MuiUnattend[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MuiUnattend.exe
Size

82KB
MD5

3c5c28b63079853db09656fc513f2413
SHA1

c95dbc35bcca36098ea1a689e343249d09ebbcc6
SHA256

d64f75141e2fe6d8709d893a25fff2bfbe6283297bb2ad4f0c86e21cd14259c8
SHA512

828e87ecf1f510751a2c8fa9cf3973f8d285769a2e5bcf056c76921ffee1dd77e7ceb6e21b3b7a35bcd6476d43945e1fe64a94d0b58349c8e16a2a4e37569ecf
SSDEEP

1536:f/9TVHOyjwAV006yVVoW7KRprbOEeTkrxPYoIfKHlS6LpEwAbi5hui0v/hiNV:f9YMRV0zcVoW7KRprap0xP9ICHlS2pGR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MuiUnattend.exe

Files

MuiUnattend.exe
.exe windows x86

7286c9453ed9ebf34b1d54717fed3376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

exit
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnprintf
memmove_s
wcschr
_purecall
_exit
_cexit
memmove
??3@YAXPAX@Z
_controlfp
_wcsicmp
memcpy_s
memcmp
memcpy
__p__fmode
__setusermatherr
_initterm
_wcsnicmp
bsearch
wprintf
_except_handler4_common
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
__set_app_type
_vsnwprintf
_onexit
wcsrchr
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegLoadKeyW
RegCloseKey
RegUnLoadKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateMutexExW
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
EnterCriticalSection
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
SetUserGeoID
FormatMessageW
GetLocaleInfoEx
LocaleNameToLCID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
TerminateProcess

sspicli

GetUserNameExW

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlpSetPreferredUILanguages
RtlNtStatusToDosError
RtlGetUILanguageInfo
RtlpSetInstallLanguage

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFullPathNameW
CreateFileW
FindFirstFileW
GetFileAttributesW
FindNextFileW
GetFileAttributesExW
FindClose

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7286c9453ed9ebf34b1d54717fed3376

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

sspicli

api-ms-win-core-localization-l1-2-2

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-private-l1-1-0

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-registry-l2-1-0

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB