ultradefrag[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ultradefrag.exe
Size

5.1MB
MD5

5a687d92e7e5b897d940a957c58f4b93
SHA1

315ec2cc6837fd8065a410dabfc5afc192c4f856
SHA256

e3eb80a72e7cd76dc24afd78a890e4d51ce0cb68586156167c9aba096b3fc75f
SHA512

2d526d3e6b2ca1cb327b9f151794bd7aefbf8e9fff5d1b50b022afc4fb030fda60efb2ebf487217057efc4c740266d0e5441d5fdae60ee903c7e9052d2714089
SSDEEP

49152:mMYv6SHXO9bYyaJSMDGR/TN5uMWQs77Bh7loM4FygPYfxHQObgWzXqk4TgLSiBVi:/efS7peKOB3NLSiwbrM95+NTl

Score

1^/10

Malware Config

Signatures

Files

ultradefrag.exe
.exe windows x64

754f1ab51703dad927c92cd9664bdaeb

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:55

Not After

19/01/2027, 11:55

Subject

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:84:91:3f:5d:2d:2b:4d:a8:54:11:24:a0:1d:f1:1d
Certificate

Issuer

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2019, 10:59

Not After

10/09/2020, 10:59

Subject

SERIALNUMBER=2017-000781100,CN=Green Gate Systems\, LLC,O=Green Gate Systems\, LLC,POSTALCODE=95103,STREET=105 N 1ST ST #429,L=San Jose,ST=CA,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:75:a2:e2:87:cd:a0:37:b3:f4:e8:da:8e:1a:c8:80:51:01:82:a1:90:ee:4d:bb:11:c9:17:91:c3:d8:13:c7
Signer

Actual PE Digest

22:75:a2:e2:87:cd:a0:37:b3:f4:e8:da:8e:1a:c8:80:51:01:82:a1:90:ee:4d:bb:11:c9:17:91:c3:d8:13:c7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2017-000781100,CN=Green Gate Systems\, LLC,O=Green Gate Systems\, LLC,POSTALCODE=95103,STREET=105 N 1ST ST #429,L=San Jose,ST=CA,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/03/2020, 10:22
Valid: true

Chain 1

SERIALNUMBER=2017-000781100,CN=Green Gate Systems\, LLC,O=Green Gate Systems\, LLC,POSTALCODE=95103,STREET=105 N 1ST ST #429,L=San Jose,ST=CA,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindClose
FindFirstFileW
GetLongPathNameW
SetFileTime
GetFileTime
GetFileSize
GetLocaleInfoW
SetThreadLocale
GetUserDefaultLCID
GetACP
IsValidLocale
GetThreadLocale
WaitForMultipleObjects
PeekNamedPipe
ReadFile
SetNamedPipeHandleState
WriteFile
ResumeThread
CreateThread
SetHandleInformation
CreatePipe
GetExitCodeProcess
LocalFree
FormatMessageW
SetErrorMode
InitializeCriticalSection
GetShortPathNameW
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
ReleaseMutex
CreateSemaphoreW
ReleaseSemaphore
TlsSetValue
SetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
TlsGetValue
GetSystemInfo
GetCurrentThreadId
SetProcessAffinityMask
GetProcessAffinityMask
TlsFree
TlsAlloc
CopyFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetFileType
FindNextFileW
FreeLibrary
GetProcAddress
LoadLibraryW
OutputDebugStringW
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
MulDiv
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
AttachConsole
GetStdHandle
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
FreeConsole
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
HeapSize
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
DecodePointer
EncodePointer
HeapFree
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
GetStartupInfoW
HeapReAlloc
HeapAlloc
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ExitThread
GetDriveTypeW
GetFullPathNameA
GetFullPathNameW
MoveFileW
RemoveDirectoryW
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetOEMCP
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetStringTypeW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEndOfFile
GetCurrentDirectoryW
GetLocaleInfoA
EnumSystemLocalesA
CompareStringW
GetTempPathW
CreateFileW
GetTempFileNameW
GetFileAttributesW
GetModuleFileNameW
IsValidCodePage
GetCPInfo
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
IsDebuggerPresent
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetDiskFreeSpaceExW
GetProfileStringW
GetEnvironmentVariableW
GetComputerNameW
EnumResourceNamesW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceFrequency
GetLogicalDriveStringsW
DeleteFileA
FindResourceW
GetCurrentProcessId
OpenProcess
SetPriorityClass
LoadResource
LockResource
SizeofResource
DeleteFileW
SetEvent
CreateMutexW
GetCommandLineW
GetModuleHandleW
Sleep
CreateFileA
TerminateProcess
RaiseException
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
AddVectoredExceptionHandler
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
CreateEventW
SetLastError
WaitForSingleObject
DeleteCriticalSection
CloseHandle

