uoam[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

uoam.exe
Size

464KB
MD5

944d650f9c6afab1a69c909311f6e5b0
SHA1

84ddda6d31613bc34f87d74ab35aa5e0d9306ac2
SHA256

923088dcd1246a7fdf5ded6070bff9a80ad439dd023893f429672b1521861b4d
SHA512

fb8c10db1cb9f2b85d89f657d97c963f985544513eb1260913eb12d84ad32e85318718b126965af64cfa6abb03fa46ddb8b15ba51fe7b9516c7c78e4eb782e0d
SSDEEP

6144:PqqxTcdWWSOu3nQZUzoLl4DgO/E/1VpPHI8wiZGiBhYokG8xTN:CqxYRSOuCt31e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
uoam.exe

Files

uoam.exe
.exe windows x86

8101c5cff191ea890e6e6cb4ad679c9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegEnumValueA
RegCreateKeyA

kernel32

GlobalAddAtomA
ReadProcessMemory
OpenProcess
SetEndOfFile
GetLastError
GetDiskFreeSpaceA
FreeLibrary
GetFullPathNameA
SizeofResource
LoadResource
FindResourceExA
LoadLibraryExA
EnumResourceNamesA
GlobalGetAtomNameA
MulDiv
FindClose
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessA
lstrlenA
GetTempPathA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetSystemTime
GetLocaleInfoA
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
MoveFileA
TerminateProcess
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapFree
RaiseException
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GlobalDeleteAtom
GetFileAttributesA
CopyFileA
GlobalAlloc
GlobalLock
GlobalUnlock
WriteFile
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetVersionExA
InitializeCriticalSection
CreateEventA
CreateThread
TerminateThread
DeleteCriticalSection
GetTickCount
Sleep
ResetEvent
QueryPerformanceCounter
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileTime
CompareFileTime
DeleteFileA
WaitForSingleObject
SetEvent
lstrcpyA
lstrcatA
CreateFileA
CloseHandle
GetFileSize
SetFilePointer
ReadFile
GetModuleFileNameA

gdi32

GetObjectA
CreateBitmap
GetPixel
DeleteDC
GetBkColor
CreateSolidBrush
GetTextColor
SetBkColor
ExtTextOutA
GetClipBox
BitBlt
SetBkMode
GetTextExtentPoint32A
CreateDIBSection
CreateCompatibleBitmap
SetTextColor
GetTextMetricsA
SetTextAlign
TextOutA
SetPixel
GetStockObject
CreatePen
SelectObject
CreateBrushIndirect
Ellipse
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
MoveToEx
LineTo
GetDeviceCaps

user32

SetCursor
LoadCursorA
ClientToScreen
DrawFocusRect
DrawIconEx
InvalidateRect
ScrollDC
DefWindowProcA
SetFocus
CallWindowProcA
GetWindowTextA
PostMessageA
TrackPopupMenu
IsWindow
DestroyMenu
InsertMenuItemA
CreatePopupMenu
GetSubMenu
LoadMenuA
ScreenToClient
KillTimer
IsZoomed
EndPaint
BeginPaint
PostQuitMessage
UpdateWindow
SetTimer
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
RegisterClassA
GetWindowLongA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsDialogMessageA
GetMessageA
LoadAcceleratorsA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
IsDlgButtonChecked
InvertRect
DeleteMenu
GetKeyState
GetSysColor
FillRect
SetForegroundWindow
SetWindowTextA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
FindWindowA
GetWindowThreadProcessId
SetWindowPlacement
LoadImageA
CreateIconIndirect
GetIconInfo
CopyIcon
DestroyCursor
DestroyIcon
CreateIconFromResourceEx
MoveWindow
wsprintfA
SetWindowLongA
GetClientRect
EnableWindow
LoadIconA
SetScrollRange
SetScrollPos
SetDlgItemTextA
GetDlgItem
ShowWindow
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
DialogBoxParamA
CreateWindowExA
SendMessageA
CheckMenuItem
EnableMenuItem
MessageBoxA
EndDialog
GetDC
ReleaseDC
GetParent
LoadStringA

shell32

DragFinish
DragAcceptFiles
ShellExecuteA
DragQueryFileA

comctl32

ImageList_LoadImageA
ImageList_Draw
ord17
PropertySheetA
CreatePropertySheetPageA

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcServerRegisterIfEx
RpcServerUseProtseqA
RpcServerUnregisterIf
RpcBindingFree
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall2
RpcStringFreeA

wsock32

gethostname
gethostbyname
inet_addr

winmm

PlaySoundA

updateace

ord5
ord11
ord7
ord9
ord10
ord18
ord17
ord8
ord16
ord15
ord14
ord13
ord12

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8101c5cff191ea890e6e6cb4ad679c9a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

comctl32

comdlg32

rpcrt4

wsock32

winmm

updateace

Sections

.text Size: 199KB - Virtual size: 198KB

.data Size: 17KB - Virtual size: 25KB

.rsrc Size: 247KB - Virtual size: 246KB

.text
Size: 199KB - Virtual size: 198KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 247KB - Virtual size: 246KB