ud+mw3+free[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ud+mw3+free.rar
Size

20.0MB
MD5

71512ba17bff255931713848d7fe723d
SHA1

04463531c21fafac5f3fd055bd08ab15e2a1dcc9
SHA256

0af9ab04bef47799851262c12e20865a74b91302eb5391bdb7d234ef0296e9c8
SHA512

051239ea79aabba6a9371b38394ec8daf2f5619f5820d16aebe8a3955c3904b07eee1a423a2b693d2865a27a5b34338d3beac0b7c9d20026f9dd894a3705e034
SSDEEP

393216:Tf1wxqA8hdv53WKKg4gT/Bqy9du2v5lfbmkp0yk89k:T40dv5ugT/Bq2d1Rkkpy3

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ud/Assist.sys
unpack001/ud/Assistant.exe
unpack001/ud/AssistantSTM.exe

Files

ud+mw3+free.rar
.rar
ud/Assist.sys
.sys windows:10 windows x64 arch:x64

d7ae18ab3ac6dd7d56d11b04c7efcec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

ntoskrnl.exe

ExAcquireResourceExclusiveLite
ExReleaseResourceLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ZwQuerySystemInformation
RtlInitUnicodeString
ExAllocatePool2
ExFreePoolWithTag
KeInitializeEvent
KeResetEvent
KeSetEvent
KeWaitForSingleObject
MmProbeAndLockPages
MmUnlockPages
IoAllocateIrp
IoAllocateMdl
IoFreeIrp
IoFreeMdl
IoReuseIrp
__C_specific_handler
ObfDereferenceObject
MmCopyVirtualMemory
PsLookupProcessByProcessId
PsGetProcessPeb
PsGetProcessSectionBaseAddress
MmUserProbeAddress
KeDelayExecutionThread
PsCreateSystemThread
ZwOpenFile
ZwClose

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.i|z
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ud/Assistant.exe
.exe windows:6 windows x64 arch:x64

d8974f888621fde37bc8c5952c40742a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

DispatchMessageW

msvcp140

??Bid@locale@std@@QEAA_KXZ

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

imm32

ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

ws2_32

recv

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.D~"
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.O~
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JC$
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 639B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ud/AssistantSTM.exe
.exe windows:6 windows x64 arch:x64

d8974f888621fde37bc8c5952c40742a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

DispatchMessageW

msvcp140

??Bid@locale@std@@QEAA_KXZ

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

imm32

ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

ws2_32

recv

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.!i}
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.by5
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.:nL
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 639B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ud/data
ud/imgui.ini

Sharing

General

Malware Config

Signatures

Files

d7ae18ab3ac6dd7d56d11b04c7efcec8

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 813KB

.pdata Size: 1024B - Virtual size: 528B

INIT Size: 1KB - Virtual size: 1KB

.i|z Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 512B - Virtual size: 276B

d8974f888621fde37bc8c5952c40742a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3d11

d3dcompiler_47

imm32

dwmapi

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 432KB

.rdata Size: - Virtual size: 186KB

.data Size: - Virtual size: 60KB

.pdata Size: - Virtual size: 15KB

.D~" Size: - Virtual size: 6.1MB

.O~ Size: 4KB - Virtual size: 3KB

.JC$ Size: 9.9MB - Virtual size: 9.9MB

.reloc Size: 512B - Virtual size: 284B

.rsrc Size: 1024B - Virtual size: 639B

d8974f888621fde37bc8c5952c40742a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3d11

d3dcompiler_47

imm32

dwmapi

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 813KB

.pdata
Size: 1024B - Virtual size: 528B

INIT
Size: 1KB - Virtual size: 1KB

.i|z
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 512B - Virtual size: 276B

.text
Size: - Virtual size: 432KB

.rdata
Size: - Virtual size: 186KB

.data
Size: - Virtual size: 60KB

.pdata
Size: - Virtual size: 15KB

.D~"
Size: - Virtual size: 6.1MB

.O~
Size: 4KB - Virtual size: 3KB

.JC$
Size: 9.9MB - Virtual size: 9.9MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 1024B - Virtual size: 639B

.text
Size: - Virtual size: 432KB

.rdata
Size: - Virtual size: 186KB

.data
Size: - Virtual size: 60KB

.pdata
Size: - Virtual size: 15KB

.!i}
Size: - Virtual size: 6.2MB

.by5
Size: 4KB - Virtual size: 3KB

.:nL
Size: 9.9MB - Virtual size: 9.9MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 1024B - Virtual size: 639B