Static task
static1
General
-
Target
UserOOBEBroker.exe
-
Size
96KB
-
MD5
3d72623a0ff435f3049a496611c58fda
-
SHA1
47d6ff70afcee6ebcd0f5171532a8f591bd2fbc7
-
SHA256
bdc5ae986162cb19b4e868cbcc41c3f31b35c7838fdce0fee1adf39701364a78
-
SHA512
11a4449ba0f14c693bf68aa483a15485dddcaa73f824101e1626bcc604a67cc6ca2e1b36137d3bda0546bf1a4e4ea14e236bffb1b3558314bcc84210693e0315
-
SSDEEP
1536:8rKIub1HJfJhXX53dsJVJn8OvIuUa7afOC0+NeHF+I8eGCU7yQrjn2LV:gKHZh+vIuUaGfOH+olWeGR2QnE
Malware Config
Signatures
Files
-
UserOOBEBroker.exe.exe windows x64
7935a8532f3fc44edfddfd2767678414
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegOpenKeyExW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegCloseKey
kernel32
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
InitOnceBeginInitialize
InitOnceComplete
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitOnceExecuteOnce
EncodePointer
user32
DispatchMessageW
PostThreadMessageW
GetMessageW
TranslateMessage
msvcrt
_wcmdln
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_purecall
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
memcmp
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
_XcptFilter
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memset
api-ms-win-core-com-l1-1-0
StringFromCLSID
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemFree
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
RoOriginateErrorW
oleaut32
SysFreeString
api-ms-win-core-winrt-l1-1-0
RoRevokeActivationFactories
RoRegisterActivationFactories
api-ms-win-core-winrt-string-l1-1-0
WindowsIsStringEmpty
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateString
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetStartupInfoW
TerminateProcess
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
Sections
.text Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.imrsiv Size: - Virtual size: 4B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 724B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