user32

CreateIconIndirect
GetIconInfo
DrawFocusRect
DrawTextW
GetDlgItem
CreateDialogParamW
OffsetRect
DrawFrameControl
DrawIconEx
CreateDialogIndirectParamW
IsIconic
IsZoomed
GetWindowPlacement
GetDesktopWindow
DrawMenuBar
EnableMenuItem
GetSystemMenu
FlashWindowEx
SetLayeredWindowAttributes
SetWindowRgn
DestroyIcon
LoadImageW
LoadBitmapW
FindWindowExW
SetMenu
GetDoubleClickTime
LoadCursorW
GetProcessDefaultLayout
DestroyCursor
LoadCursorFromFileW
SetMenuItemInfoW
CreatePopupMenu
DestroyMenu
InsertMenuW
SetMenuInfo
InsertMenuItemW
RemoveMenu
ModifyMenuW
GetMenuState
AppendMenuW
CreateMenu
GetSubMenu
CheckMenuItem
CheckMenuRadioItem
SetRect
DrawStateW
DrawEdge
GetSysColorBrush
GetMenuItemID
CopyRect
SetRectEmpty
MessageBeep
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
LoadAcceleratorsW
ValidateRect
GetMessageW
GetWindowDC
UnionRect
GetMonitorInfoW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromWindow
keybd_event
HideCaret
ShowCaret
GetComboBoxInfo
ChildWindowFromPoint
IsRectEmpty
GetWindowLongPtrW
GetClipboardFormatNameW
RegisterClipboardFormatW
ShowCursor
AdjustWindowRectEx
UnregisterHotKey
CloseClipboard
EmptyClipboard
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EnumClipboardFormats
GetDialogBaseUnits
ClientToScreen
ScreenToClient
MapWindowPoints
UpdateWindow
RedrawWindow
SetParent
WindowFromPoint
GetParent
GetWindowLongW
IsWindow
ScrollWindow
EnableScrollBar
SetScrollInfo
GetScrollInfo
SetCursorPos
PtInRect
SetCursor
ReleaseCapture
SetCapture
SetWindowPos
AnimateWindow
EnableWindow
SetFocus
GetFocus
SetWindowLongW
GetCursorPos
GetMessagePos
DispatchMessageW
MsgWaitForMultipleObjects
KillTimer
SetTimer
DdeGetLastError
DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeCreateDataHandle
DdePostAdvise
DdeGetData
DdeFreeDataHandle
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeNameService
DdeUninitialize
DdeInitializeW
PostThreadMessageW
WaitForInputIdle
PeekMessageW
DestroyWindow
DefWindowProcW
UnregisterClassW
CreateWindowExW
RegisterClassW
BringWindowToTop
EnumWindows
PostMessageW
GetWindowThreadProcessId
RegisterHotKey
ChildWindowFromPointEx
SetWindowsHookExW
EndDialog
SetClassLongPtrW
RegisterWindowMessageW
ValidateRgn
SetWindowLongPtrW
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyW
GetMenuItemCount
GetMenuItemInfoW
GetKeyState
SystemParametersInfoW
GetMessageTime
EndDeferWindowPos
GetWindow
BeginDeferWindowPos
GetUpdateRgn
GetSysColor
InvalidateRect
ReleaseDC
GetDC
DialogBoxParamW
MessageBoxW
LoadIconW
FillRect
EndPaint
BeginPaint
ExitWindowsEx
SendMessageW
SetForegroundWindow
ShowWindow
GetSystemMetrics
SetWindowTextW
InflateRect
IsWindowEnabled
IsWindowVisible
IsDialogMessageW
CallWindowProcW
PostQuitMessage
TranslateMessage
TrackPopupMenu
GetClientRect
GetWindowRect
DeferWindowPos
OpenClipboard
MoveWindow
GetCapture

