umwmu[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

umwmu.exe
Size

2.6MB
MD5

eade901554c4dfbc025f897872ab1a89
SHA1

8badc869266f063c41b018d42b167e5a16b7d0de
SHA256

3ded54c9d3a169ec3185229c3e8439e51b7b3e2327d71d3b06ae18f262314247
SHA512

1cacce59baaada8fea585e9d238d2c30c1773afa0ba4fb60887f74926a4fe08b7d6d9b4c91880979153f8bf1452b6a8ea7021e06d48b4cfe95b6a3a647b957d8
SSDEEP

24576:Cb8yYQVgBK2WGNU+mxInjkeHhIyC4gVaN86VEy:S8BagB5/U+XHHCnc86T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
umwmu.exe

Files

umwmu.exe
.exe windows x86

Password: 1111

4c1c509934b536702a2553c0b7ec028f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Sleep
GetTickCount
GetLocalTime
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetComputerNameA
CreateThread
VirtualProtect
DeviceIoControl
GlobalMemoryStatus
GetLastError
GetSystemDEPPolicy
GetModuleFileNameA
SetPriorityClass
GetConsoleWindow
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
TerminateThread
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
VirtualFree
VirtualAlloc
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
OpenProcess
GetModuleHandleA
GetProcAddress
CloseHandle
CreateFileA

user32

ShowWindow
EnumDisplayDevicesA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ws2_32

connect
send
WSAStartup
socket
WSAGetLastError
closesocket
recv
htons

msvcrt

sscanf
fgets
tolower
vprintf
scanf
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
remove
fclose
fopen
rand
sprintf
free
malloc
strstr
_localtime64
__wgetmainargs
_stricmp
memcpy
memset

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 776KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 1111

4c1c509934b536702a2553c0b7ec028f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 776KB - Virtual size: 2.8MB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 776KB - Virtual size: 2.8MB

.reloc
Size: 9KB - Virtual size: 9KB