Phoneutil[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Phoneutil.dll
Size

303KB
MD5

bf1142190a3059eeabd9c6863e61a8b9
SHA1

f63d9714aadb4d93f68b4d0b439fcd760b9acba1
SHA256

2b74850b1c1155e997b6090870827860ad17b37b1f9638a6be7aa661b7f5001a
SHA512

fe2266da3cbe829ab572f092b402e28e0fbd1414e03dde7a45608493125941f6e424d62f5f5c98ab4bb8e044c295eed7f6fc665e4d0f6cd6358725523a61e42d
SSDEEP

6144:WeNJFcJBUopCpTEZRnhb4TomLBGv8PBIj+5I0besudyP6CezpdM+ud3:oBUocTinhb4cA08PWj+5IEe4BePM+uF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Phoneutil.dll

Files

Phoneutil.dll
.dll windows:10 windows x86 arch:x86

4e0179d6d175b23dc76dd7f52d3735b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PhoneUtil.pdb

Imports

msvcrt

wcstok_s
wcschr
wcstol
_vsnwprintf_s
wcsspn
wcsncmp
wcsstr
_errno
_vsnwprintf
wcscpy_s
iswdigit
memmove_s
tolower
wcstoul
_itow_s
bsearch_s
bsearch
_ultow_s
iswspace
wcspbrk
_wcsrev
_callnewh
memmove
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
memcpy
memcmp
_purecall
realloc
_except_handler4_common
_initterm
wcsncpy_s
malloc
toupper
_amsg_exit
_XcptFilter
free
memcpy_s
memset

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
SizeofResource
LoadLibraryExW
FreeLibrary
LoadResource
GetModuleFileNameA
LoadStringW

api-ms-win-core-synch-l1-1-0

CreateEventW
DeleteCriticalSection
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateEventExW
SetEvent
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoWaitForMultipleHandles
CLSIDFromString
CoFreeUnusedLibrariesEx
StringFromGUID2
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventRegister

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
OpenThreadToken
GetCurrentProcessId
TerminateProcess
SuspendThread
GetCurrentThreadId

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetUserGeoID
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolCleanupGroup
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWork
SubmitThreadpoolWork
CallbackMayRunLong
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

CopySid
IsWellKnownSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
GetLengthSid
IsValidSid
RevertToSelf

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoActivateInstance
RoUninitialize

rpcrt4

RpcImpersonateClient
RpcRevertToSelf

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

ntdll

RtlLengthSid
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlQueryPackageClaims

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AsyncWorkDispatcher_CreateInstance
CauseCode_GetCodeFriendlyText
CauseCode_IsCodeRegistered
CellVoiceHelper_FreeUiccAppSet
CellVoiceHelper_GetSingleInstance
CellularApiHelper_CreateInstance
CellularApiHelper_FreeCountedModemArray
CellularApiHelper_FreeCountedRegistrationStatusArray
CellularApiHelper_FreeCountedSimAppArray
CellularApiHelper_FreeCountedSimArray
CellularApiHelper_FreeCountedSimLineArray
CellularApiHelper_FreeCountedSlotArray
CellularApiHelper_FreeCountedSlotCanAssociationArray
ComparePhoneNumbers
ConvertPhoneNumberToUINT64
CopyOnlyCharsetCharacters
CreateAudioHardwareHelper
CreateBrandingInfo
CreateCellularApiLineConfig
CreateCellularPhoneLineConfig
CreateDialAssist
CreatePerUserSecurityPolicy
CreatePerUserSecurityToken
CreatePerUserSecurityTokenForRpcClient
CreateUdmDataSessionForSignedInUser
CreateUdmDataSessionForSignedInUserContext
DeinitDialingPrefixTable
DetectMultiPrefix
DuplicateSidIfValid
FindAreaCode
FormatPhoneNumberWithLeftToRightMarker
FreeTextReplyPresetMessages
Get3GGPInCallToneDefaultForRegion
Get3GPPInCallToneDefault
Get3GPPInCallToneForTypeAndMcc
Get3GPPInCallToneTypeString
GetAdjustCDMACallTimeSetting
GetCchTailMin
GetCellvoiceLineIdAsString_LocalAlloc
GetCountryCodeFromOperatorNum
GetDefaultWiFiCallingBranding
GetDialStringFromTelUri
GetDialableNumber
GetDialableNumberAndDTMF
GetDialableNumberEtc
GetDialingPrefixes
GetDisplayNameFromCallInformation
GetDisplayNumberWithLeftToRightMarker
GetDtmfInCallToneTypeString
GetIddPrefix
GetIddPrefixTable
GetMethodFromPropId
GetNationalNumberLength
GetNddPrefix
GetRpcClientUser
GetSidForUserToken
GetSignedInUserForAppActivation
GetTelUriFromDialString
GetTextReplyPresetMessages
GetTimeDeltaFormat
GetUserContextTokenForUser
GetUserTokenForUser
GetZerothCellularPhoneLineId
ImpersonateSignedInUser
InitDialingPrefixTable
IsCellularVoiceCapableDevice
IsDialableChar
IsDialableCharEx
IsEqualWnfStateNameHelper
IsNumberDialable
IsTTYEnabled
IsUserAccountLoggedOn
IsValidCharacterForCharset
MapPlusToDialingPrefix
MaskPhoneNumber
MaskPhoneUri
MaskString
OneShotTimer_CreateInstance
OptimizedReverseNumberCompare
PhoneLineIdToString
PhoneLineIdToUrlEscapedString
Phone_FmtText
Phone_FmtText_GlobalFormat
Phone_FmtText_NonDialerFormat
RemoveMetadataFromNumber
ShouldSupportUdmCallHistory
StringToPhoneLineId
StripExtraneousNDD
StripNonDtmfChars
UrlEscapeString
ValidPhoneNumberInplaceStripInvalidCharacters
VoipAppIdentityUtilities_GetApplicationByAumid
VoipAppIdentityUtilities_GetApplicationResourceResolverFromApplication
VoipAppIdentityUtilities_GetLifecycleManagerPolicy
VoipAppIdentityUtilities_GetRpcClientApplicationUserModelId
VoipAppIdentityUtilities_GetVoipAppAUMIDFromPFN

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e0179d6d175b23dc76dd7f52d3735b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

ntdll

api-ms-win-core-url-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 281KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 282KB - Virtual size: 281KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 11KB - Virtual size: 10KB