UTRM_v0[.]8[.]1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

UTRM_v0.8.1.zip
Size

25.2MB
MD5

c97002970f5213980ae52583672725aa
SHA1

431ea65a1975a2b26a6b170b3959e11170e2621d
SHA256

8dcd646d218b71abad35f87f8626b1d8a58804be00b1f3c10943c8857c485cb6
SHA512

80b5e7c22518b0057fc2daab7c427031f60ec48a646a91e5026c4e8c5c29dc71701c82dd0bf061c661e236422979e32c0f363cc51604fa9bebda05674d83f86e
SSDEEP

786432:EITWtwgFsIxKg6UtcQ8IRyj3Yf1yBtyHhQ4ZY0o/UZ+R/:L6+qsIxR6U+tuIS0tyBQh0iU8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UTRM v0.8.1/UNDERTALE_REMASTERED.exe
unpack001/UTRM v0.8.1/xdelta3-3.1.0-i686.exe

Files

UTRM_v0.8.1.zip
.zip
UTRM v0.8.1/Apply_Patch.bat
UTRM v0.8.1/HASHSUM.bat
.bat .vbs
UTRM v0.8.1/How_to_Install.TXT
UTRM v0.8.1/How_to_Transfer_Save.TXT
UTRM v0.8.1/UNDERTALE_REMASTERED.exe
.exe windows:6 windows x86 arch:x86

2c5dca54550e34b8f3cc00484192539b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCanonicalizeUrlA
InternetWriteFile
InternetConnectA
InternetCrackUrlA
HttpEndRequestW
HttpQueryInfoA
InternetGetConnectedState

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump
SymInitialize
SymFromAddr

winmm

mciSendStringA
joyGetPosEx
joyGetPos
joyGetDevCapsA
mciGetErrorStringA

ws2_32

gethostname
socket
shutdown
setsockopt
send
recvfrom
recv
listen
inet_ntoa
inet_addr
WSAStartup
ioctlsocket
connect
closesocket
bind
accept
getpeername
select
__WSAFDIsSet
ntohs
ntohl
htons
htonl
WSACleanup
WSAGetLastError
WSAAddressToStringA
getaddrinfo
getsockopt
freeaddrinfo
sendto

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FindNextFileA
FindFirstFileExA
GetFullPathNameA
SetCurrentDirectoryW
HeapReAlloc
GetTimeZoneInformation
MoveFileExW
SetFilePointerEx
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
EncodePointer
GetStringTypeW
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
PeekNamedPipe
GetFileType
GetDriveTypeW
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
SetLastError
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
VirtualQuery
IsValidCodePage
GetOEMCP
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CloseHandle
WaitForSingleObjectEx
CreateEventExW
MultiByteToWideChar
GetConsoleWindow
GetLastError
GetCurrentDirectoryW
GetCPInfo
GetFullPathNameW
CreateThread
GetExitCodeThread
GetModuleHandleW
LocalFree
FormatMessageW
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetEnvironmentVariableW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
Sleep
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetTickCount
CreateWaitableTimerW
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
lstrlenA
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
TlsAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlCaptureStackBackTrace
TlsSetValue
TlsFree
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
SetEndOfFile
DeleteFileW
HeapSize
TlsGetValue

user32

DrawTextW
GetDC
ReleaseDC
SetWindowTextW
ScreenToClient
MoveWindow
SetCursorPos
ClientToScreen
MapWindowPoints
GetActiveWindow
GetCursorPos
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
GetAsyncKeyState
keybd_event
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetDlgItemTextW
SetWindowTextA
MessageBoxA
SetDlgItemTextA
PeekMessageW
IsDialogMessageW
SetProcessDPIAware
GetForegroundWindow
UpdateWindow
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
DialogBoxParamW
CreateDialogParamW
LoadImageW
LoadCursorW
CallNextHookEx
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetDlgItemTextW
GetDlgItem
GetFocus
SetCapture
GetKeyState
SetFocus
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
MessageBoxW
GetRawInputDeviceList
GetRawInputDeviceInfoA
EndDialog

gdi32

GetDeviceCaps
DeleteObject
SelectObject
CreateFontA

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

dwmapi

DwmGetCompositionTimingInfo

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 553KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UTRM v0.8.1/UTRM Credits & Updates.TXT
UTRM v0.8.1/Undertale_Remastered.xdelta
UTRM v0.8.1/mus_mewmew.ogg
UTRM v0.8.1/mus_sfx_dogseal.ogg
UTRM v0.8.1/xdelta3-3.1.0-i686.exe
.exe windows:4 windows x86 arch:x86

0b994216e339c6d9c37517fbd992774a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
ReadFile
SetFilePointerEx
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WriteFile

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_iob
_lock
_onexit
_snprintf
_stati64
_vsnprintf
calloc
exit
fclose
fflush
fopen
fprintf
fread
free
fwrite
getenv
islower
isspace
isupper
malloc
memcmp
memcpy
memmove
memset
setvbuf
signal
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strtol
_unlock
abort
system
vfprintf
_unlink
_getpid

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c5dca54550e34b8f3cc00484192539b

Headers

DLL Characteristics

File Characteristics

Imports

wininet

dxgi

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 913KB - Virtual size: 912KB

.data Size: 553KB - Virtual size: 3.4MB

minATL Size: 512B - Virtual size: 12B

.mydata Size: 512B - Virtual size: 8B

.gfids Size: 512B - Virtual size: 372B

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 170KB - Virtual size: 169KB

0b994216e339c6d9c37517fbd992774a

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 260KB - Virtual size: 259KB

.data Size: 512B - Virtual size: 428B

.rdata Size: 46KB - Virtual size: 45KB

.bss Size: - Virtual size: 44KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 1024B - Virtual size: 952B

/19 Size: 112KB - Virtual size: 111KB

/31 Size: 9KB - Virtual size: 8KB

/45 Size: 28KB - Virtual size: 28KB

/57 Size: 14KB - Virtual size: 14KB

/70 Size: 2KB - Virtual size: 1KB

/81 Size: 9KB - Virtual size: 9KB

/92 Size: 1KB - Virtual size: 1KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 913KB - Virtual size: 912KB

.data
Size: 553KB - Virtual size: 3.4MB

minATL
Size: 512B - Virtual size: 12B

.mydata
Size: 512B - Virtual size: 8B

.gfids
Size: 512B - Virtual size: 372B

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 170KB - Virtual size: 169KB

.text
Size: 260KB - Virtual size: 259KB

.data
Size: 512B - Virtual size: 428B

.rdata
Size: 46KB - Virtual size: 45KB

.bss
Size: - Virtual size: 44KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 1024B - Virtual size: 952B

/19
Size: 112KB - Virtual size: 111KB

/31
Size: 9KB - Virtual size: 8KB

/45
Size: 28KB - Virtual size: 28KB

/57
Size: 14KB - Virtual size: 14KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 9KB - Virtual size: 9KB

/92
Size: 1KB - Virtual size: 1KB