urelas | 321361e1d52d938c9143e5ec0b301f51db8c5ee361f28c0b096874b77b405a04

Sharing

Copy URL Twitter E-mail

General

Target

321361e1d52d938c9143e5ec0b301f51db8c5ee361f28c0b096874b77b405a04
Size

400KB
MD5

90bf7c241af8ba7e0fbac1bb1c6ad9f7
SHA1

9fe9ccef762e8e35e8964ea5c91b5375633e5bfa
SHA256

321361e1d52d938c9143e5ec0b301f51db8c5ee361f28c0b096874b77b405a04
SHA512

02c12d8f164284df0910284ef23cdcffd98a7a995d2abbf587f1233be0a0086586452b9c8867a5c88c319cab41cb63d499fc5e840715e5539526a86ddf7a930f
SSDEEP

6144:MmQK4uSrzMUCL11g7A9lQQQlVy4J6nRe4Lfg/D2Hfd00F3bMTWwpcVpq8TG:MYdSrzMZbyplVbwRe+W2HPwWwpc0

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
321361e1d52d938c9143e5ec0b301f51db8c5ee361f28c0b096874b77b405a04

Files

321361e1d52d938c9143e5ec0b301f51db8c5ee361f28c0b096874b77b405a04
.exe windows:5 windows x86 arch:x86

80d4e40a392b9b21c2c4e297373a5dda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PMS\pms4\Project(20131120)\GolfProject\bin\GolfProject.pdb

Imports

kernel32

GetFileAttributesW
CreateThread
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
FreeResource
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
SizeofResource
GetVersionExW
ReadFile
CreateFileW
MultiByteToWideChar
GetFileSizeEx
LockResource
DeviceIoControl
GetModuleFileNameA
GetTempPathA
SetFileAttributesW
SetFilePointer
SystemTimeToFileTime
WideCharToMultiByte
GetCurrentDirectoryW
ExitProcess
SetEndOfFile
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetTickCount
Sleep
CreateEventW
CloseHandle
OpenEventW
DeleteFileW
GetSystemDirectoryW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
GetModuleFileNameW
LocalFileTimeToFileTime
GetTempPathW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle

user32

LoadAcceleratorsW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
wsprintfW
SetCursorPos
SendInput
GetWindowTextW
WindowFromPoint
GetWindowRect
FindWindowW
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteA
ShellExecuteW

ws2_32

WSAStartup
send
gethostbyname
gethostbyaddr
closesocket
socket
recv
htons
WSAGetLastError
htonl
inet_addr
connect

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 388KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80d4e40a392b9b21c2c4e297373a5dda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

Sections

.text Size: 388KB - Virtual size: 392KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: - Virtual size: 4KB

.text
Size: 388KB - Virtual size: 392KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: - Virtual size: 4KB