MuiUnattend[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MuiUnattend.exe
Size

82KB
MD5

3d5b670ce8e58d9434946fdd1325553d
SHA1

25ab87459503585cffc2c1e38c18568d84fd58d1
SHA256

fb289939bf28259c630e0b9ff3fe3166607aa9458c76b22f8c87718c266bceae
SHA512

237f7f12301cf735fad07f6ef68c25dacf0fd034fe9a8c46d7de5e2031c31d5f8ebbd2bc93ac9b077e3bd7cb69184b4ae711e1b7666ad7bdafb5327503230fa4
SSDEEP

1536:AMc5tcmHe4XdCoVJLjQByboznKtW28f4jmo/+UFGkRQbAbD7h/iiD97:Amh6Eo3LjQBDWtHk4x+IGq1lB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MuiUnattend.exe

Files

MuiUnattend.exe
.exe windows:10 windows x86

eb7186d0510e0f5b777005abb635be6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
bsearch
_wcsnicmp
memmove_s
wcschr
_purecall
exit
__set_app_type
_exit
??3@YAXPAX@Z
_wcsicmp
memcpy_s
wprintf
_cexit
__p__fmode
__setusermatherr
_initterm
_except_handler4_common
wcsrchr
memcpy
_vsnprintf
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
memmove
_vsnwprintf
memcmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegQueryValueExW
RegOpenKeyExW
RegUnLoadKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateSemaphoreExW
ReleaseSRWLockShared
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName
GetLocaleInfoEx
LocaleNameToLCID
SetUserGeoID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId

sspicli

GetUserNameExW

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlpSetPreferredUILanguages
RtlNtStatusToDosError
RtlGetUILanguageInfo

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetFileAttributesExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb7186d0510e0f5b777005abb635be6d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

sspicli

api-ms-win-core-localization-l1-2-2

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-private-l1-1-0

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-registry-l2-1-0

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB