UClient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UClient.exe
Size

6.6MB
MD5

35e7c4b4062e78cd42451c4bb4d78176
SHA1

4bb7f98325714354a29a2ded751ded67d8ba718e
SHA256

dc723e1fb4c3c89da65c762127b59f5740a332fdd697b419c3f2cdb64cde207f
SHA512

3fd0d906e021681dc6e5fc1f407b9f813ccecef94cd9b67c5839d9a5f2442657627c1113aede49a4870afc49bc1cc97c130728978f33fc76d75d4f957a5a1118
SSDEEP

98304:aCqWfaWUVcF86RzfSCZwviJIDFO+AmEb9sL9qX9wD9O029OoPP03o1bbQjxt:HBfeaZZwFOGIOo3eo1Mx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UClient.exe

Files

UClient.exe
.exe windows x86

008f2f0741d7b69dce9b9ae3e083d513

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreA

gdiplus

GdipSetStringFormatTrimming
GdipDrawLineI
GdipCreatePen1
GdipCreateHICONFromBitmap
GdipDrawEllipseI
GdipFillEllipseI
GdipCreateRegion
GdipSetClipRegion
GdipGetClip
GdipDrawEllipse
GdipDeleteRegion
GdipDeletePen
GdipDrawPath
GdipSetImageAttributesColorMatrix
GdipResetClip
GdipImageGetFrameDimensionsCount
GdipGetPropertyItem
GdipDrawImageRectI
GdipDisposeImageAttributes
GdipSetInterpolationMode
GdipGetImagePixelFormat
GdipCreateImageAttributes
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipDrawImageRectRectI
GdipGetPropertyItemSize
GdipSetPenDashStyle
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipFillPath
GdipAddPathLineI
GdipSetStringFormatTabStops
GdipGetFontSize
GdipCreateLineBrushFromRectI
GdipCreateStringFormat
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetStringFormatLineAlign
GdipCreateFont
GdipDrawArc
GdipCreateFromHWND
GdipGetLogFontW
GdipGetGenericFontFamilySansSerif
GdipDrawString
GdipMeasureString
GdipDeleteStringFormat
GdipDeleteFont
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipReleaseDC
GdipSaveGraphics
GdipGetDC
GdipCreateMatrix
GdipSetSmoothingMode
GdipSetWorldTransform
GdipSetClipRectI
GdipTranslateMatrix
GdipRestoreGraphics
GdipDeleteMatrix
GdipDrawRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipBitmapGetPixel
GdipCloneBrush
GdipFillRectangleI
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipFree
GdipGetImageHeight
GdipGetImageWidth

wininet

InternetCloseHandle
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
HttpSendRequestExW
HttpEndRequestW
InternetReadFile
InternetCrackUrlW
InternetSetOptionW
InternetWriteFile
InternetQueryOptionW
HttpOpenRequestW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetModuleHandleExA
GetModuleHandleA
ReleaseMutex
CreateMutexW
WriteConsoleW
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
MoveFileExW
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
SleepConditionVariableSRW
QueryPerformanceCounter
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
OutputDebugStringW
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetModuleFileNameW
CreateMutexA
ProcessIdToSessionId
CloseHandle
GetCurrentProcessId
OutputDebugStringA
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetTickCount
GetCurrentProcess
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
RemoveDirectoryW
SetFileTime
GetEnvironmentVariableW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GlobalMemoryStatusEx
CopyFileW
GetModuleFileNameA
GetCurrentThreadId
Sleep
CancelIo
CreateDirectoryA
ReadFile
CreateNamedPipeA
CreateDirectoryW
SizeofResource
WriteFile
GetShortPathNameW
GetProcessId
WaitForSingleObject
FormatMessageW
LockResource
LoadResource
FindResourceW
GetFileSize
VerSetConditionMask
SystemTimeToFileTime
VerifyVersionInfoW
GetSystemTime
GetSystemInfo
GetModuleHandleW
GetUserDefaultUILanguage
GetLongPathNameW
TerminateProcess
K32GetModuleFileNameExW
OpenProcess
LoadLibraryA
K32EnumProcesses
K32EnumProcessModules
GlobalAlloc
GlobalLock
GlobalUnlock
SetEvent
ResetEvent
CreateEventA
GetExitCodeProcess
GlobalFree
lstrcpyW
CreateNamedPipeW
WaitForMultipleObjects
DisconnectNamedPipe
CreateEventW
GetOverlappedResult
ConnectNamedPipe
CreatePipe
GetVersionExW
CreateProcessW
lstrlenW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
TlsAlloc
LocalFree
TlsFree
FormatMessageA
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
GetLocalTime
SetFilePointer
FileTimeToDosDateTime
DuplicateHandle
FindFirstFileW
FindNextFileW
FindClose
DosDateTimeToFileTime
LoadLibraryExA
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
TerminateThread
QueueUserAPC
SleepEx
TlsGetValue
CreateIoCompletionPort
QueryPerformanceFrequency
WaitForSingleObjectEx
GetExitCodeThread
RegisterWaitForSingleObject
UnregisterWaitEx
GetFileAttributesW
GetNativeSystemInfo
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
EncodePointer
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetStringTypeW
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetNamedPipeInfo
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
SleepConditionVariableCS
IsDebuggerPresent
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
GetSystemTimeAsFileTime
WakeAllConditionVariable

