urelas | 931c9f7961eb295aecfbe372b16b585a9b16e9dbd45321def2c320224995f840

Sharing

Copy URL Twitter E-mail

General

Target

931c9f7961eb295aecfbe372b16b585a9b16e9dbd45321def2c320224995f840
Size

4.4MB
MD5

cc054ce55a31d69d03f9cf66917ac453
SHA1

38e6faaaeb67bc49d44876771b05c91d1b6f39d3
SHA256

931c9f7961eb295aecfbe372b16b585a9b16e9dbd45321def2c320224995f840
SHA512

9d0b4f367ebdd09c36c5392d2bab238d6dfcdc7f45fb8e051c181d737dce2807a960667a04e1944d6fbfa5836bb363476bbea53bcd5c725b7d9d49f0166d97ea
SSDEEP

24576:cUowYcOW4NcW9tGw2Eu8CkdhpIIZxYETKtZK/nyr5DBpX:GcOukjS8JdIaxpTK0nyNnX

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
931c9f7961eb295aecfbe372b16b585a9b16e9dbd45321def2c320224995f840

Files

931c9f7961eb295aecfbe372b16b585a9b16e9dbd45321def2c320224995f840
.exe windows:4 windows x86 arch:x86

78cbfd92c4a2c4baef4202ec751e4238

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
DeleteFileW
CreateEventW
CreateThread
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
MultiByteToWideChar
GetVersionExW
CreateFileW
GetFileSizeEx
GetLastError
GetCurrentProcessId
TerminateProcess
GetModuleHandleA
GetProcAddress
GetTempPathA
GetModuleFileNameA
CreateFileA
WriteFile
ReadFile
SetFilePointer
GetTempPathW
DeviceIoControl
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
WideCharToMultiByte
SetFileAttributesW
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
CloseHandle
OpenEventW
GetFileAttributesW
GetTickCount
ExitProcess
Sleep
FlushFileBuffers
GetModuleFileNameW
SetStdHandle
InitializeCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
RaiseException
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
TlsGetValue

user32

LoadStringW
LoadAcceleratorsW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
wsprintfW

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteA

ws2_32

socket
recv
send
closesocket
connect
WSAStartup
htonl
gethostbyaddr
WSAGetLastError
gethostbyname
inet_addr
htons

iphlpapi

GetAdaptersInfo

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RWDXpCnt
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

xIcoosxj
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ

YxdQockM
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_MEM_READ

ZyLNEoBK
Size: 252KB - Virtual size: 256KB

IMAGE_SCN_MEM_READ

YwClttuI
Size: 152KB - Virtual size: 156KB

IMAGE_SCN_MEM_READ

myNLgrHJ
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_MEM_READ

LQMeesRM
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_MEM_READ

kxeSqIfy
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

DsXJIkIu
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_MEM_READ

ddiTAdKL
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_MEM_READ

DKlGPYcl
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

rHkuOoeY
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

PZvmXBOO
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_MEM_READ

JuDbhPgC
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_MEM_READ

mNpTzULX
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

QslomYpu
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

WmIsdGmW
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

zNIzJZEc
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_MEM_READ

Nxeqzhfn
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_MEM_READ

lWeDIfAe
Size: 364KB - Virtual size: 368KB

IMAGE_SCN_MEM_READ

zXCqhSEh
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

iUypEECT
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_MEM_READ

QTrKRQbD
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ

fiXZlKkw
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_MEM_READ

WfljQmWy
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

DMMduHbc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

ntNIkQPe
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_MEM_READ

ttPRJHce
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_MEM_READ

JSqfHHdO
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

qicWpqhG
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ

iQgigbQN
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

jYteLSFI
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

mKLdtGXk
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ

EhRoIiEg
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ

edsavBFZ
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

UPGrwFzk
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_MEM_READ

UlKuZLPy
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

HHpJdKzU
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_MEM_READ

zSonfXEj
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_MEM_READ

HqiBCsEJ
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

EFPUPQAh
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_MEM_READ

tgdWIWUc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_MEM_READ

CVdRfpOu
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

lidfZglE
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

tYVbRcFi
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_MEM_READ

RzJxLWXY
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

RQnMaNrn
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ

HwxQwVSG
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_MEM_READ

yAZmZPNu
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_MEM_READ

iNUEbUFB
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

ZdltyIWJ
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

lzcLiPWs
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_MEM_READ

sWBsbBii
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_MEM_READ

LlCbjcuj
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_MEM_READ

yQFDPJzQ
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

VyFamBbZ
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

jaewENcW
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ

EJxyHeAz
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_MEM_READ

RyQTCOBS
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

jHrEpAWe
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

JAAIFyxQ
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

EyxqiNMw
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

NbkOOxNJ
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_MEM_READ

oqfNnOtN
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

ALSchGYr
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_MEM_READ

oIvyvmVD
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ

qPGoiGpC
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78cbfd92c4a2c4baef4202ec751e4238

