324183d67ec12ec129281bddc4eabe2070409036729e7d73cea5ecd49e18a926

Sharing

Copy URL Twitter E-mail

General

Target

324183d67ec12ec129281bddc4eabe2070409036729e7d73cea5ecd49e18a926
Size

10.9MB
MD5

57d9343f5dab43d835ca4d2fb3539c53
SHA1

5cd8c492088b2c4dd13ccf59074172f19dc0152a
SHA256

324183d67ec12ec129281bddc4eabe2070409036729e7d73cea5ecd49e18a926
SHA512

def228278d32eb8263d7192979ab3fd9b43c7cac94bfb7a871b1fec661272180331b391e406ff7d04460c67bb92534f9e71775e67fea62670b6941e64d006a85
SSDEEP

196608:WOOHNfkSdMErrB8KdjPB2wvyy0AbTawmgIVx5kQZ7IEtcUy6V/j6qkqpril3z:WhrriKdQwvyy0AbTNmbVx5oKcU/a2rm

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
324183d67ec12ec129281bddc4eabe2070409036729e7d73cea5ecd49e18a926
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/7.09.0512.9/UranusAngel.exe
unpack001/7.09.0512.9/UranusAngelUpdate.exe

Files

324183d67ec12ec129281bddc4eabe2070409036729e7d73cea5ecd49e18a926
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:6 windows x86 arch:x86

bf0dc49eee49796beb00c6b7e0df3739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Projects\angelqt\Processes-Unicode\bin\processes.pdb

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
OpenProcess
TerminateProcess
CloseHandle
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RaiseException
CreateThread
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
EncodePointer
DecodePointer
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateFileW

user32

wsprintfW

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
FindClose
FindNextFileW
lstrcmpW
GetModuleHandleW
lstrcmpiW
MulDiv
lstrcpynW
GlobalAlloc
lstrcpyW
FindFirstFileW
GlobalFree

user32

GetMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetDlgItem
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
CreateDialogParamW
SetWindowLongW
wsprintfW
ScreenToClient
IsDialogMessageW
CallWindowProcW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
7.09.0512.9/UranusAngel.exe
.exe windows:5 windows x86 arch:x86

f237a68a63ee1a32e57188dd75b33c10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow
GetSystemMetrics
GetWindowThreadProcessId
DestroyIcon
GetSysColor
SystemParametersInfoW
SetWindowRgn
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
PostMessageW
AttachThreadInput
IsChild
ShowWindow
FlashWindowEx
MoveWindow
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
DestroyCursor
GetAncestor
GetKeyboardLayoutList
UnregisterClassW
GetClassInfoW
RegisterClassExW
CreateWindowExW
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
LoadIconW
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetAsyncKeyState
GetKeyboardLayout
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
SetWindowsHookExW
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
MessageBoxW
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
UnhookWindowsHookEx
PostThreadMessageW
CharNextExA
DefWindowProcW
SendMessageW
RegisterWindowMessageW
EnableMenuItem
GetSystemMenu
ReleaseDC
GetDC
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsW
SetWindowPos
CallNextHookEx
GetFocus
CreateCursor

ole32

OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
StringFromGUID2
CoUninitialize

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd

winmm

PlaySoundW

oleaut32

SysFreeString
SysAllocStringLen
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocString
SysStringLen

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
Shell_NotifyIconW
CommandLineToArgvW
SHBrowseForFolderW

gdi32

GetDIBits
CreateBitmap
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

ws2_32

closesocket
bind
__WSAFDIsSet
WSAGetLastError
gethostbyname
gethostbyaddr
inet_addr
getsockopt
ntohl
htonl
htons
listen
getpeername
shutdown
send
recv
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
select
WSASocketW
WSASendTo
setsockopt
WSAAccept
WSASetLastError
getsockname
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect

advapi32

CryptReleaseContext
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
GetLengthSid
FreeSid
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegSetValueExW
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CopySid
OpenProcessToken

crypt32

CertCloseStore
CertCreateCertificateContext
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

