vyuct[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vyuct.exe
Size

15.4MB
MD5

3009466e53f402de82a64797744f9b8a
SHA1

2cc8a5c0f22c48397921ca3f3ee8a001c1d1ed26
SHA256

599049dd1b48c7afd56dad0bad1b3d2fe2a140d5373e236b980f3f02ed250453
SHA512

1b3e3711cf7791098474fbf465d9647b6539219524be4ca1954de12cdc23a1788704adc239e0e53e4a181209b10cb373643bc1c200c6203a80a13b190c4bda25
SSDEEP

49152:W1umD2TU9WtTPNON4OQ8NwKYy2mrCV7F1aWKxP003PcAJMloQ4yhx14LIsdIo:679KwpNwKVC7MPcxaIsdIo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vyuct.exe

Files

vyuct.exe
.exe windows:4 windows x86

d5bbc3d83cf1d6b2e3dae0ab81f295c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dclipx

DC_GUI
DC_LANGSET
DC_DOTHOTKEY
DC_GETTEMPLATE
DC_GETLISTSET
DC_GETANCHORCB
DC_GETREFRESH
DC_XBPMENUCONFIG
DC_READGUIEVENT
DC_MSGBOX
DC_READGUI
DC_GETIDDEFAULT
DC_ADDREC
DC_WINALERT
DC_AUTOREST
DC_LOGICTEST
DC_GETPOPUPCAPTION
DC_IMPL
DC_WAITON
DC_GETORIGSET
DC_GETCOLARRAY
DC_FIELDWBLOCK
DC_GETOBJECTID
DC_GETOBJECT
DC_PRINTERON
DC_PRINTEROK
DC_PRINTEROBJECT
DC_PRINTEROFF
DC_XTOC
DC_GUIMEMOEDIT
DC_GETORIGUPDATED
DC_SETSCOPE
DC_CLRSCOPE
DC_ARRAYVIEW
DC_GETWORKAREA
DC_VARFROMLISTBOX
DC_CALCABSOLUTEPOSITION
DC_GETDESTROY
DC_VARTOLISTBOX
DC_GETPROGRESS
DC_COLOR2ATTR
DC_LANGMSG
DC_PRINTFILE
DC_CLEAREVENTS
DC_GUIALERTCOLOR
DC_GUIALERT
DC_READVAR
DC_GETACTIVEINFO
DC_GETADDOPTION

