a64c8ff676e18fddb07f8e682eb6450952533a5bd34d1317e9dd999679e6a3f2

Sharing

Copy URL Twitter E-mail

General

Target

a64c8ff676e18fddb07f8e682eb6450952533a5bd34d1317e9dd999679e6a3f2
Size

5.5MB
MD5

8fdeb625d6460f403ad626e9af2f386b
SHA1

7ce3eb84f8bb5137f1fabfd518e4cb36129882bb
SHA256

a64c8ff676e18fddb07f8e682eb6450952533a5bd34d1317e9dd999679e6a3f2
SHA512

e51533db545b3f4e01357a453014640010f1bb364c7e06d9a1a4d07cd8e892aee11528ae5eabb12ef8aec566d80d746edffff622391626c5a867098be900c4f7
SSDEEP

49152:deVSuXzZQaPaQxRLtKmagDJZc9R1jzWiGeRWaNKt7003GpZKqvZK+K3:deVViqtKmaCJZc31jqip1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a64c8ff676e18fddb07f8e682eb6450952533a5bd34d1317e9dd999679e6a3f2

Files

a64c8ff676e18fddb07f8e682eb6450952533a5bd34d1317e9dd999679e6a3f2
.dll windows:5 windows x86 arch:x86

fc577bcb25e25ddefcd6dfbacadc0e55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\WorkshopAgent\DevelopProj2\HookAPI\OPPO\4.72.508.1301\Bin\Release\winhadntv.pdb

Imports

mpr

WNetGetConnectionA
WNetGetConnectionW

shlwapi

ord176
SHCreateStreamOnFileW
StrRetToBufW

kernel32

SystemTimeToFileTime
GetTimeZoneInformation
IsBadWritePtr
GetFileInformationByHandle
GetFileAttributesExA
FindNextFileA
GetVolumeInformationW
QueryDosDeviceA
GetProcessTimes
GetExitCodeProcess
VirtualQuery
CompareFileTime
ReadProcessMemory
VirtualQueryEx
WaitForMultipleObjects
ResetEvent
TerminateThread
GetProfileStringA
GetPrivateProfileStringA
WriteConsoleA
OutputDebugStringA
FreeConsole
AllocConsole
GetTempFileNameW
FlushFileBuffers
LocalAlloc
TlsAlloc
OutputDebugStringW
FileTimeToSystemTime
VirtualProtect
IsBadReadPtr
GetStdHandle
GetTempPathW
OpenMutexW
CreateMutexW
CreateEventW
GetLocaleInfoW
SetFileAttributesW
GetCommandLineA
SetFileAttributesA
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
VirtualProtectEx
WriteProcessMemory
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
InterlockedExchangeAdd
InterlockedCompareExchange
CreateProcessA
GetThreadPriority
SetThreadPriority
GetPriorityClass
SetPriorityClass
SuspendThread
OpenSemaphoreA
CancelIo
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
SizeofResource
LockResource
LoadLibraryExA
FreeResource
GetWindowsDirectoryA
SetEnvironmentVariableA
GetProcessHeap
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetConsoleCtrlHandler
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
WriteConsoleW
GetStartupInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapDestroy
HeapCreate
LCMapStringW
IsValidCodePage
CreateDirectoryA
ExpandEnvironmentStringsW
OpenEventW
GetVersionExA
GetSystemInfo
WideCharToMultiByte
FileTimeToLocalFileTime
Process32First
Process32Next
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenEventA
SetEvent
GetFullPathNameA
GetFullPathNameW
GetDriveTypeA
FindFirstFileA
GetLongPathNameA
GetLongPathNameW
CreateEventA
OpenMutexA
CreateMutexA
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
MoveFileExW
CreateProcessW
WaitForSingleObject
CreateThread
DeleteFileA
CopyFileA
lstrlenW
GetDiskFreeSpaceExW
FindNextFileW
OpenProcess
FindFirstFileW
FindClose
GetComputerNameA
FindResourceExA
GetFileAttributesW
GetFileType
GetFileAttributesExW
QueryDosDeviceW
Sleep
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetDriveTypeW
GetModuleHandleA
GetCurrentThread
GetCurrentProcess
DuplicateHandle
TlsGetValue
LocalFree
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetLastError
ResumeThread
GetFileTime
GetFileSize
GetLocalTime
DeviceIoControl
GetVersion
GetExitCodeThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesA
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetLastError
LoadLibraryW
GetCurrentProcessId
GetModuleHandleW
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
GetCommandLineW
LoadLibraryA
GetProcAddress
CreateFileW
ReadFile
CloseHandle
GetTickCount
CopyFileW
SetFilePointer
SetEndOfFile
WriteFile
MoveFileW
DeleteFileW
FreeLibrary
LoadResource
FormatMessageA
MultiByteToWideChar
GetOEMCP
GetCPInfo
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDateFormatW
GetTimeFormatW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
HeapReAlloc
RaiseException
HeapAlloc
HeapFree
DecodePointer
EncodePointer
RtlUnwind
BackupRead
BackupSeek
BackupWrite
SetFileTime
MoveFileExA
RemoveDirectoryW
CreateDirectoryW
RemoveDirectoryA
MoveFileA
GetEnvironmentVariableA
GetTempPathA
ExpandEnvironmentStringsA
PulseEvent
ReleaseSemaphore
CreateSemaphoreA
InterlockedExchange
SleepEx
FormatMessageW
GetACP
lstrlenA

user32

GetWindowLongA
PostMessageA
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetClipboardFormatNameW
EnumClipboardFormats
GetDC
FillRect
DrawTextW
SystemParametersInfoW
GetClassNameA
GetWindowTextA
OpenDesktopA
OpenDesktopW
InternalGetWindowText
EnumDesktopWindows
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
SetThreadDesktop
LoadCursorA
SetCursor
ClientToScreen
ReleaseDC
wsprintfA
GetWindow
OffsetRect
IsRectEmpty
IsZoomed
GetClientRect
MoveWindow
FindWindowA
LoadStringW
WaitForInputIdle
IsWindowVisible
GetClipboardOwner
OpenInputDesktop
GetProcessWindowStation
EnumDesktopsA
GetUserObjectInformationA
GetThreadDesktop
SwitchDesktop
CloseDesktop
WindowFromDC
CreateDesktopA
SetClipboardData
MessageBoxW
PostThreadMessageW
DdeConnectList
DdeQueryNextServer
DdeQueryConvInfo
DdeDisconnect
DdeDisconnectList
SendMessageTimeoutW
EnumWindows
GetPropW
GetWindowTextW
IsWindow
GetWindowThreadProcessId
GetForegroundWindow
GetParent
GetWindowLongW
SetWindowLongW
PostMessageW
GetDlgItem
GetClassNameW
FindWindowExW
SendMessageA
SendMessageW
CallWindowProcW
GetCursorPos
MsgWaitForMultipleObjects
GetSystemMetrics
GetUserObjectInformationW
WindowFromPoint
GetDesktopWindow
GetWindowRect
FindWindowExA

gdi32

CreateRectRgnIndirect
CombineRgn
GetTextMetricsA
GetTextExtentPoint32W
CreateRectRgn
SelectClipRgn
CreatePen
MoveToEx
LineTo
GetFontUnicodeRanges
GetGlyphIndicesW
GetRegionData
CloseEnhMetaFile
EndDoc
CreateEnhMetaFileW
GetWindowOrgEx
SetWindowExtEx
SelectPalette
GetBkColor
GetViewportOrgEx
GetWorldTransform
SetBkColor
SetViewportExtEx
SetWorldTransform
SetWindowOrgEx
SetViewportOrgEx
CreateCompatibleDC
CreateDIBSection
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
SaveDC
GetStockObject
GetMapMode
LPtoDP
SetMapMode
DPtoLP
GetTextAlign
SetTextAlign
GetBkMode
TextOutW
RestoreDC
GetWindowExtEx
GetViewportExtEx
CreateSolidBrush
GetClipBox
SelectObject
SetBkMode
GetTextColor
SetTextColor
GetCurrentObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CopyEnhMetaFileW
DeleteEnhMetaFile
GetBitmapBits
PtInRegion
GetClipRgn
SetPixel
GetPaletteEntries
GdiFlush
SetDIBColorTable
GetDIBits
GetObjectA
SetDIBits
CreateDIBitmap
RealizePalette
CreatePalette
CreateDCA
ExtTextOutA
GetTextFaceW
CreateCompatibleBitmap

advapi32

RegEnumValueA
RegDeleteKeyA
RegSetKeySecurity
SetFileSecurityA
LookupAccountSidW
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
GetUserNameA
GetTokenInformation
LookupAccountSidA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
GetUserNameW
RegCreateKeyW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCloseKey
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
LockServiceDatabase
CreateServiceA
CloseServiceHandle
UnlockServiceDatabase
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
EnumServicesStatusA
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceStatus
RegCreateKeyExW
RegCreateKeyExA
RegConnectRegistryA
GetLengthSid

shell32

SHGetPathFromIDListW
DragQueryFileA
SHChangeNotify
SHParseDisplayName
SHGetDesktopFolder
SHGetMalloc
DragQueryFileW
SHGetDataFromIDListW
SHGetSpecialFolderPathW
SHGetPathFromIDListA
ShellExecuteExW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoInitializeEx

oleaut32

VarBstrCat
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
SystemTimeToVariantTime
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
DosDateTimeToVariantTime
SysStringLen

