11d6f86c338dcaf071c9e811b3ca819baadfac04a65e12bc53e062373acebe62

Sharing

Copy URL Twitter E-mail

General

Target

11d6f86c338dcaf071c9e811b3ca819baadfac04a65e12bc53e062373acebe62
Size

860KB
MD5

b7a9e4d3364830237bd0f5f3a4908157
SHA1

c3b5cb8be3cc8b7b888a1e33c1e029f472ad6987
SHA256

11d6f86c338dcaf071c9e811b3ca819baadfac04a65e12bc53e062373acebe62
SHA512

65b99e6bc5474ba506a114764b0553f1f22e65d38424efcc49fb7f4ef631b3d09bdb610be61543f59e630e134009a08cfc0b76871abe9a3b48c10a1ee16d50b0
SSDEEP

12288:7dU8Otnc4vRhZ66WhzINKygiJVYQ3onMfTbEzB+PcUCbr8a2hr:yLncM4zIsygwp3QM3EOcUG8TR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d6f86c338dcaf071c9e811b3ca819baadfac04a65e12bc53e062373acebe62

Files

11d6f86c338dcaf071c9e811b3ca819baadfac04a65e12bc53e062373acebe62
.dll windows:5 windows x64 arch:x64

c8016cff8623f85456fba91f53cb9796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\WorkshopAgent\DevelopProj\Code\V4\OPPO\4.72.513.1301\Bin\Release\winoauv364.pdb

Imports

kernel32

CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
CancelIo
GetOverlappedResult
OpenSemaphoreW
GetProcessHeap
SetEndOfFile
SetEvent
CreateEventW
GetWindowsDirectoryW
WriteConsoleW
GetStdHandle
AllocConsole
FreeConsole
WriteFile
SetFilePointer
GetProfileStringW
ResetEvent
GetVersion
CreateDirectoryW
MoveFileW
Sleep
DeleteFileW
RemoveDirectoryW
lstrcmpW
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateThread
GetSystemDirectoryW
GetFileInformationByHandle
CreateFileA
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
IsBadReadPtr
GetLocalTime
CopyFileW
TerminateThread
GetExitCodeThread
OutputDebugStringW
GetModuleFileNameW
WaitForSingleObject
GetCurrentThreadId
LoadLibraryA
FreeLibrary
MoveFileExW
CreateFileW
CompareFileTime
GetTickCount
GetFileAttributesW
LoadLibraryExW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateMutexW
OpenMutexW
CloseHandle
lstrlenA
LoadResource
lstrlenW
GetVersionExW
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForMultipleObjects
SuspendThread
ResumeThread
SetThreadPriority
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessA
CreateProcessW
TerminateProcess
GetCommandLineA
SetLastError
GetModuleFileNameA
GetEnvironmentVariableW
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
OpenFileMappingW
ReadFile
EncodePointer
DecodePointer
HeapAlloc
HeapFree
FlsSetValue
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
GetSystemInfo
DeviceIoControl
OpenEventW
GetLogicalDrives
QueryDosDeviceW
GetCurrentProcess
OpenProcess
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLastError
GetCurrentProcessId
FindResourceExW
LocalFree

user32

SetWindowLongPtrW
CreateWindowExW
RegisterClassW
FindWindowW
SendMessageW
GetDesktopWindow
DefWindowProcW
PostMessageW
DestroyWindow
CloseWindow
SetWindowTextW
GetSystemMetrics
FindWindowExW
GetWindowThreadProcessId
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
CloseDesktop
OpenInputDesktop
GetUserObjectInformationW
GetWindowLongPtrW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
MessageBoxW
EnumDesktopsW
PostThreadMessageW
GetMessageW
SetActiveWindow
ShowWindow
EnumWindows
GetWindowLongW
GetClassNameW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterWindowMessageW
SendMessageTimeoutW

advapi32

RegCloseKey
ReportEventW
DeregisterEventSource
UnlockServiceDatabase
LockServiceDatabase
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
GetUserNameW
SetSecurityDescriptorDacl
GetAce
RegSetValueExA
RegOpenKeyExA
RegCreateKeyW
RegQueryValueExA
RegQueryValueExW
RegisterEventSourceW
RegSetValueExW
RegOpenKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
QueryServiceStatus

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

ws2_32

send
ntohl
inet_addr
recv
htonl
WSAStartup
sendto
WSAGetLastError
inet_ntoa
accept
WSACleanup
setsockopt
recvfrom
bind
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
ntohs
getpeername
getsockname
getsockopt

Exports

Exports

RunAgentU64

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8016cff8623f85456fba91f53cb9796

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ws2_32

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 478KB

.rdata Size: 246KB - Virtual size: 245KB

.data Size: 85KB - Virtual size: 114KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 479KB - Virtual size: 478KB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 85KB - Virtual size: 114KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB