CareUEyes Pro v 2[.]2[.]4[.]0 Portable[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

CareUEyes Pro v 2.2.4.0 Portable.rar
Size

4.5MB
MD5

25c49a0018b8b104a82ae383e443bf0b
SHA1

52612c4c049b1ca0a42fdfa95a8310fa1965471c
SHA256

cabb7c823f41e24c322709ed6bc5891a4340b859fa45938e8ada472093029d0c
SHA512

ce660d895be37e37789be081734546de4779d46ac35111ea2d651872fbe83035a6ae66d2f7b17c0b26a26deac4e4392aa1ba2e11798603b6d3844ee56b4cdbfc
SSDEEP

98304:Tgx+f0GbSzCc/5kAxfT6iQNCCfVI29OUaDu8qDyAc3:tZS2O5kAZ6tfCYVLDyp

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CareUEyes Portable/App/CareUEyes/CareUEyes.exe
unpack001/CareUEyes Portable/CareUEyesPortable.exe

Files

CareUEyes Pro v 2.2.4.0 Portable.rar
.rar
CareUEyes Portable/App/AppInfo/AppIcon.ico
CareUEyes Portable/App/AppInfo/AppInfo.ini
CareUEyes Portable/App/AppInfo/Launcher/CareUEyesPortable.ini
CareUEyes Portable/App/CareUEyes/CareUEyes.exe
.exe windows x86

0e4bc422599bc1f56558497e8a52c606

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeSetEvent
timeKillEvent
mciSendStringW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
CreateToolhelp32Snapshot
GetFileSizeEx
FormatMessageW
TryEnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetUserDefaultLangID
FindFirstChangeNotificationW
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
Process32FirstW
Process32NextW
ResetEvent
OpenFileMappingW
IsBadReadPtr
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
HeapCreate
FreeResource
GetFullPathNameW
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileExA
CompareFileTime
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
FreeLibrary
CreateFileMappingW
GetFileSize
WriteFile
UnmapViewOfFile
lstrlenA
GetLastError
GetCurrentProcess
GetCurrentProcessId
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
WideCharToMultiByte
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
SuspendThread
FindNextFileW
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualProtect
GetEnvironmentVariableW
GetEnvironmentVariableA
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetDriveTypeW
SetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LocalFree
GetCPInfo
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
CreateProcessW
ResumeThread
TerminateProcess
ReadProcessMemory
LoadLibraryExA
FindFirstFileW
FindClose
ReadFile
CreateFileW
GetCommandLineA
GetModuleHandleW
GetThreadContext
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameW
GetCurrentThread
LoadLibraryExW
FindResourceW
LoadResource
MultiByteToWideChar
RaiseException
DecodePointer
FindResourceExW
SizeofResource
LockResource
lstrcmpiW
InitializeCriticalSectionAndSpinCount
SetCurrentDirectoryW
GetCommandLineW
HeapDestroy
HeapSize
LoadLibraryA
GetComputerNameA
GetLocalTime
IsBadWritePtr
SetLastError
lstrcmpW
GetCurrentThreadId
ExitProcess
GlobalAddAtomA
Sleep
GetTickCount
InterlockedCompareExchange
LoadLibraryW
GetModuleHandleA
HeapReAlloc
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
GetProcAddress