user32

ReleaseCapture
ReleaseDC
BeginPaint
EndPaint
SetTimer
ClientToScreen
PeekMessageW
KillTimer
WaitForInputIdle
OpenClipboard
CloseClipboard
SetCursor
GetWindowDC
SetCapture
LoadCursorW
TranslateAcceleratorW
GetForegroundWindow
ValidateRect
MapWindowPoints
RegisterClassW
EmptyClipboard
SetClipboardData
wsprintfW
GetMessageW
DispatchMessageW
GetMonitorInfoW
ScreenToClient
PostQuitMessage
EnumWindows
TranslateMessage
CreateWindowExW
DestroyIcon
PostMessageW
IsWindowVisible
DestroyWindow
IsIconic
MoveWindow
GetWindowThreadProcessId
ModifyMenuW
LoadMenuW
GetMenuItemID
MonitorFromWindow
GetMenuItemCount
TrackPopupMenu
GetSubMenu
LoadIconW
RemoveMenu
IsZoomed
GetDesktopWindow
GetCursorPos
GetWindowLongW
GetWindow
MessageBoxW
SetActiveWindow
ShowWindow
SetWindowLongA
SetFocus
SetForegroundWindow
FindWindowExW
SetWindowPos
SendMessageW
IsWindow
GetWindowLongA
SetParent
SetWindowLongW
GetClientRect
GetParent
FillRect
GetWindowRect
GetKeyState
DefWindowProcW
UpdateWindow
InvalidateRect
UnregisterClassW
IntersectRect
CopyRect
GetIconInfo
RegisterClassExW
GetWindowTextW
SetWindowTextW
GetDC
MsgWaitForMultipleObjectsEx
GetQueueStatus
WaitMessage
CallMsgFilterW
UnionRect
LoadAcceleratorsW
OffsetRect

gdi32

GetObjectW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
CreateFontW
CreateFontIndirectW
GetStockObject
DeleteObject
GetDIBits
SetViewportOrgEx
CreateSolidBrush

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoInitializeEx
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

shlwapi

PathIsDirectoryA
SHAutoComplete
StrCpyNW

ws2_32

freeaddrinfo
ioctlsocket
setsockopt
connect
gethostbyname
WSACloseEvent
WSACreateEvent
WSASetEvent
WSAStartup
inet_ntoa
gethostname
WSAGetLastError
socket
inet_addr
ntohs
htons
getpeername
getaddrinfo
WSASocketW
WSASetLastError
listen
shutdown
htonl
ntohl
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
send
getsockopt
WSARecv
getsockname
WSAAddressToStringW
WSACleanup

iphlpapi

NotifyAddrChange
CancelIPChangeNotify
GetAdaptersAddresses

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

008f2f0741d7b69dce9b9ae3e083d513

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

gdiplus

wininet

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

ws2_32

iphlpapi

winmm

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 692KB - Virtual size: 692KB

.data Size: 163KB - Virtual size: 187KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 251KB - Virtual size: 251KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 692KB - Virtual size: 692KB

.data
Size: 163KB - Virtual size: 187KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 251KB - Virtual size: 251KB