uad_gui-windows[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

uad_gui-windows.exe
Size

7.3MB
MD5

238743e5fd112b770ca52feb34117f54
SHA1

92bc2a0a8e917cf5212ac2be96e625e65e7cb14a
SHA256

91c7d32b8f2b021748e4dd0a6bfb7fee6c9882ae1ae2a0f62042381726c992b5
SHA512

035acaed80944d0952c73387a073c824bdf26b889c64398277abd8f540f7237167158295414f4edfaea411990cec3e305eae364033510084b25facab60d8b888
SSDEEP

98304:eP8akWhbDs71trlmYC//GehKLC+YYbuoVbot+J:Behy1X1YYag

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
uad_gui-windows.exe

Files

uad_gui-windows.exe
.exe windows:6 windows x64 arch:x64

Password: infected

2eb8e97af4a0c67d8816a670026671ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
GetProcessHeap
HeapReAlloc
SetThreadErrorMode
LoadLibraryExW
FreeLibrary
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GlobalFree
GlobalUnlock
GetProcAddress
GetCommandLineA
GetModuleHandleExW
lstrlenW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
Sleep
GetModuleHandleA
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
HeapFree
GetCurrentThread
SetLastError
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
SetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
GetSystemInfo
DeviceIoControl
GetFullPathNameW
SetFilePointerEx
CreateDirectoryW
WriteFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetHandleInformation
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
SetThreadStackGuarantee
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
RtlUnwindEx
TerminateProcess
AddVectoredExceptionHandler
SetConsoleMode
IsProcessorFeaturePresent
GetCommandLineW
DeleteFileW
MoveFileExW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
HeapSize
FlushFileBuffers
LCMapStringW
CloseHandle
GetConsoleOutputCP
GetModuleHandleW
RtlVirtualUnwind
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GlobalLock
RemoveVectoredExceptionHandler
GetFileInformationByHandle
GetCurrentThreadId
CreateEventA

user32

OpenClipboard
EmptyClipboard
SetClipboardData
DestroyIcon
RegisterWindowMessageA
MonitorFromPoint
CloseClipboard
MapVirtualKeyW
GetKeyboardLayout
GetKeyState
ToUnicodeEx
GetKeyboardState
GetMenu
AdjustWindowRectEx
SystemParametersInfoA
MonitorFromWindow
ShowWindow
SendMessageW
SetWindowLongW
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
IsProcessDPIAware
ReleaseCapture
RegisterRawInputDevices
GetMessageW
GetDC
SendInput
GetMonitorInfoW
SetForegroundWindow
GetClipboardData
RegisterTouchWindow
GetSystemMetrics
RedrawWindow
TranslateMessage
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowPos
DispatchMessageW
MsgWaitForMultipleObjectsEx
PostMessageW
PeekMessageW
PostThreadMessageW
GetWindowLongPtrW
SetWindowTextW
DestroyWindow
TrackMouseEvent
CreateWindowExW
LoadCursorW
SetCursor
MonitorFromRect
MapVirtualKeyA
SetCapture
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
DefWindowProcW
GetWindowLongW
GetClientRect
ClientToScreen
RegisterClassExW
SetWindowLongPtrW
InvalidateRgn
GetCursorPos

ole32

RevokeDragDrop
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
OleInitialize
RegisterDragDrop

shell32

SHGetKnownFolderPath
DragFinish
DragQueryFileW

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

ws2_32

WSAGetLastError
WSASocketW
closesocket
getsockopt
setsockopt
getaddrinfo
WSASend
ioctlsocket
send
recv
connect
WSACleanup
WSAStartup
WSARecv
select
freeaddrinfo
bind
listen
getpeername
accept
getsockname

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

d3dcompiler_47

D3DCompile

uxtheme

SetWindowTheme

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2eb8e97af4a0c67d8816a670026671ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

shell32

bcrypt

advapi32

ws2_32

winmm

gdi32

dwmapi

d3dcompiler_47

uxtheme

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 188KB - Virtual size: 188KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 188KB - Virtual size: 188KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 40KB - Virtual size: 39KB