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?conNNewNil
?momSOff
ACREATE
?symPrivateConst
?symPublicConst
?symParameterConst
?symGetItemConst
VALTYPE
?symRefItemConst
?domAssign
SET
CURDIR
FILE
?domNot
?retStackValue
_SYMLOAD
?getRFPC
SETCOLLATIONTABLE
SETCOLLATION
EMPTY
GETENV
SUBSTR
STRTRAN
DBUSEAREA
NETERR
?pushCodeBlock
_EARLYBOUNDCODEBLOCK
DBCREATEINDEX
?retNil
PADR
DBSEEK
EOF
DBAPPEND
?getWCFC
DBCLOSEAREA
?domAdd
TYPE
?domValXEql
?domValEql
SPACE
SETKEY
AADD
SETAPPWINDOW
FERASE
ALLTRIM
UPPER
?domXEql
?domGetElem
AT
?orShortCut
?domOr
DBCLOSEALL
_COPYFILE
DBZAP
DBSKIP
PROCNAME
PROCLINE
__vft20ConStringConstObject10AtomObject
?getWFPC
__vft19ConNumericIntObject10AtomObject
__vft14ConLogicObject10AtomObject
SETAPPFOCUS
ASIZE
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?conNewLogic
?conOpNewInt
?retStackItem
ORDLISTCLEAR
ORDLISTADD
DBGOTOP
ORDSETFOCUS
LEN
DELETED
DBDELETE
DBRECALL
?getRFCC
DBEVAL
?domGCmp
?andShortCut
?domAnd
STR
DBPACK
_SYMSAVE
?setCWArea
?restWArea
?floadTos
?conSendItem
?conMemberToItem
DIRECTORY
AEVAL
CTOD
?conNewString
DATE
MONTH
?domValLCmp
YEAR
?domSub
VAL
?symPublic
?domValSubStr
RECCOUNT
RECNO
DBGOTO
CREATEDIR
FERROR
?domInc
FCREATE
FWRITE
FCLOSE
DBSETINDEX
_SYMRELEASE
?domEql
?getWFCC
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
?domNEql
?conNewCon
?conRelease
DBSELECTAREA
SELECT
?domLCmp
?domSubStr
DBREINDEX
DBCLEARRELATION
DBSETRELATION
TRIM
?domValGCmp
DBSTRUCT
MAX
MIN
AINS
POSTAPPEVENT
ADEL
ALTD
FIELDNAME
?getWCFS
INT
APPDESKTOP
PCOUNT
?domAddEqu
DBFILTER
DBCLEARFILTER
DBSETFILTER
LTRIM
?executeMacro
DTOC
ROUND
?domRefElem
?domValNEql
?executeLMacro
ALIAS
MAXROW
MAXCOL
SAVESCREEN
SCROLL
SETPOS
DEVPOS
DEVOUT
GET
ROW
COL
RESTSCREEN
?domMul
?domDiv
ASORT
ASCAN
?conAssignRefWMember
_SYMNILPRIVATES
FLOCK
DBUNLOCK
DBRUNLOCK
LASTREC
FCOUNT
ARRAY
FIELDGET
FIELDPOS
FIELDPUT
?domValLECmp
DBCREATE
RLOCK
INDEXKEY
AFILL
CHR
?Xb2MacroSubstStringConst
MEMOREAD
REPLICATE
STUFF
MEMOWRIT
?domPostInc
ERRORNEW
ERRORBLOCK
EVAL
_BREAK
TRANSFORM
?ehUnsetContext
?ehGetBreakContainer
?domValGECmp
PADC
PADL
?domDec
_EJECT
MLCOUNT
MEMOLINE
FOPEN
FSEEK
FREAD
BIN2W
ASC
USED
QQOUT
QOUT
RUNSHELL
LUPDATE
RECSIZE
FREADSTR
FRENAME
DBLOCATE
BOF
DBGOBOTTOM
?setSWArea
?domLECmp
?domGECmp
DAY
_WAIT
DBRLOCK
DISPBOX
LASTKEY
SECONDS
SETCOLOR
?callStack
_ATPROMPT
_MENUTO
?symPublicFalse
_KEYBOARD
?domNegate
DTOS
TIME
INKEY
SETCURSOR
INDEXORD
DEVOUTPICT
MEMOEDIT
ATAIL
MEMOTRAN
?symPrivateNil
RAT
AREMOVE
?domPostDec
ISMETHOD
GRABOX
?getWFSS
RTRIM
FOUND
DBSETORDER
?symPrivate
ACLONE
?domSubEqu
CONVTOANSICP
CURDRIVE
?getRFSC
?conOpNewFloat
DOSERRORMESSAGE
?getWFCS
?getRFCS
ORDCONDSET
ORDCREATE
?getWFSC
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version

xppsys

_DBIMPORT
GRAMAKERGBCOLOR
SETTIMEREVENT
_DBEXPORT
READKILL
ANCHORCB
READMODAL
AFIELDS
DBCREATEEXTSTRUCT
DBCREATEFROM
READVAR
MOD
READINSERT
ADIR
GRASETATTRLINE
APPEXIT
DBESYS
ERRORSYS

Sections

.text
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5bbc3d83cf1d6b2e3dae0ab81f295c0

Headers

File Characteristics

Imports

dclipx

xpprt1

xppsys

Sections

.text Size: 12.1MB - Virtual size: 12.1MB

.data Size: 1.4MB - Virtual size: 1.4MB

.xpp Size: 13KB - Virtual size: 12KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 524KB - Virtual size: 524KB

.text
Size: 12.1MB - Virtual size: 12.1MB

.data
Size: 1.4MB - Virtual size: 1.4MB

.xpp
Size: 13KB - Virtual size: 12KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 524KB - Virtual size: 524KB