uRUSTJAVIr[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

uRUSTJAVIr.exe
Size

8.3MB
MD5

239c0e781b4138225c02c8fe33f6a85e
SHA1

87b221c45c505929fe2d33eefdeccacbb028a78e
SHA256

d5d38d106294fd65d72c6f6a44d20ab9e3ae02e9cac5e5e884afd57397d1b5fb
SHA512

97b668cf0ab3f6064fbcb9f7da5a0ff3c4f6a8786ddc42ffef5d5becced37a2177e947c58dba2017f4a9bb20f864f84f5307b3e70e1595656634a1d0ba605f99
SSDEEP

196608:N7FV4lHlWAmtBQdoIQPZzcRyDeXBRODlcDHSU8N:JIuAm7K2GIDbcbz

Score

N/A

Malware Config

Signatures

Files

uRUSTJAVIr.exe
.exe windows x86

7cfab2b76e3fb57a7779d03d66220745

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
GlobalAddAtomA
Process32First
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
K32GetModuleFileNameExA
IsBadCodePtr
SleepEx
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
ExitProcess
OpenProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
HeapFree
HeapAlloc
ReadFile
GetFileSizeEx
CreateFileA
CloseHandle
WaitForSingleObject
WriteProcessMemory
GetThreadId
GetProcAddress
VirtualProtectEx
LoadLibraryA
GetModuleHandleA
Sleep
InitializeSListHead
VirtualProtect
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadCursorA
GetKeyState
GetCursorPos
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
GetSystemMetrics
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
PostQuitMessage
ReleaseDC
DispatchMessageA
GetIconInfo
RegisterClassExA
ReleaseCapture
MessageBoxA
IsWindowUnicode
GetDC
SetClipboardData
CharUpperBuffW

gdi32

GetObjectA
DeleteObject
GetDIBits

advapi32

GetUserNameA

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?uncaught_exceptions@std@@YAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

vcruntime140

_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
_setjmp3
memchr
memmove
memcpy
longjmp
strrchr
strstr
__std_exception_copy
__std_exception_destroy
__std_terminate
__CxxFrameHandler3
memset

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
toupper
tolower

api-ms-win-crt-math-l1-1-0

_fdsign
_dsign
_CIfmod
_dclass
_fdclass
_ldclass
__setusermatherr
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
_ldsign

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_invalid_parameter_noinfo_noreturn
_controlfp_s
_initterm_e
_initialize_onexit_table
_register_onexit_function
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

fflush
__p__commode
ftell
__acrt_iob_func
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fclose
fseek
__stdio_common_vfprintf

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

under

Sections

.under-5
Size: - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.under-4
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.under-1
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.under-1
Size: - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.under-6
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-7
Size: - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-2
Size: - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-1
Size: - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-2
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-3
Size: - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.under-2
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.under-2
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-5
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.under-3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.under-8
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.under-8
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cfab2b76e3fb57a7779d03d66220745

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

d3d9

d3dx9_43

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.under-5 Size: - Virtual size: 678KB

.under-4 Size: - Virtual size: 1B

.under-1 Size: - Virtual size: 1B

.under-1 Size: - Virtual size: 411KB

.under-6 Size: - Virtual size: 224KB

.under-7 Size: - Virtual size: 1B

.under-2 Size: - Virtual size: 80B

.under-1 Size: - Virtual size: 1B

.under-2 Size: 512B - Virtual size: 96B

.under-3 Size: - Virtual size: 488B

.under-2 Size: - Virtual size: 15KB

.under-2 Size: - Virtual size: 6.0MB

.under-5 Size: - Virtual size: 3.5MB

.under-3 Size: 2KB - Virtual size: 2KB

.under-8 Size: 8.3MB - Virtual size: 8.3MB

.under-8 Size: 512B - Virtual size: 480B

.under-5
Size: - Virtual size: 678KB

.under-4
Size: - Virtual size: 1B

.under-1
Size: - Virtual size: 1B

.under-1
Size: - Virtual size: 411KB

.under-6
Size: - Virtual size: 224KB

.under-7
Size: - Virtual size: 1B

.under-2
Size: - Virtual size: 80B

.under-1
Size: - Virtual size: 1B

.under-2
Size: 512B - Virtual size: 96B

.under-3
Size: - Virtual size: 488B

.under-2
Size: - Virtual size: 15KB

.under-2
Size: - Virtual size: 6.0MB

.under-5
Size: - Virtual size: 3.5MB

.under-3
Size: 2KB - Virtual size: 2KB

.under-8
Size: 8.3MB - Virtual size: 8.3MB

.under-8
Size: 512B - Virtual size: 480B