uh[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

uh.dll
Size

1.7MB
MD5

dee522e807bdfd9b79db03ff6e90116a
SHA1

249685a1c7aa3b0fb526a3d21d163f41f1881217
SHA256

7461010af30c604682fdda59b421291a4bd13820b9511734b9f850ed286adaf4
SHA512

04fabe0e63dd56a7036e43dea4e19428199e67b5276596f2e28e91a35da3567424c011ffb83d3c76b8958999218321d2a635c50c1b89b6e9035e312775db07c2
SSDEEP

49152:ec8rwpMMsbfSPjz8o3r0NC2qJ1WC2qJ1qoaB9MaB9W:QrwkqLzonqJ1QqJ1qoKaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
uh.dll

Files

uh.dll
.dll windows:6 windows x86 arch:x86

0aef2e427af299d39513e7f2b6b5a99d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
FreeLibrary
FreeLibraryAndExitThread
MulDiv
GetCurrentProcessId
CloseHandle
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
VirtualQuery
lstrcmpiA
K32GetMappedFileNameA
GetSystemTimeAsFileTime
CreateThread
QueryPerformanceFrequency
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ExitThread
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeSListHead
MultiByteToWideChar
QueryPerformanceCounter
GlobalLock
GlobalUnlock
GlobalAlloc
VirtualProtect
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
GetLastError
DeleteFileA
CreateDirectoryA

user32

SetWindowLongW
EnumWindows
GetClassNameA
SetWindowLongA
GetWindowLongA
GetWindowThreadProcessId
SendInput
GetWindowRect
IsWindowVisible
CallWindowProcW
GetActiveWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetClientRect
SetCursorPos
SetCursor
ClientToScreen
LoadCursorW

gdi32

SetBkColor
GetTextExtentPoint32A
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontA
CreateCompatibleDC
AddFontResourceExA
SetMapMode
SetTextColor
SetTextAlign
CreateDIBSection
ExtTextOutA
SelectObject

shell32

ShellExecuteA

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmGetContext

vcruntime140

__std_exception_destroy
strstr
__std_terminate
memmove
__std_type_info_destroy_list
_except_handler4_common
strchr
_purecall
memset
memchr
__std_exception_copy
memcpy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_fdtest
_libm_sse2_pow_precise
_libm_sse2_acos_precise
round
roundf
_CIatan2
_except1
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_CIfmod
ceil
floor
fmaxf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
_get_stream_buffer_pointers
fclose
fflush
fgetc
_wfopen
fgetpos
fopen
fputc
fread
fsetpos
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fseek
_fseeki64
__stdio_common_vfprintf
ungetc
setvbuf
fwrite
ftell

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strncpy
strncat_s
strcpy_s
strncpy_s
isprint
_stricmp
tolower
isspace
toupper

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 933KB - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 689KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aef2e427af299d39513e7f2b6b5a99d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp140

winmm

imm32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 933KB - Virtual size: 932KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 689KB - Virtual size: 923KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 933KB - Virtual size: 932KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 689KB - Virtual size: 923KB

.reloc
Size: 36KB - Virtual size: 35KB