AppeUI[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AppeUI.exe.zip
Size

4.0MB
MD5

72584c8db861045d5d310766091aff77
SHA1

eb197f14b88f56a82b0756a7afd3f7b471d03b35
SHA256

31e4a18461e77d05eb5d1cddd92ba3c5b7ca9c1120d34ffba3f7dc909eb07081
SHA512

f1226aed3b9b5db59658f065ebca0607f9f3c41ade50c975d274d89859215abf3cf63963d376882016b185315847dfb49a092b99372eb28c1904ed6206a97eec
SSDEEP

98304:OC151ZIwFWIoHUSbGL6RP8qcwrJmpYvZhSXX/OHmfril:LE7fGLs8W7hSXGHCw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AppeUI.exe

Files

AppeUI.exe.zip
.zip

Password: infected
AppeUI.exe
.exe windows x64

b164017d053004779a53e57acadb9357

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

GetAce

iphlpapi

GetIfTable

shell32

ILFree

hid

HidP_GetCaps

setupapi

SetupInstallFileA

dhcpcsvc

DhcpIsEnabled

dhcpcsvc6

Dhcpv6IsEnabled

psapi

EnumProcesses

wsock32

bind

qtcore4

??1QDir@@QEAA@XZ

qtgui4

??1QLabel@@UEAA@XZ

onxlib

ord1772

msvcp140

_Mbrtowc

onxkernel

VOpen

hasp_windows_x64_52775

ord4

vcruntime140

memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-convert-l1-1-0

atol

api-ms-win-crt-stdio-l1-1-0

_eof

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-filesystem-l1-1-0

_chdir

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

_putenv_s

onxsingletonmgr

OnxSingletonMapGet

onxlssrvscp

onyx_VLSdiscover

libxml2

xmlFree

version

VerQueryValueA

Sections

.AKS1
Size: 250KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKS2
Size: 3.8MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKS3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

b164017d053004779a53e57acadb9357

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

iphlpapi

shell32

hid

setupapi

dhcpcsvc

dhcpcsvc6

psapi

wsock32

qtcore4

qtgui4

onxlib

msvcp140

onxkernel

hasp_windows_x64_52775

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

onxsingletonmgr

onxlssrvscp

libxml2

version

Sections

.AKS1 Size: 250KB - Virtual size: 840KB

.AKS2 Size: 3.8MB - Virtual size: 5.9MB

.AKS3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 19KB - Virtual size: 18KB

.AKS1
Size: 250KB - Virtual size: 840KB

.AKS2
Size: 3.8MB - Virtual size: 5.9MB

.AKS3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 19KB - Virtual size: 18KB