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

wtsapi32

Sections

.text Size: 368KB - Virtual size: 368KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: - Virtual size: 4KB

RWDXpCnt Size: 3KB - Virtual size: 4KB

xIcoosxj Size: 23KB - Virtual size: 24KB

YxdQockM Size: 73KB - Virtual size: 76KB

ZyLNEoBK Size: 252KB - Virtual size: 256KB

YwClttuI Size: 152KB - Virtual size: 156KB

myNLgrHJ Size: 202KB - Virtual size: 204KB

LQMeesRM Size: 68KB - Virtual size: 68KB

kxeSqIfy Size: 15KB - Virtual size: 16KB

DsXJIkIu Size: 38KB - Virtual size: 40KB

ddiTAdKL Size: 84KB - Virtual size: 88KB

DKlGPYcl Size: 5KB - Virtual size: 8KB

rHkuOoeY Size: 2KB - Virtual size: 4KB

PZvmXBOO Size: 76KB - Virtual size: 80KB

JuDbhPgC Size: 49KB - Virtual size: 52KB

mNpTzULX Size: 33KB - Virtual size: 36KB

QslomYpu Size: 2KB - Virtual size: 4KB

WmIsdGmW Size: 512B - Virtual size: 4KB

zNIzJZEc Size: 289KB - Virtual size: 292KB

Nxeqzhfn Size: 73KB - Virtual size: 76KB

lWeDIfAe Size: 364KB - Virtual size: 368KB

zXCqhSEh Size: 6KB - Virtual size: 8KB

iUypEECT Size: 111KB - Virtual size: 112KB

QTrKRQbD Size: 21KB - Virtual size: 24KB

fiXZlKkw Size: 40KB - Virtual size: 40KB

WfljQmWy Size: 35KB - Virtual size: 36KB

DMMduHbc Size: 20KB - Virtual size: 20KB

ntNIkQPe Size: 63KB - Virtual size: 64KB

ttPRJHce Size: 41KB - Virtual size: 44KB

JSqfHHdO Size: 2KB - Virtual size: 4KB

qicWpqhG Size: 27KB - Virtual size: 28KB

iQgigbQN Size: 5KB - Virtual size: 8KB

jYteLSFI Size: 14KB - Virtual size: 16KB

mKLdtGXk Size: 11KB - Virtual size: 12KB

EhRoIiEg Size: 46KB - Virtual size: 48KB

edsavBFZ Size: 13KB - Virtual size: 16KB

UPGrwFzk Size: 58KB - Virtual size: 60KB

UlKuZLPy Size: 35KB - Virtual size: 36KB

HHpJdKzU Size: 117KB - Virtual size: 120KB

zSonfXEj Size: 128KB - Virtual size: 132KB

HqiBCsEJ Size: 17KB - Virtual size: 20KB

EFPUPQAh Size: 64KB - Virtual size: 64KB

tgdWIWUc Size: 179KB - Virtual size: 180KB

CVdRfpOu Size: 3KB - Virtual size: 4KB

lidfZglE Size: 33KB - Virtual size: 36KB

tYVbRcFi Size: 67KB - Virtual size: 68KB

RzJxLWXY Size: 20KB - Virtual size: 20KB

RQnMaNrn Size: 23KB - Virtual size: 24KB

HwxQwVSG Size: 36KB - Virtual size: 40KB

yAZmZPNu Size: 75KB - Virtual size: 76KB

iNUEbUFB Size: 512B - Virtual size: 4KB

ZdltyIWJ Size: 5KB - Virtual size: 8KB

lzcLiPWs Size: 70KB - Virtual size: 72KB

sWBsbBii Size: 71KB - Virtual size: 72KB

LlCbjcuj Size: 29KB - Virtual size: 32KB

yQFDPJzQ Size: 4KB - Virtual size: 4KB

VyFamBbZ Size: 34KB - Virtual size: 36KB

jaewENcW Size: 46KB - Virtual size: 48KB

EJxyHeAz Size: 384KB - Virtual size: 384KB

RyQTCOBS Size: 32KB - Virtual size: 36KB

jHrEpAWe Size: 4KB - Virtual size: 4KB

.text
Size: 368KB - Virtual size: 368KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: - Virtual size: 4KB

