7b00deffcd9a8fe8c933ae36eedcf70608c45c0997410a6a8e76c96b185062f5

Sharing

Copy URL

Twitter E-mail

General

Target

7b00deffcd9a8fe8c933ae36eedcf70608c45c0997410a6a8e76c96b185062f5
Size

1.9MB
MD5

3e83e1346658c903553c0a8770f2bd72
SHA1

5bf8504e69d10554c344bcd6f4931e09fec8f5a8
SHA256

7b00deffcd9a8fe8c933ae36eedcf70608c45c0997410a6a8e76c96b185062f5
SHA512

2e4565bb16cac61c3307e72683f39b5882430b18e49b900fb00f83411b2697a05b8296bb297fba54329a5b36e7ff71fac6cf20b32012781c1b1942603c2f8251
SSDEEP

49152:kwW71Onx6Nh5vLZSawCSFLWJ6p5k9OrbzWoOSzSUEq7vyJJ/S:eNFaWJ6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b00deffcd9a8fe8c933ae36eedcf70608c45c0997410a6a8e76c96b185062f5

Files

7b00deffcd9a8fe8c933ae36eedcf70608c45c0997410a6a8e76c96b185062f5
.dll windows:5 windows x64 arch:x64

3cb5c117530d9574745d4082221b81d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\WorkshopAgent\DevelopProj2\IMHOOK\20221208_OPPO_IPG-27538_V4.72.507.8277_B4.72.507.8276\Bin\Release\winimhca64.pdb

Imports

kernel32

GetTempPathW
VirtualProtect
GetLongPathNameW
GetLongPathNameA
GetDriveTypeA
GetFullPathNameW
GetFullPathNameA
GetVersionExW
GetWindowsDirectoryA
GetSystemDirectoryA
WriteConsoleW
GetStdHandle
OutputDebugStringA
OutputDebugStringW
FreeConsole
AllocConsole
OpenProcess
VirtualQueryEx
VirtualProtectEx
IsBadReadPtr
SetLastError
GetLastError
GetWindowsDirectoryW
GlobalSize
GlobalFree
CreateFileW
DeviceIoControl
SetFilePointer
SetEndOfFile
SetFileTime
CopyFileW
LoadLibraryA
GetCurrentThreadId
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetPrivateProfileStringW
GetProfileStringW
GetCurrentProcessId
CreateFileMappingW
GetExitCodeThread
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDriveStringsW
lstrcmpW
QueryDosDeviceA
DefineDosDeviceW
SetVolumeLabelW
GetVolumeInformationW
GetLogicalDrives
LocalAlloc
lstrcmpA
GetVersion
UnlockFile
LockFile
GetExitCodeProcess
GetThreadPriority
GetPriorityClass
SetPriorityClass
CreateProcessW
CreateProcessA
GetSystemInfo
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
CancelIo
GetOverlappedResult
OpenSemaphoreW
OpenEventW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryDosDeviceW
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetFileAttributesExW
GetProcAddress
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetModuleHandleW
WideCharToMultiByte
GetCurrentDirectoryA
GetFileAttributesW
WriteFile
Sleep
MultiByteToWideChar
CreateEventW
SetEvent
CompareFileTime
GetEnvironmentVariableW
IsBadWritePtr
WaitForSingleObject
GetFileSize
ReadFile
GlobalFlags
GetFileType
CreateThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
FreeLibrary
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LoadLibraryW
IsBadStringPtrW
SetHandleCount
GetProcessHeap
SystemTimeToFileTime
LCMapStringA
LCMapStringW
LocalFileTimeToFileTime
DuplicateHandle
GetFileTime
lstrcpyW
lstrcpynW
GetUserDefaultLCID
GetStringTypeW
GetTimeZoneInformation
HeapDestroy
HeapCreate
GetStringTypeA
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrlenA
LoadResource
FindResourceExW
lstrlenW
LocalFree
FormatMessageA
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
PulseEvent
ResetEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
LoadLibraryExW
FreeResource
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
VirtualQuery
LockResource
SizeofResource
CreateFileMappingA
GetFileAttributesA
GetModuleFileNameA
SetFileAttributesA
DeleteFileA
SetFileAttributesW
MoveFileA
MoveFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
MoveFileExW
MoveFileExA
CopyFileA
GetTempPathA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OpenMutexW
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
HeapFree
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
IsValidCodePage
HeapAlloc
HeapSize
ExitProcess
HeapSetInformation
GetStartupInfoA

user32

GetWindowThreadProcessId
EnumClipboardFormats
SetClipboardData
RegisterClipboardFormatW
RegisterWindowMessageW
SetFocus
GetForegroundWindow
InternalGetWindowText
EnumDesktopWindows
IsWindowVisible
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
CloseDesktop
FillRect
LoadCursorW
SetCursor
IsWindow
GetSystemMetrics
GetPriorityClipboardFormat
InvalidateRect
ShowWindow
SetCaretPos
TranslateMessage
DispatchMessageW
EmptyClipboard
SetWindowPos
CharUpperW
CallWindowProcW
GetInputState
GetWindowRect
GetCaretPos
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
MsgWaitForMultipleObjects
wsprintfW
GetDesktopWindow
SetTimer
GetFocus
GetParent
GetWindowLongW
GetScrollInfo
WindowFromDC
GetWindowTextW
GetWindowTextA
GetClassNameW
GetKeyboardState
SetKeyboardState
GetClipboardData
GetClipboardFormatNameW
LoadImageW
FindWindowExW
GetCursorPos
WindowFromPoint
KillTimer
SendMessageW
GetDC
ReleaseDC
MessageBoxW
PostMessageW
PostThreadMessageW

gdi32

GetCurrentObject
GetEnhMetaFileHeader
DeleteEnhMetaFile
CreateSolidBrush
PlayEnhMetaFile
GetDIBits
SetDIBits
CreateDIBSection
SetDIBColorTable
SetStretchBltMode
StretchBlt
GdiFlush
GetStockObject
GetPaletteEntries
SetPixel
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetObjectW
GetViewportOrgEx
GetClipBox
DeleteObject
GetDeviceCaps
GetBitmapBits

advapi32

QueryServiceStatus
SetFileSecurityW
GetUserNameW
GetTokenInformation
LookupAccountSidW
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExA
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExA
RegEnumValueW
RegCreateKeyA
RegCreateKeyExA
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenKeyA
InitializeSecurityDescriptor
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegSetKeySecurity

shell32

SHParseDisplayName
DragQueryFileW
DragQueryPoint
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

oleaut32

DosDateTimeToVariantTime
SysFreeString

gdiplus

GdiplusStartup
GdiplusShutdown

ws2_32

WSACleanup
WSAStartup
setsockopt
accept
bind
htonl
htons
WSAIoctl
socket
connect
closesocket
shutdown
listen
ntohs
ntohl
getpeername
getsockname
getsockopt
send
recv
sendto
recvfrom
WSAGetLastError

shlwapi

SHCreateStreamOnFileEx

mpr

WNetGetConnectionW
WNetGetConnectionA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

comdlg32

GetFileTitleW

Exports

Exports

?QueryInterface@@YAPEAXK@Z
DealWXWorkData
DuiSpyStart
DuiSpyStop
GetDingTalkSelfInfo
GetFeiQDBPath
GetLxSelfInfo
GetSkypeSelfInfo
GetWXWorkSelfInfo
GetWXWorkSelfInfo2
GetWhatsAppSelfInfo
GetWxWorkChatMode
IMHAInit
IMHAOption
IMWndActivated
INJInstallDetours
INJUninstallDetours
InitGDI
InstallDetours
InstallDetoursOne
ModifyPassthruThread
SetAgentInfo
SetCtrlPhotoFlag
SetDocFlowTraceRule
SetDocWaterMarkRule
SetFlags
SetHaveIMFileCtrlFlag
SetHaveIMFilePolicyFlag
SetIMInnerType
SetLineCopyInfo
SetRecordPhotoFlag
SetStatus
SetTIMCopyInfo
SetWXWorkSelfInfo
SetWXWorkType
SetWXWorkVersionType
SyncIMWnd
TIMDoOnceCopy
TencentUserNameSet
TencentWindowClose
TencentWindowCloseGetBuf
UninstallDetours
UninstallDetoursOne

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cb5c117530d9574745d4082221b81d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

ws2_32

shlwapi

mpr

version

comdlg32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 455KB - Virtual size: 455KB

.data Size: 87KB - Virtual size: 255KB

.pdata Size: 96KB - Virtual size: 95KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 455KB - Virtual size: 455KB

.data
Size: 87KB - Virtual size: 255KB

.pdata
Size: 96KB - Virtual size: 95KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB