5e8d34b819cbc14700a7f12713074e17585790c3ae8817bbe4a544febdf72e8a

Sharing

Copy URL Twitter E-mail

General

Target

5e8d34b819cbc14700a7f12713074e17585790c3ae8817bbe4a544febdf72e8a
Size

1.2MB
MD5

ea6ddb8eb87213099bba1c6b772cc1b5
SHA1

38c311220dbeb86c0a9c9ba8f92af8f39ad9d5db
SHA256

5e8d34b819cbc14700a7f12713074e17585790c3ae8817bbe4a544febdf72e8a
SHA512

35458c358fa48cb51fb4b8a039991d98d5b14e3e7bbeaf93fb4430980658052dec1d0dc6038c59e39e433e529fb6cc1fa0e909712d5a76c2b44389b0262c6b21
SSDEEP

24576:gED6n5/VfEOWXyzSIPoBWzowhJmZ2WJ6prPCNgd5Dgwf8+frs4fIH+vgEiiN585G:H65/VfIyzxPKMowhJ3WJ6puNgdxgwE+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e8d34b819cbc14700a7f12713074e17585790c3ae8817bbe4a544febdf72e8a

Files

5e8d34b819cbc14700a7f12713074e17585790c3ae8817bbe4a544febdf72e8a
.dll windows:5 windows x64 arch:x64

76d0ccb9914acac4765b3a49fadad208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\WorkshopAgent\DevelopProj\Code\V4\OPPO\4.72.513.1301\Bin\Release\WinWdgv364.pdb

Imports

setupapi

SetupInstallFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FileTimeToLocalFileTime
MoveFileA
FreeLibrary
GetUserDefaultLangID
GetVersion
GetSystemDefaultLangID
WideCharToMultiByte
GetProfileStringA
SetFilePointer
OutputDebugStringW
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
LoadLibraryExA
LoadLibraryExW
OpenMutexA
CompareFileTime
GetSystemTime
GetWindowsDirectoryA
CreateEventA
CreateMutexA
SetEvent
LocalAlloc
CreateProcessA
lstrcmpiA
TerminateProcess
WaitForMultipleObjects
MultiByteToWideChar
MulDiv
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
CopyFileW
GetDiskFreeSpaceExW
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
CreateFileW
GetFileSize
GetComputerNameA
GetComputerNameW
FlushFileBuffers
CreateDirectoryA
GetFileAttributesExA
GetFileAttributesExW
GetVolumeInformationW
OutputDebugStringA
QueryDosDeviceW
GetDriveTypeA
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeW
VirtualProtectEx
WriteProcessMemory
ReadProcessMemory
VirtualProtect
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
QueryDosDeviceA
DeviceIoControl
ReadFile
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
DeleteFileW
MoveFileExW
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
DeleteFileA
MoveFileExA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryA
GetModuleHandleW
GetFileInformationByHandle
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GetTickCount
FreeResource
GetFileAttributesW
CreateDirectoryW
GetLocalTime
GetCurrentProcessId
CreateFileA
CloseHandle
CopyFileA
GetFileAttributesA
ExpandEnvironmentStringsA
Sleep
GetLastError
GetModuleFileNameA
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryA
IsBadReadPtr
OpenFileMappingA
SetEndOfFile
GetThreadPriority
SizeofResource
LockResource
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceLanguagesA
EnumResourceNamesA
GetPriorityClass
SetPriorityClass
LoadResource
FindResourceExA
lstrlenA
lstrlenW
GetVersionExA
FormatMessageA
GetACP
FormatMessageW
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
PulseEvent
ResetEvent
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
SetLastError
GetSystemDirectoryW
MoveFileW
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsW
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
GetDateFormatA
GetTimeFormatA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
LCMapStringW
HeapSize
ExitProcess
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FatalAppExitA
HeapReAlloc
SetConsoleCtrlHandler
LoadLibraryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
VirtualQueryEx
EnumResourceTypesA

user32

OpenInputDesktop
CloseDesktop
OpenDesktopA
GetThreadDesktop
GetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
EnumChildWindows
EnumWindows
GetWindowLongA
EnumDesktopWindows
GetClassNameW
FindWindowExA
IsWindowVisible
CreateWindowExA
GetClientRect
wsprintfA
GetSystemMetrics
GetUserObjectInformationW
SendMessageA
GetUserObjectInformationA
GetWindowThreadProcessId
AttachThreadInput
ShowWindow
GetWindowLongPtrA
SetWindowPos
SetForegroundWindow
GetWindowTextW
GetWindowTextA
GetParent
SendMessageTimeoutA
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
SetThreadDesktop

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
CreateDCW

advapi32

AddAccessAllowedAce
StartServiceA
OpenSCManagerA
OpenServiceA
RegisterEventSourceW
ControlService
DeleteService
CloseServiceHandle
CreateServiceA
ChangeServiceConfig2A
QueryServiceConfigA
ChangeServiceConfigA
QueryServiceConfig2A
RegCreateKeyExA
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
LookupAccountNameW
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
GetFileSecurityW
SetFileSecurityW
GetFileSecurityA
SetFileSecurityA
RegSetValueExA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegSetValueExW
RegOpenKeyA
RegQueryValueExA
RegCloseKey
DeregisterEventSource
RegSetKeySecurity
LookupAccountSidW
EnumServicesStatusA
QueryServiceStatus
UnlockServiceDatabase
LockServiceDatabase
RegCreateKeyW
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegConnectRegistryA
RegOpenKeyExA
ReportEventW

shell32

SHGetPathFromIDListW

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

SystemTimeToVariantTime
DosDateTimeToVariantTime

Exports

Exports

RunMonitor32
StartBackMonitor
StartMonitor
StopMonitor

Sections

.text
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76d0ccb9914acac4765b3a49fadad208

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 830KB - Virtual size: 829KB

.rdata Size: 278KB - Virtual size: 278KB

.data Size: 83KB - Virtual size: 176KB

.pdata Size: 62KB - Virtual size: 62KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 830KB - Virtual size: 829KB

.rdata
Size: 278KB - Virtual size: 278KB

.data
Size: 83KB - Virtual size: 176KB

.pdata
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB