UwAmp[.]exe | Triage

Resubmissions

20/05/2024, 17:51

240520-wfcs9aba92 3

20/05/2024, 17:45

240520-wbwessah59 8

Sharing

Copy URL Twitter E-mail

General

Target

UwAmp.exe
Size

3.1MB
MD5

b21c994ff0a5e533883a2cc2cd2119f0
SHA1

a9cb788ad9b8db6f83d610f6ea3fc62e5ca7da27
SHA256

dd06db79d651fbfa913868ec3d9d6f20eccff4f73c80501d8b17b22a2b0ca44a
SHA512

011e0388bf4fab75bb31026ccababe0b849ee46e8b02629df5432628ed9735a0ca73af7fa1af5bfe4922541569dd8bc9e542b1a9763eacab54b94ab06329f0b2
SSDEEP

49152:kc2gVGt6M9wWZ3I03X+9qTtR0ZthVJdRFw6HpmAgRK/f:dKtr9H3X+9K6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UwAmp.exe

Files

UwAmp.exe
.exe windows:5 windows x86 arch:x86

Password: fortnitegod69

87276d7ac2a78310a00f2dd6d7a1e5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dev\UwAmpCpp\Release\UwAmp.pdb

Imports

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragMove
ImageList_EndDrag
ImageList_Destroy
CreateStatusWindowW
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIconSize
ord16
ord17

wsock32

WSACleanup
closesocket
shutdown
listen
getsockname
bind
setsockopt
inet_ntoa
socket
getsockopt
__WSAFDIsSet
accept
WSAStartup
sendto
recvfrom
connect
WSAGetLastError
ntohs
ntohl
gethostbyaddr
getservbyname
htons
htonl
ioctlsocket
gethostbyname
send
recv
select

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

kernel32

WriteFile
SetNamedPipeHandleState
CreateThread
DuplicateHandle
GetACP
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetThreadLocale
FormatMessageW
OutputDebugStringW
ExitProcess
ExpandEnvironmentStringsW
RaiseException
SetFilePointer
CreateFileA
lstrlenA
HeapCreate
GetModuleFileNameA
ExitThread
MoveFileW
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
SetStdHandle
DeleteFileW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteConsoleW
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoA
GetCommandLineA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetExitCodeThread
TlsAlloc
TlsSetValue
TlsFree
TlsGetValue
ResumeThread
TerminateThread
SetThreadPriority
CreateMutexW
TerminateProcess
WaitForSingleObject
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleW
GetComputerNameW
IsValidCodePage
GetCPInfo
Sleep
GetCurrentProcessId
FindNextFileW
GetTempFileNameW
GetFileTime
FindFirstFileW
FindClose
GetTempPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
SetCurrentDirectoryW
CopyFileW
GetFileAttributesW
GetFileType
InitializeCriticalSection
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcessHeap
HeapSize
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
FreeLibrary
LoadLibraryW
GetCommandLineW
SetErrorMode
GetVersionExW
LocalAlloc
LocalFree
GetCurrentThreadId
SetLastError
GetWindowsDirectoryW
CreatePipe
GetLastError
ReadFile
GetExitCodeProcess
SetHandleInformation
SetEnvironmentVariableW
CreateProcessW
PeekNamedPipe
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetLocaleInfoW
GetProcessTimes
GetTickCount
InterlockedDecrement
InterlockedIncrement
CloseHandle
LockResource
CompareStringA
SizeofResource
OpenProcess
LoadResource
FindResourceW
FindResourceExW
HeapDestroy
VirtualFree
VirtualAlloc
GetOEMCP
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetModuleHandleA
LCMapStringA
GetTimeFormatA
GetDateFormatA
WriteConsoleA
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
GetDriveTypeA
LoadLibraryA
GetLocaleInfoA
EnumSystemLocalesA
GetStringTypeA
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetStdHandle

user32

DdeInitializeW
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
DdePostAdvise
MessageBoxA
wvsprintfA
wsprintfA
DefFrameProcW
SetClipboardData
DrawStateW
DrawEdge
ValidateRect
GetMessageW
TranslateAcceleratorW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetMessagePos
DestroyCursor
RegisterClipboardFormatW
GetUpdateRect
DrawIcon
SetMenu
InsertMenuItemW
GetSubMenu
CreateMenu
AppendMenuW
InsertMenuW
RemoveMenu
DestroyMenu
CreatePopupMenu
SetMenuItemInfoW
ModifyMenuW
CheckMenuRadioItem
CheckMenuItem
GetMenuState
ChildWindowFromPoint
MapWindowPoints
GetClassInfoW
UnionRect
GetForegroundWindow
DrawFocusRect
CopyRect
HideCaret
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
keybd_event
CreateDialogIndirectParamW
FlashWindow
SetWindowRgn
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
DrawMenuBar
GetDesktopWindow
IsIconic
IsZoomed
DdeGetLastError
DrawTextW
UnregisterClassW
LoadCursorW
GetMenuStringW
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
SetTimer
KillTimer
GetDlgItem
CreateDialogParamW
InflateRect
GetUpdateRgn
SetWindowsHookExW
IsDialogMessageW
TrackPopupMenu
IsWindow
PtInRect
SetCursor
GetCapture
DestroyWindow
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
CallNextHookEx
GetActiveWindow
GetMenuItemCount
GetMenuItemInfoW
SystemParametersInfoW
GetMessageTime
GetWindow
BeginDeferWindowPos
EndDeferWindowPos
InvalidateRect
SetWindowTextW
GetFocus
IsWindowEnabled
IsWindowVisible
CallWindowProcW
DefWindowProcW
DeferWindowPos
MoveWindow
ClientToScreen
ScreenToClient
UpdateWindow
RedrawWindow
SetParent
GetCursorPos
WindowFromPoint
GetParent
ScrollWindow
SetScrollInfo
GetScrollInfo
SetCursorPos
ReleaseCapture
SetCapture
ShowWindow
EnableWindow
SetFocus
SetWindowPos
SetWindowLongW
GetWindowLongW
GetKeyState
GetAsyncKeyState
VkKeyScanW
PeekMessageW
DispatchMessageW
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringW
DdeFreeStringHandle
WaitForInputIdle
MsgWaitForMultipleObjects
PostThreadMessageW
EnumWindows
GetWindowThreadProcessId
MessageBeep
EnumDisplaySettingsW
ChangeDisplaySettingsW
BringWindowToTop
ShowCursor
RegisterWindowMessageW
PostMessageW
SetForegroundWindow
GetDC
ReleaseDC
GetIconInfo
CreateIconIndirect
LoadIconW
DefMDIChildProcW
RegisterClassW
TranslateMDISysAccel
TranslateMessage
PostQuitMessage
SendMessageW
BeginPaint
GetWindowDC
EndPaint
GetSysColor
CreateWindowExW
GetWindowRect
DrawIconEx
GetClientRect
FillRect
DrawFrameControl
LoadImageW
DestroyIcon
GetSystemMetrics
LoadBitmapW
OffsetRect

gdi32

SetROP2
GetTextMetricsW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetBkColor
GetTextColor
CreateRectRgn
SelectClipRgn
CreateSolidBrush
Arc
Pie
Polygon
SetPolyFillMode
PolyPolygon
Rectangle
RoundRect
Ellipse
GetStockObject
CreateFontIndirectW
SetBrushOrgEx
MaskBlt
StretchBlt
GetDeviceCaps
RestoreDC
SaveDC
GdiFlush
ExcludeClipRect
GetNearestPaletteIndex
CreatePalette
CreateHatchBrush
CreatePatternBrush
ExtCreatePen
CreatePen
SelectPalette
MoveToEx
CombineRgn
CreateRectRgnIndirect
RectInRegion
SetTextAlign
OffsetRgn
ExtCreateRegion
GetRegionData
CreateICW
PatBlt
CreateDIBSection
GetDIBits
CreateDIBitmap
GetDIBColorTable
GetRgnBox
EqualRgn
PtInRegion
GetSystemPaletteEntries
EnumFontFamiliesExW
GetEnhMetaFileW
CopyEnhMetaFileW
DeleteEnhMetaFile
SetAbortProc
EndDoc
StartPage
EndPage
StartDocW
CreateDCW
RealizePalette
TextOutW
PolyBezier
Polyline
SetPixel
GetPixel
LineTo
ExtFloodFill
ExtSelectClipRgn
GetClipBox
SetBkMode
SetTextColor
SetStretchBltMode
SetBkColor
CreateBitmap
CreateCompatibleBitmap
BitBlt
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC
GetPaletteEntries
StretchDIBits
GetObjectW

comdlg32

PrintDlgW
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PageSetupDlgW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
ExtractIconExW
ExtractIconW
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderLocation

ole32

OleUninitialize
OleInitialize
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
CoCreateInstance

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: fortnitegod69

87276d7ac2a78310a00f2dd6d7a1e5bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

wsock32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 860KB - Virtual size: 860KB

.data Size: 95KB - Virtual size: 252KB

.rsrc Size: 362KB - Virtual size: 362KB

.reloc Size: 181KB - Virtual size: 181KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 860KB - Virtual size: 860KB

.data
Size: 95KB - Virtual size: 252KB

.rsrc
Size: 362KB - Virtual size: 362KB

.reloc
Size: 181KB - Virtual size: 181KB