UUU3021[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UUU3021.rar
Size

842KB
MD5

f39c9507d3f161df16a956ce2ea3bfb6
SHA1

9cadbaad5b86bb8871458767abcfd633ce578d89
SHA256

2c6441a1bc0547cce7cb52ae462dde34c85546ce30c864c9b2439c9e99c2b19a
SHA512

d3ef7d21e8a551324a1e563cb71abb77bcdf68e52c43db2baaee20815b132f82d037c02a78cd997b32c89df74b3026272eddb37414fa221bef32db82ca92829b
SSDEEP

24576:y940T4c3O3hiJp3XJ/ndud9KeygBGyP1wLrQchCu:107O3E3khHmr1Cu

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UUU3021/ModernWpf.Controls.dll
unpack001/UUU3021/ModernWpf.dll
unpack001/UUU3021/ToastNotifications.dll
unpack001/UUU3021/UniversalUE4Unlocker.dll
unpack001/UUU3021/UuuClient.exe

Files

UUU3021.rar
.rar
UUU3021/ModernWpf.Controls.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\me\source\repos\ModernWpf\ModernWpf.Controls\obj\Release\net45\ModernWpf.Controls.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUU3021/ModernWpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\me\source\repos\ModernWpf\ModernWpf\obj\Release\net45\ModernWpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUU3021/Readme.txt
UUU3021/System.ValueTuple.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:0b:9b:f8:2d:1f:dc:2c:85:5f:8d:44:8e:f0:06:34:42:5d:c4:9a:fc:6f:51:5e:c7:96:0d:06:3c:1b:20:16
Signer

Actual PE Digest

50:0b:9b:f8:2d:1f:dc:2c:85:5f:8d:44:8e:f0:06:34:42:5d:c4:9a:fc:6f:51:5e:c7:96:0d:06:3c:1b:20:16

Digest Algorithm

sha256

PE Digest Matches

true

e0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0
Signer

Actual PE Digest

e0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUU3021/ToastNotifications.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Mannelig\Dev\Projects\NET\WpfToastNotifications\Src\ToastNotifications\obj\Release\ToastNotifications.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUU3021/UniversalUE4Unlocker.dll
.dll windows:6 windows x64 arch:x64

8e64f436d8a41193b070d2d4ab3ef189

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\frans.SD\Documents\GitHub\UE4Tools\ConsoleUnlockers\Universal\bin\x64\Release\UniversalUE4Unlocker.pdb

Imports

xinput9_1_0

XInputGetState
XInputSetState

kernel32

FreeConsole
AllocConsole
AttachConsole
GetCurrentProcessId
SetConsoleTextAttribute
GetStdHandle
WriteProcessMemory
OpenProcess
GetLastError
InitializeCriticalSectionAndSpinCount
SetThreadPriority
DisableThreadLibraryCalls
CreateThread
CreateFileW
WriteFile
CreateNamedPipeW
ConnectNamedPipe
ReadFile
Sleep
WriteConsoleW
GetModuleFileNameA
K32EnumProcessModulesEx
K32GetModuleInformation
CloseHandle
GetModuleHandleW
GetModuleFileNameW
FormatMessageA
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetConsoleCtrlHandler
OutputDebugStringW
LocalFree
AreFileApisANSI
ReadConsoleW
GetConsoleMode
GetConsoleCP
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
GetTempPathW
RtlUnwind
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
DecodePointer
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
GetTimeZoneInformation
FlushFileBuffers

user32

GetWindow
GetRawInputData
ScreenToClient
RegisterRawInputDevices
IsWindowVisible
GetClassNameW
GetWindowThreadProcessId
EnumWindows
GetKeyState
GetForegroundWindow

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

oleaut32

SysFreeString
SysAllocString
CreateErrorInfo
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantInit

Sections

.text
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUU3021/UuuClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\frans.SD\Documents\GitHub\UE4Tools\ConsoleUnlockers\Universal\Client\obj\Release\UuuClient.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUU3021/UuuClient.exe.config
.xml
UUU3021/UuuClientSettings.ini

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 371KB - Virtual size: 371KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 983KB - Virtual size: 982KB

.rsrc Size: 1024B - Virtual size: 820B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2Certificate

Extended Key Usages

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

50:0b:9b:f8:2d:1f:dc:2c:85:5f:8d:44:8e:f0:06:34:42:5d:c4:9a:fc:6f:51:5e:c7:96:0d:06:3c:1b:20:16Signer

e0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 59KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 73KB - Virtual size: 72KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 12B

8e64f436d8a41193b070d2d4ab3ef189

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xinput9_1_0

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 840KB - Virtual size: 839KB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 9KB - Virtual size: 20KB

.text
Size: 371KB - Virtual size: 371KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 983KB - Virtual size: 982KB

.rsrc
Size: 1024B - Virtual size: 820B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

50:0b:9b:f8:2d:1f:dc:2c:85:5f:8d:44:8e:f0:06:34:42:5d:c4:9a:fc:6f:51:5e:c7:96:0d:06:3c:1b:20:16
Signer

e0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0
Signer

.text
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 73KB - Virtual size: 72KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 840KB - Virtual size: 839KB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 9KB - Virtual size: 20KB

.pdata
Size: 43KB - Virtual size: 43KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 167KB - Virtual size: 166KB

.rsrc
Size: 278KB - Virtual size: 278KB

.reloc
Size: 512B - Virtual size: 12B