RWDXpCnt
Size: 3KB - Virtual size: 4KB

xIcoosxj
Size: 23KB - Virtual size: 24KB

YxdQockM
Size: 73KB - Virtual size: 76KB

ZyLNEoBK
Size: 252KB - Virtual size: 256KB

YwClttuI
Size: 152KB - Virtual size: 156KB

myNLgrHJ
Size: 202KB - Virtual size: 204KB

LQMeesRM
Size: 68KB - Virtual size: 68KB

kxeSqIfy
Size: 15KB - Virtual size: 16KB

DsXJIkIu
Size: 38KB - Virtual size: 40KB

ddiTAdKL
Size: 84KB - Virtual size: 88KB

DKlGPYcl
Size: 5KB - Virtual size: 8KB

rHkuOoeY
Size: 2KB - Virtual size: 4KB

PZvmXBOO
Size: 76KB - Virtual size: 80KB

JuDbhPgC
Size: 49KB - Virtual size: 52KB

mNpTzULX
Size: 33KB - Virtual size: 36KB

QslomYpu
Size: 2KB - Virtual size: 4KB

WmIsdGmW
Size: 512B - Virtual size: 4KB

zNIzJZEc
Size: 289KB - Virtual size: 292KB

Nxeqzhfn
Size: 73KB - Virtual size: 76KB

lWeDIfAe
Size: 364KB - Virtual size: 368KB

zXCqhSEh
Size: 6KB - Virtual size: 8KB

iUypEECT
Size: 111KB - Virtual size: 112KB

QTrKRQbD
Size: 21KB - Virtual size: 24KB

fiXZlKkw
Size: 40KB - Virtual size: 40KB

WfljQmWy
Size: 35KB - Virtual size: 36KB

DMMduHbc
Size: 20KB - Virtual size: 20KB

ntNIkQPe
Size: 63KB - Virtual size: 64KB

ttPRJHce
Size: 41KB - Virtual size: 44KB

JSqfHHdO
Size: 2KB - Virtual size: 4KB

qicWpqhG
Size: 27KB - Virtual size: 28KB

iQgigbQN
Size: 5KB - Virtual size: 8KB

jYteLSFI
Size: 14KB - Virtual size: 16KB

mKLdtGXk
Size: 11KB - Virtual size: 12KB

EhRoIiEg
Size: 46KB - Virtual size: 48KB

edsavBFZ
Size: 13KB - Virtual size: 16KB

UPGrwFzk
Size: 58KB - Virtual size: 60KB

UlKuZLPy
Size: 35KB - Virtual size: 36KB

HHpJdKzU
Size: 117KB - Virtual size: 120KB

zSonfXEj
Size: 128KB - Virtual size: 132KB

HqiBCsEJ
Size: 17KB - Virtual size: 20KB

EFPUPQAh
Size: 64KB - Virtual size: 64KB

tgdWIWUc
Size: 179KB - Virtual size: 180KB

CVdRfpOu
Size: 3KB - Virtual size: 4KB

lidfZglE
Size: 33KB - Virtual size: 36KB

tYVbRcFi
Size: 67KB - Virtual size: 68KB

RzJxLWXY
Size: 20KB - Virtual size: 20KB

RQnMaNrn
Size: 23KB - Virtual size: 24KB

HwxQwVSG
Size: 36KB - Virtual size: 40KB

yAZmZPNu
Size: 75KB - Virtual size: 76KB

iNUEbUFB
Size: 512B - Virtual size: 4KB

ZdltyIWJ
Size: 5KB - Virtual size: 8KB

lzcLiPWs
Size: 70KB - Virtual size: 72KB

sWBsbBii
Size: 71KB - Virtual size: 72KB

LlCbjcuj
Size: 29KB - Virtual size: 32KB

yQFDPJzQ
Size: 4KB - Virtual size: 4KB

VyFamBbZ
Size: 34KB - Virtual size: 36KB

jaewENcW
Size: 46KB - Virtual size: 48KB

EJxyHeAz
Size: 384KB - Virtual size: 384KB

RyQTCOBS
Size: 32KB - Virtual size: 36KB

jHrEpAWe
Size: 4KB - Virtual size: 4KB

JAAIFyxQ
Size: 4KB - Virtual size: 8KB

EyxqiNMw
Size: 1024B - Virtual size: 4KB

NbkOOxNJ
Size: 28KB - Virtual size: 32KB

oqfNnOtN
Size: 19KB - Virtual size: 20KB

ALSchGYr
Size: 136KB - Virtual size: 136KB

oIvyvmVD
Size: 23KB - Virtual size: 24KB

qPGoiGpC
Size: 512B - Virtual size: 4KB