UAC-Bypass-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

UAC-Bypass-main.zip
Size

15KB
MD5

e0541b292557662c3a27fa0390666c06
SHA1

000e2cfca6d4c5ee329e57b746f8cdcd4508ef6f
SHA256

054136605f6f0db2ae501057e94c74611f7cd0ad6c61c3d181c05ef723dc5855
SHA512

a54a933a88b765c595c80257a58fc8da534723af573bf7b5074328e2f31eedb73ae4166a604f3ecf48e5ccf7985e041cc6b412921851c8728de3df981da0e55e
SSDEEP

384:I4AtDKcVrH3+eIbCKEYJ/IqfwVzGJFKmArGuUsG5:IlDTX+eIbC0/IIOkFmGum

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UAC-Bypass-main/fakeuac/Repair.dll

Files

UAC-Bypass-main.zip
.zip
UAC-Bypass-main/README.md
UAC-Bypass-main/bruteforce/passlist.txt
UAC-Bypass-main/bruteforce/userbruteforce.bat
.bat .vbs
UAC-Bypass-main/bypass/bypass.bat
UAC-Bypass-main/bypass/newbypass.bat
UAC-Bypass-main/fakeuac/Repair.dll
.dll windows:6 windows x64 arch:x64

6b3f12bae977ca7f8611484595d5ab80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\boris\source\repos\Dll2\x64\Release\Dll2.pdb

Imports

shell32

ShellExecuteW

vcruntime140

__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv
_cexit

kernel32

QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

Repair

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UAC-Bypass-main/fakeuac/main.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

6b3f12bae977ca7f8611484595d5ab80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 432B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 40B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 432B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 40B