USO[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

USO.exe
Size

3.7MB
MD5

f9f1a961ed8c86aa7033ebe3369db74b
SHA1

af4413c251a6623032a5078ede554fd7860ddb89
SHA256

b80d545473968a149325bab1a10e1b8a94dc4f30e66f5590fee9a6055024f82b
SHA512

0ab37172dd932de4bfdc6cc07f247b5a79e718d19d75602e59e4038c6d125846fa2962b3301ffdfec4fa9b505ba29025a8e15abfcfa07e0c576cff9c7ee0a717
SSDEEP

49152:6XZRGMLNp+KxCpwhRuidYpWYtKwNaTQvs2DcdgIlPGkMreFaiulGRyETFSHRt0k:Gp+s9u3WYTs2CTlBYiG3HRtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
USO.exe

Files

USO.exe
.exe windows x64

ec283ddf19ad99af7e2aff29e1330bca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysAllocStringLen
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysFreeString
VariantClear
SafeArrayDestroy

kernel32

SetHandleInformation
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
GlobalUnlock
GetFileInformationByHandle
FindFirstFileW
FindClose
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetFinalPathNameByHandleW
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetLastError
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
SwitchToThread
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
WakeAllConditionVariable
AcquireSRWLockExclusive
HeapReAlloc
GetSystemInfo
GetExitCodeProcess
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObject
GetLastError
GetOverlappedResult
WaitForMultipleObjects
GlobalFree
UnhandledExceptionFilter
GlobalAlloc
Sleep
GlobalLock
CreateDirectoryW
GlobalSize
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
HeapFree
InitializeSListHead
IsDebuggerPresent
FindNextFileW
RtlCaptureContext

user32

EnumDisplaySettingsExW
OpenClipboard
GetClipboardData
CloseClipboard
SetClipboardData
GetMonitorInfoW
EnumDisplayMonitors

bcrypt

BCryptGenRandom

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertOpenStore
CertDuplicateStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertCloseStore
CryptUnprotectData

advapi32

CheckTokenMembership
SystemFunction036
FreeSid
RegCreateKeyExA
RegQueryValueExW
RegSetValueExA
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid

ws2_32

WSAStartup
getsockopt
shutdown
WSACleanup
freeaddrinfo
getsockname
WSAGetLastError
getpeername
closesocket
WSAIoctl
ioctlsocket
WSASocketW
getaddrinfo
connect
WSASend
bind
setsockopt
send
recv

ntdll

NtDeviceIoControlFile
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError

secur32

FreeContextBuffer
AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken
DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
DeleteDC
CreateDCW

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

vcruntime140

__C_specific_handler
memmove
__CxxFrameHandler3
memset
memcpy
memcmp
__current_exception
__current_exception_context
strrchr

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strncmp
strlen

api-ms-win-crt-heap-l1-1-0

realloc
_msize
malloc
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
__p___argv
_get_initial_narrow_environment
__p___argc
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_initialize_onexit_table
_endthreadex
_seh_filter_exe
_set_app_type
_initterm_e
terminate
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_initterm

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec283ddf19ad99af7e2aff29e1330bca

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

user32

bcrypt

crypt32

advapi32

ws2_32

ntdll

secur32

gdi32

ole32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 27KB - Virtual size: 30KB

.pdata Size: 63KB - Virtual size: 62KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 27KB - Virtual size: 30KB

.pdata
Size: 63KB - Virtual size: 62KB

.reloc
Size: 26KB - Virtual size: 26KB