ufs-explorer-pro[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ufs-explorer-pro.exe
Size

19.4MB
MD5

319de2e26dbbef36aba8c7da813cafb3
SHA1

768adc732b89407fb4fc99ffc9c4a04228609016
SHA256

a47f8338d4f9461b393a46647ebd664266ec184c42a05014aed2f36610e90ccc
SHA512

e65fdb8e525a18507c743680416e2c213af0ea8d9af4df4958b29a7bc86758446c61181aa7b79702adff2195b95f09e1ab684e89dddf6f9ee48381fd3e93536b
SSDEEP

393216:yM+IB+qcbUeCKOSTIefX5xxkCk7pRYnBDowwRUAqV8dTPrIY/J:yFIzcbUZvSTFfaCWYnhvwRUAd/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ufs-explorer-pro.exe

Files

ufs-explorer-pro.exe
.exe windows:5 windows x64 arch:x64

6435716bf94f65f96f7a4e5627e80afe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

freeaddrinfo
getaddrinfo
getpeername
WSAStartup
WSACleanup
htons
inet_ntoa
__WSAFDIsSet
accept
closesocket
gethostbyname
gethostbyaddr
sendto
recvfrom
inet_addr
bind
gethostname
WSAGetLastError
socket
shutdown
setsockopt
send
select
recv
getsockopt
ioctlsocket
connect

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

ntdll

RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenSymbolicLinkObject
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind

kernel32

GetCurrentProcessId
GetStartupInfoW
SetThreadContext
DuplicateHandle
GetCurrentThreadId
GetExitCodeThread
GetUserDefaultUILanguage
GetDiskFreeSpaceA
GetTempPathA
GetLocalTime
SystemTimeToFileTime
GetACP
SetConsoleCtrlHandler
GetCurrentDirectoryA
HeapFree
TerminateProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetVersionExA
VirtualProtect
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
SetLastError
GetSystemInfo
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetNativeSystemInfo
GetComputerNameA
IsBadReadPtr
GetModuleHandleExA
Sleep
Process32First
Process32Next
GetTickCount64
CreateDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileSizeEx
RemoveDirectoryA
SetEndOfFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetProcessTimes
SwitchToThread
GetTickCount
MapViewOfFileEx
UnmapViewOfFile
GetProcAddress
LocalFree
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenProcess
GetSystemTimeAsFileTime
FreeLibrary
GetModuleFileNameW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
AreFileApisANSI
GetExitCodeProcess
CreateProcessA
GetStdHandle
GetConsoleMode
ExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
HeapAlloc
SetFileTime
GetCurrentProcess
GlobalFree
GetProfileStringA
FlushFileBuffers
GetFileTime
ReadFile
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetCPInfo
CreateThread
FreeLibraryAndExitThread
CreateFileW
GetFileType
RaiseException
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
SetStdHandle
HeapReAlloc
HeapSize
GetCommandLineW
IsValidCodePage
GetOEMCP
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalAlloc
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SetEvent
ResetEvent
CreateEventA
OpenEventA
WaitForMultipleObjects
ProcessIdToSessionId
IsBadWritePtr
OpenSemaphoreA
FlushInstructionCache
GetVersion
DeviceIoControl
LockFile
UnlockFile
IsBadStringPtrA
IsBadStringPtrW
GetDriveTypeA
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetThreadContext
EnumSystemFirmwareTables
GetSystemFirmwareTable
GetLogicalDrives
GetOverlappedResult
CreateEventW
OpenMutexA
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
WaitForSingleObjectEx
HeapCreate
GetProcessHeap
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
InterlockedPushEntrySList
InterlockedFlushSList
FindFirstFileExW
FindNextFileW
GetCommandLineA

user32

DispatchMessageA
wsprintfA
TranslateMessage
PeekMessageA
CallMsgFilterA
EnumDisplayDevicesA
AppendMenuA
DrawMenuBar
MessageBoxW
MessageBoxA
LoadStringA
CharLowerBuffA
CharUpperBuffA
GetSystemMenu

shell32

ShellExecuteExA

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegDeleteKeyA
RegFlushKey
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
QueryServiceStatusEx
SetSecurityDescriptorDacl

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration

wintrust

WinVerifyTrust

Sections

__wibu00
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu02
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 5.8MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu04
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu05
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu06
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu07
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

__wibu08
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu09
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0a
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0b
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0c
Size: 100KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0d
Size: 399KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6435716bf94f65f96f7a4e5627e80afe

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

ntdll

kernel32

user32

shell32

advapi32

psapi

powrprof

version

winhttp

wintrust

Sections

__wibu00 Size: 7.6MB - Virtual size: 7.6MB

__wibu01 Size: 1024B - Virtual size: 1024B

__wibu02 Size: 2.7MB - Virtual size: 2.7MB

__wibu03 Size: 5.8MB - Virtual size: 6.0MB

__wibu04 Size: 255KB - Virtual size: 255KB

__wibu05 Size: 10KB - Virtual size: 10KB

__wibu06 Size: 25KB - Virtual size: 25KB

.rsrc Size: 99KB - Virtual size: 99KB

__wibu07 Size: 190KB - Virtual size: 189KB

__wibu08 Size: 2.1MB - Virtual size: 2.1MB

__wibu09 Size: 73KB - Virtual size: 76KB

__wibu0a Size: 10KB - Virtual size: 12KB

__wibu0b Size: 512B - Virtual size: 4KB

__wibu0c Size: 100KB - Virtual size: 120KB

__wibu0d Size: 399KB - Virtual size: 400KB

__wibu00
Size: 7.6MB - Virtual size: 7.6MB

__wibu01
Size: 1024B - Virtual size: 1024B

__wibu02
Size: 2.7MB - Virtual size: 2.7MB

__wibu03
Size: 5.8MB - Virtual size: 6.0MB

__wibu04
Size: 255KB - Virtual size: 255KB

__wibu05
Size: 10KB - Virtual size: 10KB

__wibu06
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 99KB - Virtual size: 99KB

__wibu07
Size: 190KB - Virtual size: 189KB

__wibu08
Size: 2.1MB - Virtual size: 2.1MB

__wibu09
Size: 73KB - Virtual size: 76KB

__wibu0a
Size: 10KB - Virtual size: 12KB

__wibu0b
Size: 512B - Virtual size: 4KB

__wibu0c
Size: 100KB - Virtual size: 120KB

__wibu0d
Size: 399KB - Virtual size: 400KB