urelas | 8aba82b0805aade0c266a6a5c5e268f0_exe32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8aba82b0805aade0c266a6a5c5e268f0_exe32.exe
Size

392KB
MD5

8aba82b0805aade0c266a6a5c5e268f0
SHA1

312071179934466ce6bee205d632502147c80c73
SHA256

0192c9b16a09dea32ff4dec3df4a92dcc2afcacbefe69b05d9e17b31ddeac2d1
SHA512

d9f4c2a33c18172251cdb518b8baaa4684a603c247873edb12cbfa43d28ef3ecaa5448f826d65d944a021b3467cc20650785b0cc3111019abad7f8736fe55149
SSDEEP

12288:fEOZQtZVa6JdD/lHoOMzXCGOoIVdDHMxB:fE1HVa2dDNIrrCGOoQDAB

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8aba82b0805aade0c266a6a5c5e268f0_exe32.exe

Files

8aba82b0805aade0c266a6a5c5e268f0_exe32.exe
.exe windows:5 windows x86

991c5a72122a41ebafc53117f57e5c77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
FreeResource
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
GetSystemDirectoryW
SizeofResource
GetVersionExW
ReadFile
CreateFileW
MultiByteToWideChar
GetFileSizeEx
LockResource
DeviceIoControl
GetModuleFileNameA
GetTempPathA
SetFileAttributesW
SetFilePointer
SystemTimeToFileTime
WideCharToMultiByte
GetCurrentDirectoryW
GetModuleFileNameW
SetEndOfFile
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
LoadLibraryA
CreateThread
CreateEventW
CloseHandle
GetFileAttributesW
GetTickCount
ExitProcess
Sleep
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetTempPathW
LocalFileTimeToFileTime
OpenEventW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
RaiseException
RtlUnwind
GetConsoleCP

user32

GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadAcceleratorsW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
DestroyWindow
LoadStringW
LoadIconW
wsprintfW
SetCursorPos
SendInput
GetWindowTextW
WindowFromPoint
GetWindowRect
FindWindowW
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteA
ShellExecuteW

ws2_32

WSAStartup
send
gethostbyname
gethostbyaddr
closesocket
socket
recv
htons
WSAGetLastError
htonl
inet_addr
connect

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 384KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

991c5a72122a41ebafc53117f57e5c77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

Sections

.text Size: 384KB - Virtual size: 388KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: - Virtual size: 4KB

.text
Size: 384KB - Virtual size: 388KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: - Virtual size: 4KB