uuu[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

uuu.exe.7z
Size

511KB
MD5

1a740649eec87be1cfa93c602770f4ff
SHA1

166803e4f70ea02a6117483b1c39c8de9c31258e
SHA256

8ac67c7fa66c3214aba7a3bd648bd898134e3a44ad2965faf60d0c4b10297fbb
SHA512

a34af8c28f4c945824afd32e9fd7551dd0c16b899093db07c7dd02d489b50f3dc081f855d645025bac46b0c8679a6c5617b850f03c680478815b1b48255d313b
SSDEEP

12288:K1E///nzuEC7PpAw62Y9Hs0UUqW9TYbUJuMI0/iFsj+oe:WOnI7Bh62Yl92U40/iSO

Score

1^/10

Malware Config

Signatures

Files

uuu.exe.7z
.7z

Password: infected
uuu.exe
.exe windows x64

Password: infected

e50208694806f38263053001a57ee179

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
FindFirstFileA
DeviceIoControl
FindNextFileA
SetThreadPriority
WaitForSingleObject
UnmapViewOfFile
GetStdHandle
CreateFileA
SetEvent
CloseHandle
ResetEvent
CreateFileMappingA
CreateEventA
MapViewOfFile
GetConsoleScreenBufferInfo
SetConsoleMode
GetModuleHandleA
GetLastError
GetModuleFileNameA
GetOverlappedResult
CancelIo
CreateSemaphoreA
FormatMessageA
VerSetConditionMask
GetVersionExA
LoadLibraryA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateProcessA
SetFilePointerEx
ExitThread
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
ReadFile
ReadConsoleW
GetConsoleCP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
SetEndOfFile
GetTimeZoneInformation
FindClose
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
WriteConsoleW
InitializeCriticalSection
SleepEx
WaitForMultipleObjects
VerifyVersionInfoA
TerminateThread
RtlUnwind

advapi32

OpenServiceA
CloseServiceHandle
RegSetKeyValueA
OpenSCManagerW

winhttp

WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e50208694806f38263053001a57ee179

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

winhttp

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 330KB - Virtual size: 329KB

.data Size: 23KB - Virtual size: 34KB

.pdata Size: 44KB - Virtual size: 43KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 330KB - Virtual size: 329KB

.data
Size: 23KB - Virtual size: 34KB

.pdata
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 7KB