kernel32

UnhandledExceptionFilter
ReleaseMutex
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
InterlockedPushEntrySList
IsProcessorFeaturePresent
InitializeSListHead
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
WriteFileEx
SleepEx
CancelIo
PeekNamedPipe
ReadFileEx
GetModuleHandleExW
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
VirtualFree
VirtualAlloc
LoadLibraryExW
SetConsoleCtrlHandler
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetFileAttributesW
SetStdHandle
HeapAlloc
HeapReAlloc
HeapFree
EnumSystemLocalesW
GetFileSizeEx
SetConsoleMode
ReadConsoleInputW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
GetSystemInfo
GetLastError
CloseHandle
CreateMutexW
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetVolumeInformationW
OpenProcess
GetProcAddress
GetLongPathNameW
GetDriveTypeW
lstrcmpW
LocalFree
FormatMessageW
IsValidLanguageGroup
IsValidLocale
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetCurrentProcessId
CreateFileW
ReadFile
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetConsoleWindow
ExitProcess
DeviceIoControl
CreateEventW
WaitForMultipleObjects
LoadLibraryW
SetHandleInformation
GetStdHandle
GetFileType
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
FreeLibrary
GlobalMemoryStatus
FlushConsoleInputBuffer
SetLastError
GetSystemTime
SystemTimeToFileTime
CompareStringW
GetUserDefaultLCID
DuplicateHandle
SetEvent
WaitForSingleObject
Sleep
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
GetCommandLineW
GetLocalTime
WaitForSingleObjectEx
GetStartupInfoW
ResetEvent
OutputDebugStringW
QueryPerformanceFrequency
GetSystemDirectoryW
LCMapStringW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetFileAttributesExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
GetTempPathW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
MoveFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ConnectNamedPipe
CreateNamedPipeW
TerminateProcess
GetExitCodeProcess
GetProcessId
GetModuleFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7.09.0512.9/UranusAngelUpdate.exe
.exe windows:5 windows x86 arch:x86

6e61b51da38c5bd565b7afe32d99f54a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal

imm32

ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
SysAllocStringLen

shell32

SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW

gdi32

CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CreateBitmap
GetDIBits

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

ws2_32

recv
shutdown
WSACleanup
WSAStartup
gethostname
WSAAsyncSelect
send
WSASetLastError
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
getsockname
getpeername
closesocket
bind
__WSAFDIsSet
WSAGetLastError
gethostbyname
gethostbyaddr
inet_addr
getsockopt
ntohl
htonl

advapi32

RegSetValueExW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW

user32

NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
GetClipboardFormatNameW
GetUpdateRect
SetCursorPos
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
SetWindowPlacement
GetWindowPlacement
MoveWindow
FlashWindowEx
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
GetDoubleClickTime
SetWindowRgn
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSysColor
GetSystemMetrics
EnableMenuItem
GetSystemMenu
ReleaseDC
GetDC
IsWindowVisible
SetWindowPos
IsWindow
CharNextExA
GetCursor
PostThreadMessageW
CallNextHookEx
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
LoadCursorW
CreateCursor
CreateIconIndirect
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
GetIconInfo
GetCursorInfo
EndPaint
RegisterClassW
RealGetWindowClassW
MessageBoxW
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
InvalidateRect
DestroyCaret

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertGetCertificateContextProperty

kernel32

RtlUnwind
RaiseException
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
VirtualFree
VirtualAlloc
ReleaseMutex
GetUserGeoID
GetConsoleCP
GetCommandLineA
ExitThread
HeapAlloc
HeapReAlloc
HeapFree
EnumSystemLocalesW
GetFileSizeEx
SetConsoleMode
ReadConsoleInputW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
GetGeoInfoW
GetTimeZoneInformation
WriteFileEx
CancelIo
PeekNamedPipe
ReadFileEx
FreeLibraryAndExitThread
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
GetModuleFileNameW
MoveFileExW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetProcessId
GetExitCodeProcess
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
GetTempPathW
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
LoadLibraryExW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
LCMapStringW
GetLocalTime
GetSystemDirectoryW
QueryPerformanceFrequency
OutputDebugStringW
GetSystemInfo
ResumeThread
TerminateThread
SetThreadPriority
CreateThread
SwitchToThread
GetCurrentProcess
Sleep
WaitForSingleObject
DuplicateHandle
GetThreadPriority
GetCurrentThread
ResetEvent
WaitForSingleObjectEx
SetEvent
GetCommandLineW
GetStartupInfoW
GetUserDefaultLCID
CompareStringW
SystemTimeToFileTime
GetSystemTime
SetLastError
FlushConsoleInputBuffer
GlobalMemoryStatus
FreeLibrary
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
GetModuleHandleA
GetFileType
GetStdHandle
SetHandleInformation
LoadLibraryW
WaitForMultipleObjects
CreateEventW
DeviceIoControl
ExitProcess
GetConsoleWindow
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
ReadFile
CreateFileW
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FindFirstFileW
SetConsoleCtrlHandler
GetModuleHandleExW
SetStdHandle
SleepEx
SetFileAttributesW
GetLastError
CloseHandle
CreateMutexW
OpenMutexW
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetVolumeInformationW
GetProcAddress
lstrcmpW
GetLongPathNameW
GetDriveTypeW
GetModuleHandleW
LocalFree
FormatMessageW
IsValidLanguageGroup
IsValidLocale
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 149KB - Virtual size: 148KB

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

bf0dc49eee49796beb00c6b7e0df3739

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 356B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 149KB - Virtual size: 148KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 356B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 9.1MB - Virtual size: 9.1MB

.rdata
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 171KB - Virtual size: 230KB

.qtmetad
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 2KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 348KB - Virtual size: 347KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 158KB - Virtual size: 217KB

.qtmetad
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 2KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 560B

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 285KB - Virtual size: 284KB