ukmm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ukmm.exe
Size

32.3MB
MD5

5bd638f7ff61576a683069320cebc5aa
SHA1

5f6933966e4a1ef615c53f662846c2df85bc62e7
SHA256

8bd0e5033e94ba436bcd322de15adf4593e87e9762528b343fe4b0798badbdb7
SHA512

c855e5effc8ef7833d03ac0708942b6afe96d3d3cbf6ee896f5edcee3aa24b11d7ccb78ef15cfedca44046cdeedb54d46e7c0f8aeca0e53472c93e2ae5a888da
SSDEEP

393216:v4UXq8zPppueifCYeKVWnr23DJcqfMhJmf4WHuVCOlOR/ZxuUQ1:vHzPcJhAKTiqmcZOVC9R/ZxuUQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ukmm.exe

Files

ukmm.exe
.exe windows x64

36fb91ce35911565b799ec142d6b2391

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
GetLastError
FindClose
lstrlenW
SetFileAttributesW
CloseHandle
SetFilePointerEx
GetStdHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
QueryPerformanceCounter
AttachConsole
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
GlobalUnlock
GlobalFree
GetSystemInfo
GetCurrentThreadId
MultiByteToWideChar
GlobalAlloc
GlobalLock
SwitchToThread
GetProcAddress
GlobalSize
UnmapViewOfFile
GetFileInformationByHandleEx
SetThreadErrorMode
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetConsoleMode
GetFileType
WakeAllConditionVariable
QueryPerformanceFrequency
GetCurrentProcess
DeviceIoControl
CreateFileMappingW
MapViewOfFile
DuplicateHandle
VirtualProtect
GetProcessHeap
HeapFree
GetFullPathNameW
GetModuleHandleA
SleepConditionVariableSRW
WakeConditionVariable
SetFileInformationByHandle
GetFileInformationByHandle
SetFileTime
GetCurrentThread
TryAcquireSRWLockExclusive
WaitForSingleObject
WriteConsoleW
SetLastError
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlCaptureContext
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
FindNextFileW
CreateDirectoryW
FindFirstFileW
ReadConsoleW
WideCharToMultiByte
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
SetConsoleMode
CreateHardLinkW
RemoveDirectoryW
CreateSymbolicLinkW
VirtualFree
MapViewOfFileEx
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
HeapAlloc
InitOnceBeginInitialize
AreFileApisANSI
GetLocaleInfoEx
FormatMessageA
LocalFree
RaiseException
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitOnceComplete
WriteFile
FlsAlloc
GetEnvironmentVariableA
RtlVirtualUnwind
FlsSetValue
IsDebuggerPresent
WriteConsoleA
GetProcessTimes
GetNumaNodeProcessorMask
GetNumaHighestNodeNumber
GetLargePageMinimum
VirtualQuery
VirtualAlloc
GetCurrentProcessorNumber
FlsFree

shell32

SHCreateItemFromParsingName
DragFinish
ShellExecuteW
DragQueryFileW
SHGetKnownFolderPath

ole32

OleInitialize
CoInitializeEx
RevokeDragDrop
CoUninitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop

ws2_32

getpeername
WSARecv
getsockopt
WSASocketW
select
ioctlsocket
WSACleanup
send
accept
WSAStartup
WSASend
getsockname
setsockopt
connect
WSAGetLastError
recv
listen
closesocket
bind
freeaddrinfo
getaddrinfo

user32

ClientToScreen
SystemParametersInfoA
DestroyIcon
GetWindowPlacement
EnumDisplayMonitors
GetClassNameW
GetWindowLongPtrW
GetClipboardData
IsClipboardFormatAvailable
GetUpdateRect
ChangeDisplaySettingsExW
GetRawInputData
RegisterRawInputDevices
GetClassInfoExW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostThreadMessageW
GetKeyboardState
MonitorFromRect
CloseTouchInputHandle
SetWindowPos
MapVirtualKeyA
TrackMouseEvent
SetCapture
DestroyWindow
RedrawWindow
GetWindowLongW
SetWindowPlacement
IsProcessDPIAware
DefWindowProcW
SetWindowLongPtrW
RegisterWindowMessageA
GetKeyboardLayout
RegisterTouchWindow
ShowWindow
SetForegroundWindow
SendInput
MapVirtualKeyW
OpenClipboard
ToUnicodeEx
SendMessageW
CloseClipboard
MonitorFromWindow
GetWindowRect
ReleaseCapture
AdjustWindowRectEx
GetCursorPos
SetWindowTextW
ReleaseDC
SetWindowLongW
GetActiveWindow
GetClipCursor
ClipCursor
SetClipboardData
EmptyClipboard
DispatchMessageW
SetCursor
LoadCursorW
TranslateMessage
PostMessageW
ShowCursor
GetSystemMetrics
GetMessageW
ScreenToClient
InvalidateRgn
GetClientRect
CreateIcon
GetMonitorInfoW
GetTouchInputInfo
GetDC
CreateWindowExW
RegisterClassExW
GetKeyState
ValidateRect
GetMenu

gdi32

CreateRectRgn
DeleteObject
ChoosePixelFormat
DescribePixelFormat
CreateCompatibleDC
CreateFontIndirectW
SelectObject
GetFontData
DeleteDC
SwapBuffers
GetDeviceCaps
SetPixelFormat

opengl32

wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmAssociateContextEx

shlwapi

AssocQueryStringW

dwmapi

DwmEnableBlurBehindWindow

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

advapi32

OpenProcessToken
AdjustTokenPrivileges
SystemFunction036
LookupPrivilegeValueA
LookupPrivilegeValueW

ntdll

NtCreateFile
RtlInitUnicodeString
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

uxtheme

SetWindowTheme

msvcp140

??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1_Lockit@std@@QEAA@XZ
?_Throw_C_error@std@@YAXH@Z

vcruntime140

__vcrt_LoadLibraryExW
__std_exception_copy
__vcrt_GetModuleFileNameW
__CxxFrameHandler3
memcpy
__C_specific_handler_noexcept
memcmp
memmove
__current_exception_context
memset
_CxxThrowException
__current_exception
__std_exception_destroy
strstr
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

cbrtf
acosf
ceil
exp2f
floor
floorf
ceilf
log2
fmod
atan2f
fmodf
pow
tan
acos
_hypotf
cosf
roundf
sinf
powf
expf
__setusermatherr
sin
atan2
cos
trunc
round
_hypot
truncf

api-ms-win-crt-string-l1-1-0

strcpy_s
strlen
isgraph
strcat_s
strncmp

api-ms-win-crt-heap-l1-1-0

_aligned_free
malloc
free
_set_new_mode
_aligned_malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_wassert
_crt_atexit
exit
_errno
_register_onexit_function
abort
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_set_app_type
__p___argv
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_get_initial_narrow_environment
_initterm
terminate
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

fclose
_get_stream_buffer_pointers
_fseeki64
__stdio_common_vsprintf
fputs
fflush
fgetc
fgetpos
fputc
__p__commode
fread
fwrite
_set_fmode
setvbuf
__stdio_common_vfprintf
putc
__acrt_iob_func
ungetc
fsetpos

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15.4MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36fb91ce35911565b799ec142d6b2391

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

ws2_32

user32

gdi32

opengl32

imm32

shlwapi

dwmapi

winmm

advapi32

ntdll

bcrypt

oleaut32

uxtheme

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 16.2MB - Virtual size: 16.2MB

.rdata Size: 15.4MB - Virtual size: 15.4MB

.data Size: 13KB - Virtual size: 220KB

.pdata Size: 513KB - Virtual size: 513KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 16.2MB - Virtual size: 16.2MB

.rdata
Size: 15.4MB - Virtual size: 15.4MB

.data
Size: 13KB - Virtual size: 220KB

.pdata
Size: 513KB - Virtual size: 513KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 68KB - Virtual size: 68KB