user32

SetFocus
GetWindow
IsChild
GetDlgCtrlID
GetDlgItem
GetSysColor
DestroyAcceleratorTable
FillRect
CreateAcceleratorTableW
DefWindowProcW
RegisterWindowMessageW
GetDC
RedrawWindow
MessageBoxW
GetActiveWindow
IsWindowVisible
DrawTextW
MsgWaitForMultipleObjects
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetClassLongW
GetClassLongW
RemovePropW
GetPropW
SetPropW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
InvalidateRgn
InvalidateRect
EndPaint
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
ReleaseDC
EnumDisplayMonitors
GetFocus
GetParent
ShowWindow
SetWindowPos
DestroyWindow
SendMessageW
UnregisterClassW
CharNextW
OffsetRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
FindWindowW
GetWindowRect
MonitorFromRect
PostMessageW
UnhookWinEvent
SetWinEventHook
GetForegroundWindow
BringWindowToTop
GetCursorPos
PtInRect
SetForegroundWindow
MonitorFromPoint
GetUserObjectInformationW
GetProcessWindowStation
GetClassInfoExW
LoadCursorW
RegisterClassExW
CallWindowProcW
EnumDisplayDevicesW
DrawIconEx
GetSystemMetrics
GetMonitorInfoW
GetAsyncKeyState
UnregisterHotKey
RegisterHotKey
BeginPaint
CopyRect
ScreenToClient
GetWindowLongW
SetWindowLongW
MonitorFromWindow
GetClassNameW
GetShellWindow
GetAncestor
ClientToScreen
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
LockWorkStation
SetCursor
SetCapture
ReleaseCapture
GetDesktopWindow
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
GetIconInfo
SetActiveWindow
IsWindowEnabled
EnableWindow
LoadImageW
CreateIconFromResource
LoadBitmapW
MapWindowPoints
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
GetCapture
SetTimer
KillTimer
DestroyIcon
WindowFromPoint
SendMessageA
GetWindowDC
GetWindowRgn
IsZoomed
SetSysColors
DestroyCursor
GetKeyState
EnableMenuItem
SetRect
InflateRect
IntersectRect
GetClientRect
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
EqualRect
IsRectEmpty
UnionRect

gdi32

CreateFontIndirectW
CreateBitmap
EnumFontsW
SaveDC
RestoreDC
ExcludeClipRect
CreateRoundRectRgn
SetGraphicsMode
Rectangle
FrameRgn
CreateHatchBrush
SetROP2
CreatePen
SetBkMode
SetDeviceGammaRamp
GetObjectW
GetStockObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
StretchBlt
SetViewportOrgEx
ExtTextOutW
GetTextFaceW
GdiFlush
CreateRectRgn
GetTextExtentPointI
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
DeleteDC
GetGlyphIndicesW
GetFontUnicodeRanges
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW

comdlg32

GetOpenFileNameW
ChooseColorW

advapi32

CryptEnumProvidersW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
GetUserNameA
RegQueryValueExW
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
RegDeleteValueW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ord680
SHBrowseForFolderW

ole32

CreateStreamOnHGlobal
IIDFromString
CreateBindCtx
CoCreateGuid
OleLockRunning
StringFromGUID2
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
SysStringLen
LoadTypeLi
SysAllocString
VariantClear
OleCreateFontIndirect
DispCallFunc
VarUdateFromDate
VariantInit
SysFreeString
LoadRegTypeLi

shlwapi

PathAppendW
PathRemoveFileSpecW
PathQuoteSpacesW
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
StrToIntExW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageEncoders
GdipGetPropertyItem
GdipSaveImageToFile
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipGraphicsClear
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetPropertyItemSize
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncodersSize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

getnameinfo
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
shutdown

iphlpapi

GetAdaptersInfo

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

crypt32

CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

wldap32

ord167
ord27
ord26
ord117
ord145
ord219
ord46
ord127
ord14
ord216
ord142
ord79
ord133
ord147
ord208
ord41
ord301

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 539KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CareUEyes Portable/App/CareUEyes/alert_sound.wav
CareUEyes Portable/App/CareUEyes/config.dat
CareUEyes Portable/App/CareUEyes/wallpaper/1.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/2.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/3.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/4.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/5.jpg
.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/6.jpg
.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/7.jpg
.jpg
CareUEyes Portable/App/CareUEyes/wallpaper/8.jpg
.jpg
CareUEyes Portable/App/DefaultData/CareUEyes/setting_v2.dat
CareUEyes Portable/App/DefaultData/settings/CareUEyes.reg
CareUEyes Portable/CareUEyesPortable.exe
.exe windows x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CareUEyes Portable/Muchos Portables!!!! -.url
.url

Sharing

General

Malware Config

Signatures

Files

0e4bc422599bc1f56558497e8a52c606

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

ws2_32

iphlpapi

imm32

crypt32

wldap32

usp10

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 90KB - Virtual size: 195KB

.rsrc Size: 539KB - Virtual size: 540KB

.reloc Size: 218KB - Virtual size: 217KB

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 23KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 90KB - Virtual size: 195KB

.rsrc
Size: 539KB - Virtual size: 540KB

.reloc
Size: 218KB - Virtual size: 217KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 23KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 3KB