ubt[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ubt.exe
Size

73KB
MD5

f8012ce30f73905e89212dcb0ff4a73b
SHA1

f3a91d14f8f94b97c22c04728f035caf492037a6
SHA256

78111af024efbe39b61a9414e988db36d3937cac10d050e0f50d6a97cfe50c9b
SHA512

90615b43ecf017259352f7176b98455eeae1af6b3b93a245b50cc888c6964929894ad077d16c49f5b3082a12f96e3f7855e1af0c7f27e566aeacfc0a9ac1c67f
SSDEEP

1536:26v1hyFWsAM2Xz/y1wD55Ds2/0VSjbVd3aPSs:jXywj5X2ql8StNYS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ubt.exe

Files

ubt.exe
.exe windows:6 windows x64 arch:x64

5d069bc732d5a8b393d595273a72a80a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Lenovo\Downloads\BypassUAC-master\BypassUAC-master\x64\Release\BypassUAC.pdb

Imports

kernel32

GetModuleFileNameW
OpenProcess
CloseHandle
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
ExitProcess
Sleep
LCIDToLocaleName
RaiseException
VirtualQuery
RtlUnwindEx
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
LCMapStringEx
GetLocaleInfoEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
GetModuleHandleExW

ole32

CoInitializeEx
CoUninitialize
CoGetObject

msvcrt

realloc
abort
wcsnlen
_callnewh
_initterm
_initterm_e
_set_fmode
strcpy_s
_lock
_unlock
___mb_cur_max_func
_iob
___lc_handle_func
_XcptFilter
__set_app_type
__wgetmainargs
_wenviron
__argc
__wargv
?_set_new_mode@@YAHH@Z
_commode
_msize
?terminate@@YAXXZ
_isatty
_fileno
_wcsdup
calloc
___lc_codepage_func
__pctype_func
ungetc
setvbuf
_fseeki64
fsetpos
fgetpos
fgetc
fflush
fclose
ungetwc
fgetwc
_errno
malloc
free
wcscat_s
wcscpy_s
_wcsicmp
_local_unwind
__DestructExceptionObject
_amsg_exit
__C_specific_handler
memset
memmove
__uncaught_exception
memcpy
_CxxThrowException
strchr
wcsrchr
__CxxFrameHandler3

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d069bc732d5a8b393d595273a72a80a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

msvcrt

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 560B