UES___[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UES___.exe
Size

114.8MB
MD5

229a93d5c8e22799820e96d427010dcb
SHA1

d523f73dfb8606a888ca54d214f1535bf54c1c3f
SHA256

ffb6c43af9584124c3f8dff1a880b6dfb694a522e82c33d994ec81dc25b49431
SHA512

b1bcea8fe11e823db8f61ef6ae87a32153a6ce20f3dda090c287ffe5c51ca1fcc2a86ba06e319a9fb2537ca03c341c8b87ed2ca1871274a15151d6c69c0eb04e
SSDEEP

3145728:cWE10GRUtN7XLoJnqSz9N/3TOK3MDBqWvp0ePaXbChN/XxEqVtX:jM+NzcJnnz9N/KvHeb0BCWtX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UES___.exe

Files

UES___.exe
.exe windows x86

b23520784a493ea8df7f3701229a6809

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
PFXImportCertStore
CertCloseStore
CertEnumCertificatesInStore
CryptQueryObject

kernel32

RemoveDirectoryW
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ProcessIdToSessionId
MoveFileExA
GetSystemInfo
FlushInstructionCache
LoadLibraryA
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
GetStdHandle
GetTempFileNameW
MoveFileW
GetFullPathNameW
CreateFileA
GlobalAlloc
GlobalLock
GetComputerNameExW
FlushFileBuffers
CreatePipe
lstrlenA
GetTempPathW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleA
VirtualProtect
ExitThread
GetStartupInfoW
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetLocalTime
GetCPInfo
ReleaseMutex
GetSystemDefaultLangID
VirtualQuery
DeleteFileW
CreateFileW
GetFileSize
CloseHandle
MultiByteToWideChar
ReadFile
WaitForSingleObject
SetEvent
GetTickCount
Sleep
CopyFileW
GetVersionExW
CreateEventW
ResetEvent
DeleteCriticalSection
HeapFree
GetProcessHeap
InterlockedIncrement
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetLastError
MoveFileExW
GetUserDefaultUILanguage
LocalAlloc
SetCurrentDirectoryW
RaiseException
lstrcmpiW
CreateFileMappingW
MapViewOfFileEx
CreateMutexW
LoadLibraryExW
OpenMutexW
GlobalMemoryStatus
GetPrivateProfileIntW
GetPrivateProfileIntA
CreateThread
GetExitCodeProcess
WritePrivateProfileStringA
GetPrivateProfileStringW
DeviceIoControl
GetDriveTypeW
GetLogicalDriveStringsW
WriteFile
GetDiskFreeSpaceExW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
GetVersion
FreeResource
lstrcmpW
InterlockedExchange
FreeLibrary
SetEndOfFile
QueryDosDeviceW
OpenFileMappingW
InterlockedCompareExchange
FindNextFileW
SetFilePointer
CreateDirectoryW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrlenW
WideCharToMultiByte
TerminateProcess
CreateProcessW
OpenProcess
SearchPathW
InitializeCriticalSection
SetErrorMode
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
GetCommandLineW
lstrcpynW
VirtualAllocEx
WriteProcessMemory
SetUnhandledExceptionFilter
LoadResource
LockResource
LocalFree
SizeofResource
FindResourceW
FindClose
FindFirstFileW
GetCurrentThread
GetModuleHandleW
SetFileAttributesW
SetLastError
FindResourceExW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
InterlockedDecrement
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
GetCurrentProcess

user32

GetWindowTextLengthW
GetWindowTextW
FrameRect
GetWindowDC
FillRect
DefWindowProcW
EqualRect
PtInRect
OffsetRect
CreateWindowExW
PostMessageW
FindWindowW
MessageBoxA
SendMessageTimeoutW
ExitWindowsEx
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
ShowWindow
CharNextW
SetWindowPos
SetForegroundWindow
CharUpperW
GetWindowLongW
KillTimer
SetTimer
GetClassInfoExW
SetWindowTextW
LoadCursorW
DrawTextW
DrawIconEx
SetCapture
ClientToScreen
SetCursor
GetDC
CallWindowProcW
SendMessageW
SetLayeredWindowAttributes
RegisterClassExW
UnregisterClassA
DestroyWindow
SetWindowLongW
SetFocus
CharLowerW
IsWindow
TrackMouseEvent
RedrawWindow
PostQuitMessage
MessageBoxW
TrackPopupMenu
GetDlgCtrlID
ReleaseCapture
InvalidateRect
ReleaseDC
GetMessageW
GetParent
SetRect
DispatchMessageW
GetClientRect
MapWindowPoints
PeekMessageW
EndPaint
EnableWindow
GetActiveWindow
TranslateMessage
GetWindow
CopyRect
GetKeyState
BeginPaint
SetActiveWindow
IsWindowVisible
IsWindowEnabled
PostThreadMessageW
GetDlgItem
MoveWindow
GetMonitorInfoW
MonitorFromWindow
GetDesktopWindow
UpdateLayeredWindow
InflateRect
DrawFrameControl
CopyImage
LoadImageW
LoadIconW
SystemParametersInfoW
GetWindowRect
GetSystemMenu

gdi32

GetTextMetricsW
CreateSolidBrush
ExtSelectClipRgn
RectInRegion
Rectangle
RoundRect
CreatePen
MoveToEx
LineTo
CreateDIBSection
SetTextColor
StretchBlt
ExtTextOutW
BitBlt
CreateBitmap
SetBkColor
CreateRectRgnIndirect
CombineRgn
SelectClipRgn
SetBkMode
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteDC
AddFontResourceW
DeleteObject

advapi32

RegOpenKeyExW
RegCloseKey
GetTokenInformation
GetNamedSecurityInfoW
InitializeAcl
GetSecurityInfo
CopySid
AddAce
SetSecurityInfo
SetNamedSecurityInfoW
GetAclInformation
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
LookupAccountNameW
GetAce
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
ConvertSidToStringSidW
DeleteService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
RegDeleteKeyW
RegEnumValueW
RegLoadKeyW
SetSecurityDescriptorDacl
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
SetEntriesInAclW
BuildExplicitAccessWithNameW
RegEnumKeyExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegOpenKeyW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
GetUserNameW
IsValidSid
GetLengthSid

shell32

SHBrowseForFolderW
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ord680
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoUninitialize

oleaut32

OleLoadPicture
VariantCopy
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr
VariantInit

shlwapi

StrToIntA
wnsprintfW
PathIsRelativeW
StrCpyW
PathAddExtensionW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathAddBackslashW
PathRemoveBackslashW
StrStrW
StrChrW
StrCatW
PathCanonicalizeW
PathFindFileNameW
PathRemoveExtensionW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

inet_addr
htons
htonl

wininet

InternetOpenW
InternetConnectW
InternetQueryOptionW
HttpSendRequestW
InternetCrackUrlW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

Sections

.text
Size: 728KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b23520784a493ea8df7f3701229a6809

Headers

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

wininet

userenv

psapi

wtsapi32

version

netapi32

Sections

.text Size: 728KB - Virtual size: 725KB

.rdata Size: 196KB - Virtual size: 192KB

.data Size: 20KB - Virtual size: 40KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 728KB - Virtual size: 725KB

.rdata
Size: 196KB - Virtual size: 192KB

.data
Size: 20KB - Virtual size: 40KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB