA256

bf936c32c144bc05ecb5a4dab64550d88a8ae23744ae210538d74fa472ccca0e
SHA512

58f8d429876a58a2f4691a7e7d89e81022a40b80ca7ba0d9334fb08bd5a62023e1e08a2be2063ccce272ca1e549d4aa5f7c223596eb91a8fa86eea41403ff132
SSDEEP

6144:8VpQwvxV26eMuClBOPXovwYatSoVzFnkD:8r66/7DGxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BcastDVRCommon.dll

Files

BcastDVRCommon.dll
.dll windows:10 windows x86 arch:x86

12555bcdc2a236feb96f6af497c9e103

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

BcastDVRCommon.pdb

Imports

msvcrt

_lock
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_except_handler4_common
memmove
_vsnprintf
wcsrchr
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
?name@type_info@@QBEPBDXZ
_wtoi
_unlock
swscanf_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
wcschr
memcmp
_wcsicmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
??1type_info@@UAE@XZ
_ftol2
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateMutexW
CreateEventExW
SetEvent
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringLen
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsConcatString
WindowsCreateString
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
Sleep
WaitOnAddress
WakeByAddressAll

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime

rpcrt4

UuidCreate

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-com-l1-1-0

CoGetCallContext
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoIncrementMTAUsage
CoDecrementMTAUsage
CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromGUID2

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegEnumKeyExW
RegGetValueW
RegOpenCurrentUser
RegSetValueExW
RegSetValueExA

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
GetFileAttributesW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

ntdll

RtlInitUnicodeString
NtQueryInformationToken
RtlFreeHeap
RtlAllocateHeap
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb

Exports

Exports

??0BcastDVR_OutputDebug@@QAE@PBD@Z
??0ImpersonateHelper@Internal@Capture@Media@Windows@@QAE@XZ
??1ImpersonateHelper@Internal@Capture@Media@Windows@@QAE@XZ
?AppendPath@EnvironmentManager@Internal@Capture@Media@Windows@@YGJABVString@25@0PAV625@@Z
?CalcPreviewVideoBufferDataSize@GameDVRUtility@Internal@Capture@Media@Windows@@YGJKKPAK@Z
?CalcPreviewVideoFrameDataSize@GameDVRUtility@Internal@Capture@Media@Windows@@YGJKKPAK@Z
?CleanupObsoletePlugIns@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@@Z
?CloseDuplicatedHandle@GameDVRUtility@Internal@Capture@Media@Windows@@YGJKPAX@Z
?CloseDuplicatedHandles@GameDVRUtility@Internal@Capture@Media@Windows@@YGJKKQAPAX@Z
?FreeBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YGXPAPAU_GUID@@@Z
?GetBroadcastPlugInRegistryPathFromSebEventId@EnvironmentManager@Internal@Capture@Media@Windows@@YGJABU_GUID@@PAVString@25@@Z
?GetBroadcastPlugInRegistryPathFromSebEventIdString@EnvironmentManager@Internal@Capture@Media@Windows@@YGJPBGPAVString@25@@Z
?GetBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAKPAPAU_GUID@@@Z
?GetCallersPlugInInfo@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@ABU_GUID@@PAVString@25@2@Z
?GetCallersSebEventId@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAU_GUID@@@Z
?GetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PAU_GUID@@@Z
?GetErrorHistoryCount@BcastDVRLogProviderBase@@SGKXZ
?GetFormattedErrorHistory@BcastDVRLogProviderBase@@SGKPAVString@Internal@Windows@@@Z
?GetGuidFromGuidString@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPBGPAU_GUID@@@Z
?GetGuidStringFromGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YGJABU_GUID@@_NPAVString@25@@Z
?GetHKeyCurrentUserForDefaultUser@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAPAUHKEY__@@@Z
?GetHKeyCurrentUserForIUser@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIUser@System@5@PAPAUHKEY__@@@Z
?GetIUserSID@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIUser@System@5@PAVString@25@@Z
?GetJsonArray@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAEPAPAU?$IVector@PAUIJsonValue@Json@Data@Windows@@@785@@Z
?GetJsonBoolean@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAE2@Z
?GetJsonDateTime@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAEPAUDateTime@85@@Z
?GetJsonDouble@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAEPAN@Z
?GetJsonGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAEPAU_GUID@@@Z
?GetJsonNumber@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAEPA_J@Z
?GetJsonString@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAEPAVString@25@@Z
?GetKnownFolderSubFolder@EnvironmentManager@Internal@Capture@Media@Windows@@YGJABU_GUID@@PBGPAVString@25@@Z
?GetOSVersionString@GameDVRUtility@Internal@Capture@Media@Windows@@YGXPAVString@25@@Z
?GetPlugInInfo@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@ABU_GUID@@PAVString@25@22@Z
?GetPlugInPackageFullName@PlugInUtility@Internal@Capture@Media@Windows@@YGJABU_GUID@@PAVString@25@@Z
?GetUserGameDVRConfigFolderPath@EnvironmentManager@Internal@Capture@Media@Windows@@YGJPAVString@25@PBG@Z
?ImpersonateDefaultUser@ImpersonateHelper@Internal@Capture@Media@Windows@@QAEJXZ
?ImpersonateUser@ImpersonateHelper@Internal@Capture@Media@Windows@@QAEJPAUIUser@System@5@@Z
?Initialize@BcastDVR_OutputDebug@@SGXPBGW4BcastDVR_OutputDebug_TraceToFileType@@0@Z
?InsertJsonArray@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAPAU?$IVector@PAUIJsonValue@Json@Data@Windows@@@785@@Z
?InsertJsonBoolean@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@E@Z
?InsertJsonDateTime@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@UDateTime@Foundation@5@@Z
?InsertJsonDouble@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@N@Z
?InsertJsonGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@U_GUID@@@Z
?InsertJsonNumber@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@_J@Z
?InsertJsonObject@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@PAPAUIJsonObject@Json@Data@5@@Z
?InsertJsonString@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@2@Z
?InsertNamedJsonEnumBitfields@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIJsonValueStatics@Json@Data@5@PAU?$IMap@PAUHSTRING__@@PAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PAUHSTRING__@@_KPBQBGH@Z
?LogError@BcastDVRLogProviderBase@@SGXJPBD0H_N@Z
?LogErrorEx@BcastDVRLogProviderBase@@SGXJPBD0H00_N@Z
?MapConstantToString@GameDVRUtility@Internal@Capture@Media@Windows@@YGPBGQAPBGKKKK@Z
?MostRecentErrorInHistory@BcastDVRLogProviderBase@@SGJXZ
?OutputString@BcastDVR_OutputDebug@@QAEXXZ
?PrintGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YGJU_GUID@@PAVString@25@@Z
?PrintHRESULT@BcastDVR_OutputDebug@@QAEXJ@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBD0@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDE@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDH@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDI@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDK@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDN@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDPAX@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBDPBG@Z
?PrintType@BcastDVR_OutputDebug@@QAEXPBD_K@Z
?Printf@BcastDVRLogProviderBase@@SAX_N0PBD1HPBGZZ
?RecreateStorageFile@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUIStorageFile@Storage@5@PAPAU675@@Z
?RegGetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGXPAUHKEY__@@PBG1KPAK@Z
?RegGetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGXPAUHKEY__@@PBG1_KPA_K@Z
?RegGetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGXPAUHKEY__@@PBG1PAVString@25@@Z
?RegSetBinaryValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PBG1PBEK@Z
?RegSetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PBG1K@Z
?RegSetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PBG1_K@Z
?RegSetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PBG1PAVString@25@@Z
?RegSetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PBGPBD2@Z
?RegisterCallingPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@PAUHSTRING__@@1ABU_GUID@@@Z
?SetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YGJPAUHKEY__@@ABU_GUID@@@Z
?Uninitialize@BcastDVR_OutputDebug@@SGXXZ
ActiveMetadataManagerInstances
CreateCallerManagerInstance
CreateCallerManagerInstanceForAppId
CreateMetadataManagerInstance
CreateMetadataManagerInstanceForAppId
CreateMetadataManagerInstanceFromJson
FireCallerManagerEvent
FireCallerManagerEventForAppId
GetBroadcastSharedMemoryReader
GetBroadcastSharedMemoryWriter
GetPreviewSharedMemoryReader
GetPreviewSharedMemoryWriter

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12555bcdc2a236feb96f6af497c9e103

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-psapi-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 175KB

.data Size: 1024B - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 176KB - Virtual size: 175KB

.data
Size: 1024B - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB