ea599557798a9db67d8a134b24fa2021c961f7f02efa533646f4b658e1aaa7ed

Sharing

Copy URL Twitter E-mail

General

Target

ea599557798a9db67d8a134b24fa2021c961f7f02efa533646f4b658e1aaa7ed
Size

1.8MB
MD5

5221a17c351844009c61a7531e03f15a
SHA1

74c89847bf6649f4f70345687c80ab91a30ec1fd
SHA256

ea599557798a9db67d8a134b24fa2021c961f7f02efa533646f4b658e1aaa7ed
SHA512

52a641b81d6b4dcee70ce122bffcb08826636e84f9478a6e354a5c628a9f13c33a1267e88161d06af079aea414c13ab9445fc25546a9957c613fe1a897e3df77
SSDEEP

49152:8c+Ttae7R2kFNdgCQYS9mr4T2uEFw9+K:k4UHu5f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea599557798a9db67d8a134b24fa2021c961f7f02efa533646f4b658e1aaa7ed

Files

ea599557798a9db67d8a134b24fa2021c961f7f02efa533646f4b658e1aaa7ed
.dll windows:5 windows x64 arch:x64

85ab176434dca29bd65a271946d9ee18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\WorkshopAgent\DevelopProj2\IMHOOK\20221208_OPPO_IPG-27538_V4.72.507.8277_B4.72.507.8276\Bin\Release\winimhc364.pdb

Imports

kernel32

GlobalFindAtomW
FreeResource
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
ExitThread
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
GetVersionExW
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LoadLibraryA
GetVersionExA
GlobalFlags
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
GlobalGetAtomNameW
CompareStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
GetProcessHeap
QueryDosDeviceA
DefineDosDeviceW
GetDiskFreeSpaceExW
SetVolumeLabelW
GetLogicalDrives
GetVersion
PulseEvent
SleepEx
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
CancelIo
GetOverlappedResult
OpenSemaphoreW
OpenEventW
FormatMessageA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetTempPathA
CopyFileA
MoveFileExA
MoveFileExW
RemoveDirectoryA
CreateDirectoryW
CreateDirectoryA
MoveFileA
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryA
FindResourceExW
EnumResourceNamesW
EnumResourceTypesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileMappingA
GetLocalTime
AllocConsole
FreeConsole
OutputDebugStringW
GetExitCodeThread
TerminateThread
ResetEvent
TlsAlloc
TlsGetValue
LocalAlloc
GlobalAddAtomW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
WaitForMultipleObjects
CreateEventW
ReleaseSemaphore
CreateSemaphoreW
lstrlenA
lstrcmpA
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
VirtualProtect
WriteProcessMemory
WaitForSingleObject
ReleaseMutex
SetLastError
CreateMutexW
OpenMutexW
IsBadStringPtrW
IsBadReadPtr
GetPrivateProfileStringW
GetProfileStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
FindResourceW
LoadResource
LockResource
SizeofResource
IsBadWritePtr
GetEnvironmentVariableW
GetTempPathW
GetFileSize
CreateFileMappingW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTickCount
Sleep
GetCommandLineW
MoveFileW
CopyFileW
GetFileAttributesW
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
DeleteFileW
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetLastError
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetModuleHandleW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetModuleFileNameA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetProcAddress
EnumSystemLocalesA

user32

BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
SetActiveWindow
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CheckRadioButton
SendMessageW
FindWindowExW
GetClassNameW
PtInRect
SetWindowTextW
DeleteMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
UnionRect
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassLongPtrW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageW
LoadIconW
CallWindowProcW
CheckDlgButton
GetParent
GetWindowRect
GetWindow
GetWindowLongW
GetWindowThreadProcessId
GetDesktopWindow
GetForegroundWindow
EnumWindows
RegisterWindowMessageW
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
GetUserObjectInformationW
CloseWindowStation
SendDlgItemMessageA
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
MoveWindow
ShowWindow
ScrollWindowEx
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
SetRectEmpty
InvalidateRect
GetDialogBaseUnits
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
SetTimer
KillTimer
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
SetCapture
LockWindowUpdate
IsWindow
GetDCEx
wsprintfW
MessageBoxW
EnumDesktopWindows
GetWindowTextA
GetWindowTextW
InternalGetWindowText
IsWindowVisible
GetIconInfoExW
GetCursorInfo
CallNextHookEx
SetWindowsHookExW
GetAsyncKeyState
PostMessageW
GetDlgItem
GetFocus
UnhookWindowsHookEx
DispatchMessageW
PeekMessageW
EnumChildWindows
GetDlgCtrlID
RemoveMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
SetParent
GetSystemMenu
GrayStringW
IsRectEmpty
InsertMenuW
AppendMenuW
GetMenuStringW
GetMenuState
UnregisterClassW
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
MsgWaitForMultipleObjects
CharUpperW
GetSystemMetrics

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
ExtTextOutW
RectVisible
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
PlayMetaFileRecord
TextOutW
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
GetBitmapBits
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
GetObjectType
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
RegConnectRegistryW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueW
RegSetValueExW
RegOpenKeyW
GetUserNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
OpenServiceW

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
ExtractIconW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit

ws2_32

recv
send
getsockopt
getsockname
getpeername
ntohl
ntohs
listen
sendto
closesocket
connect
socket
WSAIoctl
htons
htonl
bind
accept
setsockopt
WSACleanup
WSAStartup
WSAGetLastError
recvfrom
shutdown

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

?QueryInterface@@YAPEAXK@Z
CLearInvalidIMControlData
CheckIMType
DbgInfo
GetIMControlData
GetIMType
INJSetThreadHookFlag
InitShareSeg
SetCtrlIMFlagType
SetHook
SetIMAgentInfo
SetIMTypeHooked
SetNotRecordContentType
SetPhotoFlagType
SetPhotoWarningFlag
SetPhotoWarningFlagEX
SetPolicyBySocket
StopIMCModule
UnSetHook

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.IMContr
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IMHookC
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Desktop
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85ab176434dca29bd65a271946d9ee18

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

oleacc

version

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 403KB - Virtual size: 403KB

.data Size: 80KB - Virtual size: 147KB

.pdata Size: 93KB - Virtual size: 92KB

.IMContr Size: 7KB - Virtual size: 6KB

.IMHookC Size: 1024B - Virtual size: 816B

.Desktop Size: 6KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 403KB - Virtual size: 403KB

.data
Size: 80KB - Virtual size: 147KB

.pdata
Size: 93KB - Virtual size: 92KB

.IMContr
Size: 7KB - Virtual size: 6KB

.IMHookC
Size: 1024B - Virtual size: 816B

.Desktop
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 25KB - Virtual size: 25KB