uvk-ultra-virus-killer-11-10-11-1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

uvk-ultra-virus-killer-11-10-11-1.exe
Size

24.7MB
MD5

b2f01a5ec3e9b46a075e48c4a804bd6f
SHA1

02d603c5b86b52fd701a4df20075c58ba8d2bdaa
SHA256

7b0fb61f2efa6d1013ee1713dd0011876730e14b6845b4ca07c2e53547cd5b37
SHA512

7ab2b7480af8bc7de3742ce17658c7b97434e7d38edf5ca3c1fbaffd77fe4932b2fa40e7e73a797804d70ba028cd306ca955a3c4dc16e1846720d05f3008dfb9
SSDEEP

786432:ekSSPNd3Tceoj00fraDeeTPIYaQijq7PsjzwgJ8R8fLMMjS9dX:egXbc00GDesPIfQijq7kYg4KhUdX

Score

1^/10

Malware Config

Signatures

Files

uvk-ultra-virus-killer-11-10-11-1.exe
.exe windows:5 windows x86 arch:x86

d68119fc985afa6929cc58b99df3b0c3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/01/2022, 00:00

Not After

09/01/2025, 23:59

Subject

SERIALNUMBER=789 849 163 00025,CN=DOS SANTOS DA SILVA ALFREDO,O=DOS SANTOS DA SILVA ALFREDO,ST=Occitanie,C=FR,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/01/2022, 00:00

Not After

09/01/2025, 23:59

Subject

SERIALNUMBER=789 849 163 00025,CN=DOS SANTOS DA SILVA ALFREDO,O=DOS SANTOS DA SILVA ALFREDO,ST=Occitanie,C=FR,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:ca:5b:5b:61:a9:06:af:31:24:7b:46:77:1e:d2:30:77:b2:d3:48:e9:ae:c3:e1:d9:40:2d:3b:6b:ee:f9:3d
Signer

Actual PE Digest

cf:ca:5b:5b:61:a9:06:af:31:24:7b:46:77:1e:d2:30:77:b2:d3:48:e9:ae:c3:e1:d9:40:2d:3b:6b:ee:f9:3d

Digest Algorithm

sha256

PE Digest Matches

true

9d:be:64:de:54:f1:90:4e:27:61:82:0b:e1:da:42:d6:05:a0:7e:7c
Signer

Actual PE Digest

9d:be:64:de:54:f1:90:4e:27:61:82:0b:e1:da:42:d6:05:a0:7e:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\VisualStudio\Projects\UVKSetup\Release\UVKInstaller.pdb

Imports

kernel32

HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetPrivateProfileStringW
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcessId
LocalFileTimeToFileTime
GetCurrentDirectoryW
EnumResourceNamesW
Thread32Next
TerminateThread
OpenThread
Thread32First
TerminateProcess
WritePrivateProfileStringW
CreateToolhelp32Snapshot
SetLastError
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
UnhandledExceptionFilter
LCMapStringW
GetExitCodeThread
ExpandEnvironmentStringsW
CreateDirectoryW
CopyFileW
SleepEx
Sleep
GetProcessId
CreateProcessW
CloseHandle
ExitProcess
SetFilePointer
WriteFile
SetFilePointerEx
FileTimeToSystemTime
RemoveDirectoryW
MoveFileExW
GetSystemTimeAsFileTime
GetFileSizeEx
SetFileTime
GetFileAttributesW
GetTempPathW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
SetErrorMode
GetPrivateProfileIntW
VerifyVersionInfoW
VerSetConditionMask
SetUnhandledExceptionFilter
GetSystemWindowsDirectoryW
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
ReadFile
GetFileSize
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetModuleFileNameW
WaitForSingleObject
CreateThread
SetFileAttributesW
DeleteFileW
CreateFileW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetProcAddress
GetModuleHandleW
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
OpenProcess
FindNextFileW
FindClose
FindFirstFileW
LoadLibraryExA