gdi32

GetDeviceCaps
CreateSolidBrush
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetObjectType
GetStockObject
PolyBezier
Ellipse
RoundRect
Rectangle
Polyline
PolyPolygon
SetPolyFillMode
Polygon
SetPixel
Pie
Arc
GetPixel
ExtFloodFill
SetMapMode
GetBkColor
SelectClipRgn
ExtSelectClipRgn
GetClipBox
SetTextColor
CreateBitmapIndirect
SetBkColor
GetObjectW
CreateBitmap
GetOutlineTextMetricsW
CreateFontIndirectW
GetTextMetricsW
SetBrushOrgEx
CreateRectRgn
SelectPalette
RealizePalette
GdiFlush
GetSystemPaletteEntries
EnumFontFamiliesExW
CreateICW
CreateDIBitmap
GetDIBColorTable
GetDIBits
CreateDIBSection
ExtCreatePen
CreatePatternBrush
CreateHatchBrush
CreateRectRgnIndirect
RectInRegion
PtInRegion
EqualRgn
GetRgnBox
CombineRgn
CreatePolygonRgn
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetTextExtentExPointW
GetCharABCWidthsW
MaskBlt
SetStretchBltMode
ExtTextOutW
SetROP2
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
SetWorldTransform
SetGraphicsMode
GetWorldTransform
ModifyWorldTransform
StretchDIBits
StretchBlt
GetLayout
SetLayout
OffsetRgn
ExtCreateRegion
GetRegionData
GetTextExtentPoint32W
CreatePen
LineTo
MoveToEx
ExcludeClipRect

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
SHFileOperationW
SHGetFolderPathW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
ExtractIconExW
ExtractIconW

advapi32

GetUserNameW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegQueryInfoKeyW

ole32

CoCreateInstance
CoUninitialize
OleGetClipboard
OleInitialize
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
ReleaseStgMedium
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoInitialize

powrprof

SetSuspendState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

zenwinx

winx_bytes_to_hr
winx_enable_privilege
winx_tolower
winx_set_killer
winx_flush_dbg_log
winx_toupper
winx_bootex_unregister
winx_bootex_register
winx_bootex_check
winx_dbg_print
winx_vswprintf
winx_wcsdup
winx_get_os_version
winx_heap_free

udefrag

udefrag_get_vollist
udefrag_release_vollist
udefrag_init_library
udefrag_set_log_file_path
udefrag_start_job
udefrag_validate_volume
udefrag_get_volume_information
udefrag_get_error_description

lua5.1a

luaL_newstate
lua_gc
lua_settop
lua_tolstring
lua_type
luaL_openlibs
luaL_loadfile
lua_pcall
lua_close

msimg32

GradientFill
AlphaBlend

comctl32

ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Copy
ord16
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Add
ImageList_Destroy
ImageList_Create
ord17
ImageList_GetImageCount
ImageList_Draw
ImageList_DragEnter
ImageList_GetIconSize

comdlg32

CommDlgExtendedError
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate
VariantTimeToSystemTime
VariantInit
SafeArrayGetVartype
SysAllocString
SysStringLen
SysReAllocString
SysFreeString
VarBstrFromCy
SystemTimeToVariantTime
SafeArrayDestroy

shlwapi

SHAutoComplete

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

754f1ab51703dad927c92cd9664bdaeb

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3Certificate

Extended Key Usages

Key Usages

49:84:91:3f:5d:2d:2b:4d:a8:54:11:24:a0:1d:f1:1dCertificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

22:75:a2:e2:87:cd:a0:37:b3:f4:e8:da:8e:1a:c8:80:51:01:82:a1:90:ee:4d:bb:11:c9:17:91:c3:d8:13:c7Signer

Signature Validations

Verification

01/03/2020, 10:22 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

ole32

powrprof

urlmon

zenwinx

udefrag

lua5.1a

msimg32

comctl32

comdlg32

oleaut32

shlwapi

version

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 63KB - Virtual size: 329KB

.pdata Size: 269KB - Virtual size: 269KB

text Size: 5KB - Virtual size: 5KB

data Size: 10KB - Virtual size: 9KB

.rsrc Size: 183KB - Virtual size: 182KB

.reloc Size: 86KB - Virtual size: 85KB

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

49:84:91:3f:5d:2d:2b:4d:a8:54:11:24:a0:1d:f1:1d
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

22:75:a2:e2:87:cd:a0:37:b3:f4:e8:da:8e:1a:c8:80:51:01:82:a1:90:ee:4d:bb:11:c9:17:91:c3:d8:13:c7
Signer

01/03/2020, 10:22
Valid: true

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 63KB - Virtual size: 329KB

.pdata
Size: 269KB - Virtual size: 269KB

text
Size: 5KB - Virtual size: 5KB

data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 183KB - Virtual size: 182KB

.reloc
Size: 86KB - Virtual size: 85KB