ws2_32

send
listen
shutdown
closesocket
connect
WSAGetLastError
recv
ntohs
getpeername
getsockname
getsockopt
htonl
sendto
ntohl
recvfrom
WSAStartup
gethostbyname
WSACleanup
setsockopt
accept
bind
htons
WSAIoctl
socket

winmm

timeKillEvent
timeSetEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

Exports

Exports

AddApplyDocLog
AddApplyDocLog1
AddBurnLog
AddDocBurnLog
AddPassthru
AddUpDlLogEx
DelPassthru
DelSCDTProcesIdentifyTypeInCache
DelSCDTProcesTypeInCache
DelTobeTargetProcessByName
DelTobeTargetProcessByProcID
DelTobeTargetProcessIdentifyByName
DelTobeTargetProcessIdentifyByProcID
ExpandSpecialPath
FreeBuffer
GetCaptureFlags
GetDocInfos
GetDocLogs2
GetDocLogs3
GetDocPolicyLogs
GetIMFTInfos
GetMstscLogs
GetNewProcCmd
GetPortPolicyLogs
GetPortPolicyLogs2
GetPortPolicyLogs3
GetPrintInfos
GetPrintLogs
GetPrintLogs2
GetPrintPolicyLogs
GetProcInfosEx
GetProcInfosEx2
GetSCDTDesktopMode
GetSCDTLogonState
GetSCDTProcesIdentifyTypeInCache
GetSCDTProcesTypeInCache
GetSpecialBurnSetting
GetSpecialToolBurnMode
GetTWMMsgInfo
GetTWMStatus
GetUDiskRigthts
GetUpDownPolicyLogs
GetUrlInfos
GetUrlLogs
GetUrlPolicyLogs
INJInstallDetours
INJUninstallDetours
InitRecordMgr
InitSCDTShareInfo
InitShareInfoMgr
InitUPDLShareMemory
InstallDetours
InstallDetoursModule
InstallDetoursOne
IsDisRemarkBurn
IsDisableBurnFile
IsInSecuDesktop
IsInSecuDesktop2
IsInSecuDesktopPath
IsInTobeTargetProcessByName
IsInTobeTargetProcessByProcID
IsInTobeTargetProcessIdentifyByName
IsInTobeTargetProcessIdentifyByProcID
IsSecuDesktopSDDisk
SetAppCtrlFlag
SetAppInfoKeyTick
SetCDBurnCtrlFlag
SetCDOtherBurnCtrlFlag
SetCDSpecialBurnCtrlFlag
SetCaptureFlags
SetComputer
SetDocBackupFlag
SetDocCtrl
SetDocCtrlFlag
SetDocTick
SetDocWaterMarkFlag
SetFlags
SetIMFTCtrl
SetIMFTCtrlFlag
SetIP
SetIsNeedHookSwitchDesk
SetNetShareWhitePath
SetNetworkStatus
SetOffline
SetPortCtrlFlag
SetPortTick
SetPortableFlags
SetPrintCtrl
SetPrintCtrlFlag
SetPrintPageCtrlFlag
SetPrintPageTick
SetPrintTick
SetProcCtrl
SetProcCtrl2
SetProduct
SetProtectdIPAndPort
SetSCDTCtrlFlag
SetSCDTDesktopMode
SetSCDTLogonState
SetSCDTProcesIdentifyTypeInCache
SetSCDTProcesTypeInCache
SetSCIOutSendCtrlFlag
SetSpecialBurnToolFlag
SetStatus
SetTIjtNecessity
SetTIjtNecessityTick
SetTWMMsgInfo
SetTWMStatus
SetTobeTargetProcessByName
SetTobeTargetProcessByProcID
SetTobeTargetProcessIdentifyByName
SetTobeTargetProcessIdentifyByProcID
SetUDiskCtrlFlag
SetUDiskTick
SetUDiskVols
SetUDiskVols2
SetUpDownCtrlFlag
SetUpDownTick
SetUrlClsidsTick
SetUrlCtrl
SetUrlCtrlFlag
SetUrlTick
SetUser
SetUserID
SetWPDCtrlFlag
TSetLogConfig
UninstallDetours
UninstallDetoursOne
UpdateSandboxProcessFileRegPolicy
UpdateSandboxProcessIdentifyFileRegPolicy

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 865KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

whadntds
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLCONFIG
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc577bcb25e25ddefcd6dfbacadc0e55

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winmm

version

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 865KB - Virtual size: 864KB

.data Size: 205KB - Virtual size: 433KB

whadntds Size: 1.2MB - Virtual size: 1.2MB

TLCONFIG Size: 512B - Virtual size: 276B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 243KB - Virtual size: 242KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 865KB - Virtual size: 864KB

.data
Size: 205KB - Virtual size: 433KB

whadntds
Size: 1.2MB - Virtual size: 1.2MB

TLCONFIG
Size: 512B - Virtual size: 276B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 243KB - Virtual size: 242KB