Desktop[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.7z
Size

1.8MB
MD5

2626656314924364e2da73ca78394bb2
SHA1

1df0fe55e12bbb7d32fb6ab154a5885c26ef3352
SHA256

56da3c1571cc5074929dff704d5b5401cced6a3017e6cf48b9eb4c511bfee970
SHA512

1238220f1d54f864b07216bfd8f4b46d524acb1bbe24588177334223d735e51f1bae3bd3574f935005b8c0d4d05a5e0fd749a931dbe225dffbd7748bdc831e33
SSDEEP

49152:9GiqbhwSzm9hFaAVhKViXK1bLgV+VOxiTEHZQg:kbehgAVYViiPlVa7HKg

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UltraHook/Rinput.dll
unpack001/UltraHook/Rinput.exe
unpack001/UltraHook/uh.dll
unpack001/UltraHook/uh.exe
unpack001/hl2.exe

Files

Desktop.7z
.7z
UltraHook/Rinput.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 933KB - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 689KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UltraHook/Rinput.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 29KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

%@$^&Y$y
Size: 911KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UltraHook/uh.dll
.dll windows:6 windows x86 arch:x86

0aef2e427af299d39513e7f2b6b5a99d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
FreeLibrary
FreeLibraryAndExitThread
MulDiv
GetCurrentProcessId
CloseHandle
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
VirtualQuery
lstrcmpiA
K32GetMappedFileNameA
GetSystemTimeAsFileTime
CreateThread
QueryPerformanceFrequency
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ExitThread
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeSListHead
MultiByteToWideChar
QueryPerformanceCounter
GlobalLock
GlobalUnlock
GlobalAlloc
VirtualProtect
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
GetLastError
DeleteFileA
CreateDirectoryA

user32

SetWindowLongW
EnumWindows
GetClassNameA
SetWindowLongA
GetWindowLongA
GetWindowThreadProcessId
SendInput
GetWindowRect
IsWindowVisible
CallWindowProcW
GetActiveWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetClientRect
SetCursorPos
SetCursor
ClientToScreen
LoadCursorW

gdi32

SetBkColor
GetTextExtentPoint32A
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontA
CreateCompatibleDC
AddFontResourceExA
SetMapMode
SetTextColor
SetTextAlign
CreateDIBSection
ExtTextOutA
SelectObject

shell32

ShellExecuteA

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmGetContext

vcruntime140

__std_exception_destroy
strstr
__std_terminate
memmove
__std_type_info_destroy_list
_except_handler4_common
strchr
_purecall
memset
memchr
__std_exception_copy
memcpy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_fdtest
_libm_sse2_pow_precise
_libm_sse2_acos_precise
round
roundf
_CIatan2
_except1
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_CIfmod
ceil
floor
fmaxf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
_get_stream_buffer_pointers
fclose
fflush
fgetc
_wfopen
fgetpos
fopen
fputc
fread
fsetpos
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fseek
_fseeki64
__stdio_common_vfprintf
ungetc
setvbuf
fwrite
ftell

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strncpy
strncat_s
strcpy_s
strncpy_s
isprint
_stricmp
tolower
isspace
toupper

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 933KB - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 689KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UltraHook/uh.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\cometype\Desktop\LSS_ConsoleModule\UltraHook Injector\UltraHook Injector\obj\Release\UltraHook Injector.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hl2.exe
.exe windows:4 windows x86 arch:x86

cb0c89c8809572d2eb2a359aa1fc9ebf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\projects\staging\src\launcher_main\Release\launcher_main.pdb

Imports

kernel32

GetProcAddress
LocalFree
FormatMessageA
GetLastError
LoadLibraryA
GetModuleFileNameA
CloseHandle
GetTimeZoneInformation
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
SetEnvironmentVariableA
WideCharToMultiByte
SetEnvironmentVariableW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
CompareStringA
GetCPInfo
CompareStringW
GetACP
GetOEMCP
HeapSize
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
VirtualProtect
GetSystemInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
FlushFileBuffers
GetLocaleInfoW

user32

MessageBoxA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 933KB - Virtual size: 932KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 689KB - Virtual size: 923KB

.reloc Size: 36KB - Virtual size: 35KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 29KB - Virtual size: 56KB

Size: - Virtual size: 64KB

Size: 512B - Virtual size: 8KB

.rsrc Size: 103KB - Virtual size: 103KB

Size: 174KB - Virtual size: 2.5MB

%@$^&Y$y Size: 911KB - Virtual size: 912KB

0aef2e427af299d39513e7f2b6b5a99d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp140

winmm

imm32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 933KB - Virtual size: 932KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 689KB - Virtual size: 923KB

.reloc Size: 36KB - Virtual size: 35KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6KB - Virtual size: 5KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 512B - Virtual size: 12B

cb0c89c8809572d2eb2a359aa1fc9ebf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 933KB - Virtual size: 932KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 689KB - Virtual size: 923KB

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 103KB - Virtual size: 103KB

%@$^&Y$y
Size: 911KB - Virtual size: 912KB

.text
Size: 933KB - Virtual size: 932KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 689KB - Virtual size: 923KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 3KB