UCheckCMD_portable64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UCheckCMD_portable64.exe
Size

14.8MB
MD5

76132b88d9e9966cf67cad55ad5edc3c
SHA1

0376d4b3e7ad9d01e65d035cdf517757bdf0ffc0
SHA256

c0299a324bbf90234fb328cde9c33e86db4ef435a8de96b218e9117bd34eec22
SHA512

6832f53fc7a66905641c9d2945f7e61186fd952ac56850cbc07d1b622ba692060472e633560fff0509d56239994898a9247190928ff35ecc6545df6cb0a3de1d
SSDEEP

196608:6NG5G7EWqH3108XRSggLFltykofRt1Sl9edtn+a9n/pw:6x9qTRSggL/t3ofR6GdtnFnO

Score

1^/10

Malware Config

Signatures

Files

UCheckCMD_portable64.exe
.exe windows x64

778f3f3b48bad87214e75561562dd9f1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2022, 00:00

Not After

12/01/2025, 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:76:10:86:04:41:52:28:b5:16:75:38:98:d3:b1:2f:f3:e3:38:6e
Signer

Actual PE Digest

45:76:10:86:04:41:52:28:b5:16:75:38:98:d3:b1:2f:f3:e3:38:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVolumeInformationW
SetErrorMode
Sleep
GetSystemTimes
GetSystemInfo
FormatMessageW
RaiseException
CreateThread
OpenThread
WriteProcessMemory
CreateRemoteThread
Module32FirstW
Module32NextW
K32GetModuleInformation
DefineDosDeviceW
QueryDosDeviceW
DeviceIoControl
FlushFileBuffers
ReadFile
SetHandleInformation
PeekNamedPipe
CreateNamedPipeW
CancelIo
GetDiskFreeSpaceW
GetDriveTypeW
GetFileType
GetVolumePathNameW
SetFilePointerEx
GetVolumeNameForVolumeMountPointW
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpiW
lstrlenW
IsBadReadPtr
IsBadWritePtr
lstrcmpA
lstrcpyW
SetFilePointer
LoadLibraryExW
GlobalAlloc
GlobalFree
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
MoveFileExW
ReadConsoleW
FormatMessageA
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
MoveFileW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
RtlPcToFileHeader
GetStartupInfoW
CreateDirectoryW
GetModuleFileNameW
GetModuleFileNameA
GetVersionExA
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
CloseHandle
OutputDebugStringA
GetFileAttributesW
GetStringTypeW
GetEnvironmentVariableW
RtlCaptureContext
LocalAlloc
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
GetTickCount
LoadLibraryW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
GetComputerNameW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
GetVersionExW
VerSetConditionMask
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
GetProcAddress
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetProcessTimes
SetLastError
GetLastError
GetCurrentProcessId
GetCurrentProcess
CreateConsoleScreenBuffer
WriteConsoleW
SetConsoleMode
ReadConsoleInputW
GetNumberOfConsoleInputEvents
GetConsoleMode
SetConsoleWindowInfo
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleActiveScreenBuffer
GetConsoleCursorInfo
FillConsoleOutputCharacterW
WriteConsoleOutputW
ReadConsoleOutputW
WriteFile
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
WideCharToMultiByte
MultiByteToWideChar
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
ExitProcess
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
GetCommandLineA
GetACP
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFullPathNameA
SetEndOfFile
HeapSize
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
HeapDestroy
LoadResource
SizeofResource
FindResourceW
GetPrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
GetTickCount64
GetFileSizeEx
LockResource
GetFileSize
HeapCreate
ResetEvent
SetEvent
LocalFree
GetCommandLineW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
LockFileEx
UnlockFile
HeapCompact
SetConsoleCtrlHandler
ReadConsoleA
DeleteFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
InitializeCriticalSection
LockFile
AreFileApisANSI
VirtualQueryEx
CreateFileA
CreateMutexW
RtlUnwindEx

user32

GetShellWindow
EnumWindows
GetWindowThreadProcessId
GetSystemMetrics
SystemParametersInfoW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA
FindWindowA
GetClassNameW
EnumChildWindows
GetWindowTextW
CharNextW
SendMessageW
IsWindowVisible

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
ord51

ole32

StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SysFreeString

advapi32

QueryServiceStatus
GetSecurityInfo
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceConfig2W
RegQueryValueExW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
CreateServiceW
DeleteService
EnumDependentServicesW
EnumServicesStatusW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
LookupAccountNameW
GetLengthSid
CopySid
GetTokenInformation
FreeSid
CheckTokenMembership
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ConvertStringSidToSidW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
RegSetKeySecurity
RegGetKeySecurity
LookupAccountSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetAce
AllocateAndInitializeSid
GetUserNameW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathIsPrefixW
PathRemoveExtensionW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathIsRelativeW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW
PathSearchAndQualifyW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
AssocQueryStringW
StrFormatByteSizeW
StrDupW
StrCmpIW
PathIsNetworkPathW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
PathRemoveBlanksW
PathIsDirectoryW

userenv

DestroyEnvironmentBlock
GetProfilesDirectoryW
CreateEnvironmentBlock

wininet

InternetGetConnectedState

wsock32

inet_ntoa
getsockname
getsockopt
ntohs
WSAStartup
WSACleanup
WSAGetLastError
gethostname
sendto
recv
send
WSASetLastError
accept
bind
closesocket
connect
listen
setsockopt
socket
getpeername
htons
__WSAFDIsSet
select
htonl
recvfrom
shutdown

ntdll

NtUnloadDriver
NtLoadDriver
RtlInitUnicodeString
NtDeleteValueKey
NtDeleteKey
NtOpenKey
RtlVirtualUnwind
RtlLookupFunctionEntry
NtSetValueKey
NtCreateKey
NtQueryKey
NtQuerySystemInformation

mpr

WNetGetConnectionW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext

bcrypt

BCryptGenRandom
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty

ws2_32

getaddrinfo
freeaddrinfo
getnameinfo
inet_pton
WSAIoctl

crypt32

CryptQueryObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertNameToStrW
CertFreeCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty
CertCloseStore

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

778f3f3b48bad87214e75561562dd9f1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

45:76:10:86:04:41:52:28:b5:16:75:38:98:d3:b1:2f:f3:e3:38:6eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

version

shlwapi

userenv

wininet

wsock32

ntdll

mpr

wtsapi32

wintrust

bcrypt

ws2_32

crypt32

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 139KB - Virtual size: 255KB

.pdata Size: 389KB - Virtual size: 389KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 50KB - Virtual size: 49KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

45:76:10:86:04:41:52:28:b5:16:75:38:98:d3:b1:2f:f3:e3:38:6e
Signer

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 139KB - Virtual size: 255KB

.pdata
Size: 389KB - Virtual size: 389KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 50KB - Virtual size: 49KB