urelas | a9924cfd3a9eb9696e6a774efab3ca10N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a9924cfd3a9eb9696e6a774efab3ca10N.exe
Size

1.8MB
MD5

a9924cfd3a9eb9696e6a774efab3ca10
SHA1

e73359d508659e40d61439eb1512a771111f8bea
SHA256

03ab57357de3b46523fbb9d061e6d1fe79fbca1158c8de37664da659c90aa088
SHA512

c65f152d44846c75d8af3574a858870a078aeef23416fdabddf6a9c1b2f74442feed14c4f8abbd7ac0ca949fa2e7fc945ee9beb860a39c42323c1ed89ed692d9
SSDEEP

49152:ID3ZrSCi2SbXcJZKFRFW9mimvuhmQDh1n/noFPvSmZtimZU3uvrJT:qgCi2CXnFRFW9mimvuh1DcFSmZtxZU3y

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a9924cfd3a9eb9696e6a774efab3ca10N.exe

Files

a9924cfd3a9eb9696e6a774efab3ca10N.exe
.exe windows:5 windows x86 arch:x86

5fce34663143d84c3b7e0e55db9c928b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
InterlockedIncrement
CopyFileW
GlobalGetAtomNameW
lstrcmpA
lstrlenA
FileTimeToSystemTime
lstrcmpW
LoadLibraryW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
InterlockedExchange
GetLocaleInfoW
GetUserDefaultUILanguage
GetFileAttributesExW
FileTimeToLocalFileTime
GetFileTime
lstrcpyW
GetWindowsDirectoryW
GetNumberFormatW
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
DecodePointer
EncodePointer
ExitThread
HeapSize
HeapQueryInformation
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
LCMapStringW
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GlobalSize
FormatMessageW
MulDiv
lstrlenW
GetCurrentProcessId
FreeLibrary
InterlockedDecrement
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
SetLastError
WaitForSingleObject
GetCurrentThreadId
ResumeThread
HeapReAlloc
SetThreadPriority
WideCharToMultiByte
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointer
GetLastError
SetFileAttributesW
GetFileSizeEx
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
ExitProcess
MultiByteToWideChar
CreateThread
WriteFile
CreateFileA
GetModuleFileNameA
GetTempPathA
CreateFileW
ReadFile
DeviceIoControl
GetSystemDirectoryW
GetTickCount
Sleep
CreateEventW
CloseHandle
OpenEventW
DeleteFileW
GetFileAttributesW
GetTempPathW
GetModuleFileNameW
CompareStringW
GetVersionExW

user32

HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
GetNextDlgTabItem
OffsetRect
GetIconInfo
CopyImage
LoadImageW
GetNextDlgGroupItem
DrawIconEx
CreateDialogIndirectParamW
BringWindowToTop
InsertMenuItemW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
SetClassLongW
GetSystemMenu
DrawStateW
DrawEdge
DrawFrameControl
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
GetKeyNameTextW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
PostThreadMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
CharUpperW
DestroyIcon
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
CreatePopupMenu
DrawFocusRect
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
PostMessageW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
wsprintfW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
GetMenuDefaultItem
RedrawWindow
SetLayeredWindowAttributes
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
MapVirtualKeyW
GetPropW
IsRectEmpty
EnumDisplayMonitors
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
SetRectEmpty
IsIconic
SetPropW
GetWindowDC
InflateRect

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteA
ShellExecuteW
SHGetDesktopFolder

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW

ws2_32

WSAStartup
htonl
gethostbyaddr
socket
gethostbyname
inet_addr
htons
connect
closesocket
send
recv
WSAGetLastError

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipFree
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdipAlloc

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

gdi32

CreateHatchBrush
CreateCompatibleBitmap
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CopyMetaFileW
CreateDCW
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
BitBlt
ExtTextOutW
GetTextExtentPoint32W
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
CreateSolidBrush
CreatePen
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
CreateDIBitmap
GetTextMetricsW
PtVisible
RectVisible
TextOutW
Escape
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
GetTextFaceW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
CreatePalette
SetPixelV
SetPaletteEntries
ExtFloodFill
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SelectObject

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
DoDragDrop
CoTaskMemFree
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VarBstrFromDate
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JKGHSGH
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fce34663143d84c3b7e0e55db9c928b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msimg32

comctl32

shlwapi

ws2_32

iphlpapi

oleacc

gdiplus

imm32

winmm

gdi32

winspool.drv

comdlg32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 264KB - Virtual size: 264KB

.data Size: 24KB - Virtual size: 56KB

.rsrc Size: 214KB - Virtual size: 216KB

.reloc Size: 164KB - Virtual size: 164KB

JKGHSGH Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 264KB - Virtual size: 264KB

.data
Size: 24KB - Virtual size: 56KB

.rsrc
Size: 214KB - Virtual size: 216KB

.reloc
Size: 164KB - Virtual size: 164KB

JKGHSGH
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB