PhoneOm[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PhoneOm.dll
Size

311KB
MD5

6f1368fd3b65b4fa87ad938685e102c0
SHA1

0d8bb990765d28c11318d981d11ba44faea216ec
SHA256

5e2d66bb3b40cc8c604337c8d8f95a2eaf278f3fc557f193a839056b51cad558
SHA512

5e50b5e118a07bc321e48e69add4773c3468e0a43a20843068fbb278da80919a9fb3bf69c5eca47f0f89b063cddcea34ad628d7543d4505818706aa5e9f7dbfc
SSDEEP

3072:n7h30HqGaiy46J6Zr3I0DTbQEF1BUwZHsdYlsjJ7ctb/cavx45Hq5jf8hlmGKWeM:7h34aAr9NF1NYqtD/vCq5jfRjYfl+f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PhoneOm.dll

Files

PhoneOm.dll
.dll windows:10 windows x86 arch:x86

abb77da57d7f5afc58985105a3e4cff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PhoneOm.pdb

Imports

msvcrt

memset
_callnewh
_vsnwprintf
_vsnwprintf_s
_errno
memmove
memcmp
_ftol2
_purecall
wcsncpy_s
malloc
free
wcstoul
wcschr
__dllonexit
_amsg_exit
_unlock
_XcptFilter
_onexit
_lock
_initterm
__CxxFrameHandler3
_except_handler4_common
memcpy_s
realloc
memcpy

phoneutil

CreateBrandingInfo
VoipAppIdentityUtilities_GetApplicationResourceResolverFromApplication
VoipAppIdentityUtilities_GetApplicationByAumid
Phone_FmtText_NonDialerFormat
MapPlusToDialingPrefix
GetCountryCodeFromOperatorNum

userdataplatformhelperutil

IsActiveDebugger
GenerateUserModeServiceName

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-1

CreateSemaphoreW
RegisterWaitForSingleObject

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-url-l1-1-0

UrlEscapeW

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
SizeofResource
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
LoadResource
FindResourceExW
DisableThreadLibraryCalls

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
CreateEventW
SetEvent
OpenEventW
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
Sleep
DeleteCriticalSection
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSemaphore
CreateEventExW
InitOnceExecuteOnce
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-com-l1-1-1

CoDecrementMTAUsage
CoUninitialize
StringFromGUID2
CoIncrementMTAUsage
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoGetApartmentType
RoGetAgileReference
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoGetCallerTID
CoWaitForMultipleHandles
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWrite
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoTransformError
RoOriginateError
IsErrorPropagationEnabled
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

rpcrt4

NdrAsyncClientCall2
RpcStringFreeW
RpcStringBindingComposeW
RpcExceptionFilter
RpcBindingFree
NdrClientCall4
RpcBindingFromStringBindingW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-2-1

GetFileSizeEx
CreateFileW
CompareFileTime

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-2

SetThreadToken
GetCurrentThread
CreateThread
OpenProcessToken
TlsAlloc
TlsFree
OpenProcess
TlsGetValue
GetCurrentThreadId
OpenThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
TlsSetValue

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
CloseThreadpoolTimer
CreateThreadpoolWork

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW

api-ms-win-security-base-l1-2-0

GetTokenInformation
RevertToSelf

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-2-0

QueryServiceStatus

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

combase

ord90

api-ms-win-rtcore-ntuser-window-l1-1-0

DispatchMessageW
PeekMessageW
TranslateMessage
PostThreadMessageW

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

CreatePhoneRpcClient
DTMFModeListener_CreateInstance
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
PhoneAPIInitialize
PhoneAPIUninitialize
PhoneAcceptIncoming
PhoneAcceptIncomingEx
PhoneAcceptVideo
PhoneActivateVisualVoicemail
PhoneAddListener
PhoneAddVideo
PhoneCallCapabilityAccessCheck
PhoneCallVoicemail
PhoneCancelNonSeamlessUpgrade
PhoneClearIdleCallsFromController
PhoneConference
PhoneConfirmNonSeamlessUpgrade
PhoneDeactivateVisualVoicemail
PhoneDial
PhoneDropAccept
PhoneDropAcceptEx
PhoneDropVideo
PhoneEnableBluetoothHandsFree
PhoneEnd
PhoneExecutePendingDtmfWait
PhoneExitEmergencyMode
PhoneExplicitCallTransfer
PhoneFinishRecording
PhoneFlash
PhoneFormatPhoneNumber
PhoneFreeCallInfo
PhoneFreeRecordingApplicationList
PhoneGetActiveAppByType
PhoneGetActiveSpamFilterApp
PhoneGetAggregateBranding
PhoneGetAppListByType
PhoneGetAssistedDialNumber
PhoneGetAssistedDialSetting
PhoneGetAvailableActions
PhoneGetBlockPrivateNumbersSetting
PhoneGetBlockUnknownNumbersSetting
PhoneGetBluetoothHandsFreeState
PhoneGetBrandingText
PhoneGetCallCounts
PhoneGetCallInfo
PhoneGetCallState
PhoneGetCallsInConference
PhoneGetCellularApiComponentInfo
PhoneGetDefaultOutgoingLine
PhoneGetDeviceSupportsVideoCalling
PhoneGetElapsedTime
PhoneGetLinePublicInfo
PhoneGetLinePublicSettings
PhoneGetLines
PhoneGetLinesEx
PhoneGetMute
PhoneGetNetworkAlert
PhoneGetPreferredCallUpgradeLine
PhoneGetProviderLineInfo
PhoneGetProviderLineLockInfo
PhoneGetProviderLineServiceInfo
PhoneGetProviderLineVvmConnectivityState
PhoneGetRecordingApplications
PhoneGetShouldMuteKeypad
PhoneGetSpeaker
PhoneGetState
PhoneGetVideoCapabilities
PhoneGetVideoCapabilitySharingSettings
PhoneGetVisualVoicemailAccessor
PhoneGetVisualVoicemailBranding
PhoneGetVoicemailNumberAndOverrideInfo
PhoneGetWiredHeadsetState
PhoneHandleAppUninstallByType
PhoneInitiateCallUpgrade
PhoneInitiateDeactivatePerso
PhoneInitiateRetrievalOfCIDRestrictionSupport
PhoneInitiateSimPinOperation
PhoneIsActionAvailable
PhoneIsDtmfWaitPending
PhoneIsEmergencyNumber
PhoneIsImmediateDialString
PhoneIsPhoneNumberInBlockList
PhoneIsVideoCallingEnabled
PhoneIsVideoCallingSwitchActionable
PhoneIsVoiceRoamingRestrictionActive
PhoneIsVvmSetupComplete
PhoneMapIddPrefixToPlus
PhoneMapPlusToDialingPrefix
PhoneMarkDataAffinityNotificationSeen
PhoneMarkVvmSetupComplete
PhoneModifyCallForwarding
PhoneModifyCallerIdSetting
PhoneModifyVideoCallingSetting
PhoneModifyVoicemailAddress
PhoneNotificationHelper_CreateInstance
PhonePauseRecording
PhonePrivate
PhonePublicDial
PhoneRefreshCallForwardingState
PhoneRefreshEcbmState
PhoneRefreshVideoCallingSetting
PhoneReinitiateCallerIdLookup
PhoneRejectIncoming
PhoneRejectVideo
PhoneRemoveListener
PhoneSaveVvmPassword
PhoneSendDTMF
PhoneSendDTMFStart
PhoneSendDTMFStop
PhoneSetActiveAppByType
PhoneSetActiveSpamFilterApp
PhoneSetBlockPrivateNumbersSetting
PhoneSetBlockUnknownNumbersSetting
PhoneSetCallOriginInfo
PhoneSetCallerAsActiveAppByType
PhoneSetFilterAppBlockList
PhoneSetForegroundLine
PhoneSetHold
PhoneSetLocalVideo
PhoneSetMute
PhoneSetPreferredCallUpgradeLine
PhoneSetRecordingApplication
PhoneSetReminderInfo
PhoneSetSpeaker
PhoneSetVideoCapabilitySharingSettings
PhoneSetVideoPaused
PhoneSimChangePin
PhoneSimChangePin2
PhoneSimDisablePinLock
PhoneSimEnablePinLock
PhoneSimGetPin2
PhoneSimNotifyPin2Available
PhoneSimUIClosed
PhoneSimUnlock
PhoneSimUnlockDebug
PhoneSpamFilteringEnabled
PhoneStartRecording
PhoneStartVisualVoicemailSync
PhoneSupportsLocalVvmConfig
PhoneSwap
PhoneWaitForAPIReady
ShouldPlayCallWaitingTone

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abb77da57d7f5afc58985105a3e4cff5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

phoneutil

userdataplatformhelperutil

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-url-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

rpcrt4

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-2-0

ntdll

combase

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 272KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 272KB - Virtual size: 272KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 19KB - Virtual size: 18KB