UserOOBEBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UserOOBEBroker.exe
Size

74KB
MD5

7d9919e095ea6e58864304f2614867ca
SHA1

f18205110bc6894f0f76e1349a4806b2a69b20bf
SHA256

b35eea5032d1aefe0251ac50c078c9fd04ed8ce645035f261ee2c0141d30615c
SHA512

34fcfb5823aff3f23602338ba76c8cea94cd31ee32f046a4c74a2fd6e7154692a5af043e20ce6916201f218261bca43551acdb6d19fd60db46bfc3331000e6d1
SSDEEP

1536:vTZbj7u2RIvwYBbO0IOjuxlOkEH8HZx+h168DUUxl8cyv6NSmMV:9r74q0IOjuxlAHY+HDDNlAQc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UserOOBEBroker.exe

Files

UserOOBEBroker.exe
.exe windows:10 windows x64 arch:x64

db3d54e6c0b9c0e728ab62733514ac86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UserOOBEBroker.pdb

Imports

advapi32

RegOpenKeyExW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegCloseKey

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
InitOnceBeginInitialize
InitOnceComplete
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitOnceExecuteOnce
EncodePointer

user32

DispatchMessageW
PostThreadMessageW
GetMessageW
TranslateMessage

msvcrt

__C_specific_handler
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_purecall
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_onexit
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
memcmp
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
_XcptFilter
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memset

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

oleaut32

SysFreeString

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db3d54e6c0b9c0e728ab62733514ac86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

oleaut32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 45KB - Virtual size: 45KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 712B

.text
Size: 45KB - Virtual size: 45KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 712B