user32

CopyIcon
GetForegroundWindow
GetMenuItemID
DefDlgProcW
LoadImageW
SetMenuDefaultItem
CopyImage
PostMessageW
SetWindowTextW
GetWindowTextW
TranslateAcceleratorW
EndDeferWindowPos
BeginDeferWindowPos
DestroyMenu
SendMessageW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
TranslateMessage
PeekMessageW
UnregisterClassW
DispatchMessageW
GetMessageW
SetCursor
SetMenuInfo
RemoveMenu
SetMenuItemInfoW
GetMenuItemInfoW
CharNextW
GetWindowTextLengthW
MoveWindow
SetWindowPos
BringWindowToTop
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
MapWindowPoints
FindWindowExW
GetCursorPos
SetForegroundWindow
WindowFromPoint
GetClassLongW
EnumChildWindows
DestroyIcon
DrawIconEx
BeginPaint
EndPaint
GetDC
GetWindowDC
ReleaseDC
UpdateWindow
GetUpdateRect
InvalidateRect
InvalidateRgn
ShowWindow
IsWindowVisible
RedrawWindow
EnableWindow
SetCapture
SetFocus
ChildWindowFromPoint
GetWindow
IsChild
GetParent
GetDlgItem
IsDialogMessageW
AdjustWindowRectEx
GetWindowRgn
SetWindowRgn
DeferWindowPos
GetWindowThreadProcessId
IsWindow
GetClassNameW
ShowWindowAsync
DeleteMenu
GetWindowRgnBox
GetSysColor
CallWindowProcW
DestroyAcceleratorTable
GetFocus
FillRect
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
wsprintfW
SystemParametersInfoW
GetIconInfo
GetSystemMetrics
GetSysColorBrush
FindWindowW

gdi32

PatBlt
SetBrushOrgEx
GetTextExtentPoint32W
SelectClipRgn
ExcludeClipRect
ExtSelectClipRgn
OffsetRgn
FillRgn
CombineRgn
CreateRectRgn
SetTextColor
GetBkColor
StretchBlt
SetStretchBltMode
GetDIBits
SetBkMode
SetBkColor
CreateDIBSection
CreateFontW
CreatePatternBrush
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps

advapi32

RegEnumValueW
TreeResetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
ConvertStringSidToSidW
SetNamedSecurityInfoW
CryptDecrypt
CryptDestroyKey
CryptSetKeyParam
CryptImportKey
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
AdjustTokenPrivileges
LookupPrivilegeValueW
AddAce
GetAce
IsValidAcl
InitializeAcl
LookupAccountNameW
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
IsValidSid
RegQueryInfoKeyW
RegSetKeySecurity
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

DragQueryPoint
DragFinish
DragQueryFileW
Shell_NotifyIconW
SHGetDesktopFolder
FindExecutableW
ExtractAssociatedIconW
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
ord190
ord155
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateShellItem
ord6

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
OleUninitialize
OleInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathFileExistsW
PathIsDirectoryW
PathIsRootW
UrlCreateFromPathW
AssocQueryStringW
PathParseIconLocationW

version

VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipCreateFromHDC
GdipAddPathPolygon
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipSaveImageToFile
GdipCloneImage
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetImageEncodersSize
GdipDrawArc
GdipCreateFontFamilyFromName
GdipGetRegionHRgn
GdipBitmapUnlockBits
GdipCreateRegionPath
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageI
GdipDrawImageRect
GdipDrawString
GdipFillPath
GdipDrawRectangleI
GdipCreateBitmapFromStream
ord1
GdipAddPathLine
GdipClosePathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipSetPenEndCap
GdipDeletePen
GdipCreatePen1
GdipSetLineColors
GdipCreateLineBrushFromRectI
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetGenericFontFamilySansSerif
GdipFillPolygonI
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawPath
GdipGetImageEncoders
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGraphics
GdipDeleteRegion
GdipCreateBitmapFromScan0

psapi

GetModuleBaseNameW
EnumProcesses
GetModuleFileNameExW

comctl32

ImageList_Add
ImageList_Create
ord411
ImageList_Replace
ord412
ord410
ord413
ImageList_Destroy
ImageList_GetImageCount
ImageList_DrawEx
ImageList_ReplaceIcon

uxtheme

SetWindowTheme

wininet

InternetReadFile
InternetQueryDataAvailable
FtpGetFileSize
FtpOpenFileW
InternetConnectW
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
InternetCrackUrlW

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d68119fc985afa6929cc58b99df3b0c3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

cf:ca:5b:5b:61:a9:06:af:31:24:7b:46:77:1e:d2:30:77:b2:d3:48:e9:ae:c3:e1:d9:40:2d:3b:6b:ee:f9:3dSigner

9d:be:64:de:54:f1:90:4e:27:61:82:0b:e1:da:42:d6:05:a0:7e:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

psapi

comctl32

uxtheme

wininet

Sections

.text Size: 385KB - Virtual size: 385KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 24.1MB - Virtual size: 24.1MB

.reloc Size: 17KB - Virtual size: 17KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

cf:ca:5b:5b:61:a9:06:af:31:24:7b:46:77:1e:d2:30:77:b2:d3:48:e9:ae:c3:e1:d9:40:2d:3b:6b:ee:f9:3d
Signer

9d:be:64:de:54:f1:90:4e:27:61:82:0b:e1:da:42:d6:05:a0:7e:7c
Signer

.text
Size: 385KB - Virtual size: 385KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 24.1MB - Virtual size: 24.1MB

.reloc
Size: 17KB - Virtual size: 17KB