Utilman[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Utilman.exe
Size

68KB
MD5

9f26b7bfa48fe8181154b961665a37c3
SHA1

ba94772ae3b9678681dc693d6fc92d505da5d049
SHA256

5a7027567e3695923db6404ae0278f468b746041253c25d1ebdf2b9b3a918f23
SHA512

87211c91c4e255904f6b369cc60acf7cde0f6cecfb9b99b129bc60f9ee533c20001bcf6e559f1f58312e2d28dab860fbdc32eca3ee0e4a97cad658f97fd6298d
SSDEEP

1536:NHGaavO/KyU7ipkdrNy+x/fEALsWVDypfZG3kbtHRRIZgUbiiLin2U+QlN:NuvBhkl+NLsuGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Utilman.exe

Files

Utilman.exe
.exe windows:6 windows x86 arch:x86

3d3bb68781ceba0874f86af3f69ae815

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Utilman.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegSetValueExW
EventRegister
EventWrite
RegEnumValueW
EventUnregister
RegEnumKeyExW
RegCreateKeyExW
TraceMessage
RegLoadMUIStringW
RegGetValueW

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
CloseHandle
OpenEventW
CreateEventW
ProcessIdToSessionId
GetCurrentProcessId
VirtualAllocEx
GetThreadPreferredUILanguages
MulDiv
GetLocaleInfoEx
ReadProcessMemory
CompareStringOrdinal
VirtualFreeEx
OpenJobObjectW
IsProcessInJob
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
DeleteFileW
GetFileAttributesW
HeapFree
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
GetProcessHeap
HeapAlloc
InitializeProcThreadAttributeList
OpenProcess
GetLastError
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
OpenMutexW
HeapSetInformation
ExpandEnvironmentStringsW
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetThreadUILanguage

user32

GetAncestor
SetWindowPos
GetSystemMetrics
SendMessageW
IsProcessDPIAware
GetThreadDesktop
GetUserObjectInformationW
SystemParametersInfoW
GetWindowThreadProcessId
GetShellWindow
FindWindowW
LoadCursorW
SetTimer
KillTimer
SetCursor
SendInput
SendMessageTimeoutW
UnregisterClassA
GetKeyState

msvcrt

__setusermatherr
_initterm
_wcmdln
??2@YAPAXI@Z
free
malloc
_wtoi
wcsrchr
_ltow_s
wcsspn
wcscspn
memcpy_s
memmove_s
__p__fmode
_wcsicmp
_wcslwr_s
calloc
wcschr
wcsstr
_purecall
memset
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_vsnwprintf
__CxxFrameHandler3
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_lock
_unlock
_cexit
_exit
exit
__set_app_type
__wgetmainargs
__dllonexit
_onexit
??_V@YAXPAX@Z
_XcptFilter
__p__commode
_amsg_exit
??_U@YAPAXI@Z

ntdll

WinSqmIsOptedIn
WinSqmAddToStream

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleacc

GetProcessHandleFromHwnd

comctl32

ord344

shell32

ShellExecuteW

duser

InvalidateGadget

dui70

?GetUnset@Value@DirectUI@@SGPAV12@XZ
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?CustomProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QAE@XZ
?Release@Value@DirectUI@@QAEXXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?SetActive@Element@DirectUI@@QAEJH@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
RegisterPVLBehaviorFactory
StrToID
?GetClassInfoPtr@TouchSwitch@DirectUI@@SGPAUIClassInfo@2@XZ
?SetToggleValue@TouchSwitch@DirectUI@@QAEXH@Z
?GetToggleValue@TouchSwitch@DirectUI@@QAEHXZ
InitProcessPriv
StartMessagePump
?ThemeChange@HWNDElement@DirectUI@@SG?AVUID@@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
UnInitProcessPriv
?Destroy@Element@DirectUI@@QAEJ_N@Z
??0Element@DirectUI@@QAE@XZ
??1Element@DirectUI@@UAE@XZ
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?Click@TouchButton@DirectUI@@SG?AVUID@@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
??1ClassInfoBase@DirectUI@@UAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
?SliderUpdated@TouchSlider@DirectUI@@SG?AVUID@@XZ
InitThread
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
UnInitThread
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?Register@Element@DirectUI@@SGJXZ
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
?GetRoot@Element@DirectUI@@QAEPAV12@XZ
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?RemoveListener@Element@DirectUI@@QAEXPAUIElementListener@2@@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?IsDescendent@Element@DirectUI@@QAE_NPAV12@@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z

shcore

ord244

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d3bb68781ceba0874f86af3f69ae815

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleacc

comctl32

shell32

duser

dui70

shcore

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 5KB