UIHelper[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

UIHelper.dll
Size

98KB
MD5

e12e500fb3fcf43f1d0913250a040e2d
SHA1

2ef5510eb947b243bfb3195954ebb6121734f61c
SHA256

ce84a30f3c39fc4e3a42c374f084b9063e521d3f31b17329cacb0f3da5e9bb06
SHA512

bcbe250bbbd6b47e60ac667f2fa280abd7717f045fe17c46d9e0bc43391b849f694bf41db87fe27c11c2e8cdbc2ef61a11318858ac9c245b9a67008b47aebe97
SSDEEP

3072:5xWvHRu6LXJOqHFJJ1NZE1/xlCppfbDhiJ:CfRuuXwq9ZE1bCppC

Score

N/A

Malware Config

Signatures

Files

UIHelper.dll
.dll regsvr32 windows x86

66f5d1ca71ffbaa3d7543021320530df

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/11/2004, 00:00

Not After

21/11/2005, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:47:51:06:c3:c6:5d:63:6b:ab:c7:4d:e3:7d:fe:52:a3:2d:8d:ad
Signer

Actual PE Digest

81:47:51:06:c3:c6:5d:63:6b:ab:c7:4d:e3:7d:fe:52:a3:2d:8d:ad

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

15/12/2022, 13:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcatA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesA
CloseHandle
GetCurrentThread
GetCurrentProcess
SetLastError
OpenProcess
GetWindowsDirectoryA
GetShortPathNameA
lstrcpynA
LockResource
FindResourceExA
LoadLibraryA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LocalAlloc
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
lstrcmpiA
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
GetProcAddress
LoadLibraryExA
lstrlenA
lstrcpyA

user32

wsprintfA
GetShellWindow
GetParent
GetWindowLongA
GetWindowThreadProcessId
CharNextA
EnumThreadWindows
EnumChildWindows
IsWindow
GetClassNameA
IsWindowEnabled
IsWindowVisible

advapi32

GetTokenInformation
IsValidSid
EqualSid
FreeSid
SetThreadToken
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RevertToSelf
OpenThreadToken
CreateProcessAsUserA
AllocateAndInitializeSid

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromString
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VariantInit
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr

shlwapi

PathAddBackslashA
PathAppendA
UrlCanonicalizeA
PathFindExtensionA
PathRemoveBackslashA

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr71

??1type_info@@UAE@XZ
_onexit
__dllonexit
_wcsnicmp
_wcsdup
__security_error_handler
_callnewh
wcsncpy
_mbsrchr
_mbschr
_mbsstr
_mbsicmp
atoi
?terminate@@YAXXZ
_vscprintf
wcsrchr
_wtol
memmove
wcslen
wcscmp
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcscpy
strlen
memcmp
realloc
_initterm
_adjust_fdiv
__CppXcptFilter
vsprintf
__CxxFrameHandler
memset
??3@YAXPAX@Z
strcat
_stricmp
_splitpath
_mbsnbcpy
malloc
free
_resetstkoflw
_except_handler3
memcpy
_CxxThrowException
??_V@YAXPAX@Z
_purecall

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetFactory
GetObjectCount

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66f5d1ca71ffbaa3d7543021320530df

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2Certificate

Extended Key Usages

Key Usages

81:47:51:06:c3:c6:5d:63:6b:ab:c7:4d:e3:7d:fe:52:a3:2d:8d:adSigner

Signature Validations

Verification

15/12/2022, 13:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

urlmon

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 6KB - Virtual size: 5KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

81:47:51:06:c3:c6:5d:63:6b:ab:c7:4d:e3:7d:fe:52:a3:2d:8d:ad
Signer

15/12/2022, 13:51
Valid: false

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 5KB