c5fa1404d3366d14dff4ac8b960adf052ce6d167ce00fff8bee8372040295b4c

Sharing

Copy URL Twitter E-mail

General

Target

c5fa1404d3366d14dff4ac8b960adf052ce6d167ce00fff8bee8372040295b4c
Size

1.5MB
MD5

877d15ca2c066e2f778a1c2014038ca5
SHA1

3f610e86337af5f5bc7509bb076f6873a92176a1
SHA256

c5fa1404d3366d14dff4ac8b960adf052ce6d167ce00fff8bee8372040295b4c
SHA512

c7291e62c7bcc7da6f72ea321ba4983603337178017a8297c2123269660430755e42e5ca47f4659a3bab23102ed3ef442afaa57784669b17183b6f4e62adc96c
SSDEEP

49152:yMWJAtspI46GVLopxQ7V2r6Tw3iaTyELMT:AnIFka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5fa1404d3366d14dff4ac8b960adf052ce6d167ce00fff8bee8372040295b4c

Files

c5fa1404d3366d14dff4ac8b960adf052ce6d167ce00fff8bee8372040295b4c
.dll windows:5 windows x64 arch:x64

9d4527643dff84ae4666ae9ec6307f14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\WorkshopAgent\DevelopProj2\Prerelease\IM\PreRelease\Bin\Release\winimhs364.pdb

Imports

winimhc364

SetPhotoWarningFlagEX
SetPolicyBySocket
SetPhotoWarningFlag
SetPhotoFlagType
SetNotRecordContentType
SetCtrlIMFlagType
SetIMAgentInfo
DbgInfo
StopIMCModule
SetIMTypeHooked

kernel32

GetVersionExW
GlobalFindAtomW
FreeResource
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
ExitThread
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
LoadLibraryA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetTempPathW
GetTempPathA
CopyFileA
MoveFileExA
MoveFileExW
RemoveDirectoryA
CreateDirectoryW
CreateDirectoryA
MoveFileA
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryA
FormatMessageA
FindResourceExW
EnumResourceNamesW
EnumResourceTypesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
VirtualProtect
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileMappingA
GetLocalTime
AllocConsole
FreeConsole
OutputDebugStringW
GetExitCodeThread
WaitForMultipleObjects
TerminateThread
ResetEvent
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ReleaseMutex
GetVersion
GetLogicalDrives
SetVolumeLabelW
GetDiskFreeSpaceExW
DefineDosDeviceW
QueryDosDeviceA
CreateSemaphoreW
ReleaseSemaphore
GetProcessHeap
GetVersionExA
GlobalFlags
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
GlobalGetAtomNameW
CompareStringW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalAddAtomW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
lstrlenA
lstrcmpA
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
FreeLibrary
CreateMutexW
GetEnvironmentVariableA
IsBadReadPtr
OpenMutexW
GetFileSize
CreateFileMappingW
GetLogicalDriveStringsW
QueryDosDeviceW
Sleep
GetFileAttributesW
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetLastError
LoadLibraryW
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
WideCharToMultiByte
WaitForSingleObject
GetPrivateProfileStringW
GetProfileStringW
CreateFileW
ReadFile
GetTickCount
CopyFileW
SetFilePointer
SetEndOfFile
WriteFile
DeleteFileW
MoveFileW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
FormatMessageW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetCurrentProcessId
GetModuleFileNameW
GetModuleFileNameA
GetWindowsDirectoryW
GetSystemDirectoryW
GetConsoleMode

user32

SetFocus
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
IsWindow
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
PtInRect
SetWindowTextW
EndPaint
BeginPaint
CheckRadioButton
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DeleteMenu
GetWindowTextLengthW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
RemovePropW
GetPropW
SetPropW
GetClassLongPtrW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageW
SendDlgItemMessageA
LoadIconW
SetWindowPos
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
MsgWaitForMultipleObjects
GetProcessWindowStation
wsprintfW
PostQuitMessage
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
MoveWindow
ShowWindow
ScrollWindowEx
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
SetRectEmpty
InvalidateRect
GetDialogBaseUnits
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
WindowFromPoint
KillTimer
SetTimer
SetRect
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
LoadMenuW
ReleaseCapture
LoadAcceleratorsW
GetWindowDC
InsertMenuItemW
GetSubMenu
RemoveMenu
GetDlgCtrlID
EnumChildWindows
PostMessageW
GetCursorInfo
GetIconInfoExW
IsWindowVisible
InternalGetWindowText
GetWindowTextW
GetWindowTextA
EnumDesktopWindows
MessageBoxW
SetProcessWindowStation
CloseWindowStation
GetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
CloseDesktop
EnumDesktopsW
OpenWindowStationW
SetWindowsHookExW
CallNextHookEx
RegisterWindowMessageW
EnumWindows
GetForegroundWindow
GetDesktopWindow
GetWindowThreadProcessId
GetWindowLongW
GetWindow
GetWindowRect
GetParent
GetClassNameW
FindWindowExW
UpdateWindow

gdi32

GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
GetClipRgn
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
SelectClipPath
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
CreateDIBPatternBrushPt
CreateRectRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
PolyDraw
GetBitmapBits
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueW
RegSetValueExW
RegOpenKeyW
GetUserNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenKeyA
RegConnectRegistryW

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
ExtractIconW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

CoCreateInstance
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CLSIDFromString
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoTaskMemAlloc

oleaut32

VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DebugInfo
GetIMFTLog
ScanIM
SetCtrlIMFlag
SetIMHookLogFlag
SetIMPolicyBySocket
SetIMType
SetNotRecordContent
SetPhotoFlag
SetPhotoWarning
SetPhotoWarningEX
SetRecordFlag
SetUserInfo
StartIMHook
StopIMHook
SyncTime

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d4527643dff84ae4666ae9ec6307f14

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winimhc364

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oleacc

version

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 346KB - Virtual size: 345KB

.data Size: 78KB - Virtual size: 118KB

.pdata Size: 80KB - Virtual size: 80KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 346KB - Virtual size: 345KB

.data
Size: 78KB - Virtual size: 118KB

.pdata
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 24KB - Virtual size: 24KB