0330da1e17d9f7244773016dfefc3baebdb21e43ca287477e0a1f09773b173f3

Sharing

Copy URL Twitter E-mail

General

Target

0330da1e17d9f7244773016dfefc3baebdb21e43ca287477e0a1f09773b173f3
Size

2.6MB
MD5

0c7fc051822faa959a5b9b62223d0f40
SHA1

432d23a276f0eaa35e354dda3325ffeef4929d5e
SHA256

0330da1e17d9f7244773016dfefc3baebdb21e43ca287477e0a1f09773b173f3
SHA512

2bc765e7b8d74d8d4cf5061de52e169f9962fba756e4661e947c8e12c0bf2b1baa8518e1afcbf81dbee22295b48fd6392894c89d2d55cdd5b8d89c7404794db7
SSDEEP

49152:wK2nA5/enf4zbbpt7KuX0KIzM8GD0Xc+C4lbwHpk8D3uS/94Y8:wTA5/enopt7Lz8c+C4pwW8a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0330da1e17d9f7244773016dfefc3baebdb21e43ca287477e0a1f09773b173f3

Files

0330da1e17d9f7244773016dfefc3baebdb21e43ca287477e0a1f09773b173f3
.exe windows:5 windows x86 arch:x86

17757cfa34232ced935b6aec704d87a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\jobs\CLIENT_CHAN_BACKUP\workspace\uuclient\bin\uninstall.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupUninstallOEMInfW
SetupDiOpenDevRegKey

kernel32

CreateFileW
GetCurrentDirectoryW
FindClose
GetEnvironmentVariableW
GetVersion
GetFileType
FlushFileBuffers
GetCurrentProcessId
GetModuleHandleExW
GetFullPathNameA
SetStdHandle
WriteConsoleW
SetHandleCount
GetEnvironmentStringsW
InitializeCriticalSection
FreeEnvironmentStringsW
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
LoadLibraryW
GetStringTypeW
HeapCreate
IsValidCodePage
GetOEMCP
GetLocaleInfoW
SleepEx
IsProcessorFeaturePresent
IsDebuggerPresent
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetCurrentThreadId
SetThreadPriority
TerminateThread
SetUnhandledExceptionFilter
ReadFile
LCMapStringW
GetCPInfo
RtlUnwind
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
ExitThread
GetConsoleCP
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
PeekNamedPipe
RaiseException
DecodePointer
ExpandEnvironmentStringsA
WaitForMultipleObjects
FormatMessageA
EncodePointer
InterlockedIncrement
GetFileAttributesW
ConvertFiberToThread
FormatMessageW
GetFileAttributesA
WriteFile
FindFirstFileW
CreateEventW
GetFileSizeEx
SetEvent
TlsFree
TlsAlloc
TlsSetValue
LoadLibraryA
FindNextFileW
CreateFileA
TlsGetValue
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter
CreateIoCompletionPort
MulDiv
ExitProcess
GetACP
GetFileSize
SetFilePointer
DuplicateHandle
DosDateTimeToFileTime
SetFileTime
GetLocalTime
GlobalUnlock
GlobalLock
GlobalAlloc
FileTimeToLocalFileTime
QueryPerformanceFrequency
FileTimeToSystemTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SystemTimeToFileTime
SetLastError
LocalFree
GetStdHandle
InterlockedExchange
InterlockedCompareExchange
GetUserDefaultLCID
GetLocaleInfoA
CreateThread
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
lstrlenA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
TerminateProcess
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
WaitForSingleObject
lstrlenW
FindResourceExW
LockResource
SizeofResource
FreeResource
Sleep
CreateMutexW
CreateProcessW
MoveFileExW
CopyFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
GetModuleFileNameW
LoadResource
FindResourceW
CloseHandle
GetVersionExW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetLastError
InterlockedDecrement
DeleteFiber

crypt32

CertGetNameStringW
CertDeleteCertificateFromStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertOpenStore
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CryptStringToBinaryW
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertFreeCertificateChainEngine

ws2_32

getsockopt
getpeername
connect
sendto
recvfrom
ntohs
getsockname
setsockopt
WSAIoctl
WSAStartup
WSACleanup
socket
select
__WSAFDIsSet
WSASetLastError
send
recv
WSASetEvent
closesocket
accept
listen
freeaddrinfo
getaddrinfo
ioctlsocket
bind
htons
WSAGetLastError
ntohl
htonl
gethostname

wldap32

ord118
ord14
ord219
ord145
ord208
ord26
ord133
ord147
ord127
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord73

iphlpapi

GetAdaptersInfo

user32

GetSysColor
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetRect
CharPrevW
DrawTextW
FillRect
GetWindowRgn
ClientToScreen
MoveWindow
CharNextW
IntersectRect
wvsprintfW
SetCursor
OffsetRect
GetClassInfoExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
EnableWindow
GetMessageW
GetParent
GetWindow
BeginPaint
IsRectEmpty
UpdateLayeredWindow
EndPaint
GetUpdateRect
MapWindowPoints
GetFocus
SetWindowPos
PtInRect
ReleaseCapture
SetCapture
IsWindow
InvalidateRect
GetDC
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
DestroyWindow
UnregisterClassW
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
PostQuitMessage
LoadImageW
MonitorFromWindow
SetWindowRgn
KillTimer
SetTimer
PostMessageW
SendMessageW
GetWindowLongW
SetWindowLongW
ShowWindow
IsZoomed
GetClientRect
ScreenToClient
CloseWindow
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
InvalidateRgn
IsIconic
GetWindowRect
GetKeyState
LoadStringW
GetCaretPos
SetFocus
GetCursorPos
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsW
ReleaseDC

gdi32

DeleteDC
SetWindowOrgEx
Rectangle
GetObjectA
SelectClipRgn
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SetBkMode
SetTextColor
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
CreateRectRgn
PtInRegion
CreateCompatibleDC
CreateDIBSection
SaveDC
BitBlt
RestoreDC
SetStretchBltMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
CreateRoundRectRgn
DeleteObject
GetDeviceCaps
ExtSelectClipRgn
CreateDCW

advapi32

CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CloseServiceHandle
CryptImportKey
CryptEncrypt
CryptHashData
CryptGetHashParam
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
CryptAcquireContextW
OpenSCManagerW
OpenServiceW
StartServiceW
ChangeServiceConfigW
CryptGenRandom

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHFileOperationW

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

gdiplus

GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillPath
GdipDrawPath
GdipSetSmoothingMode
GdipReleaseDC
GdipAddPathCurveI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipAlloc

shlwapi

SHDeleteKeyW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent
ord17

winmm

timeGetTime

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17757cfa34232ced935b6aec704d87a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

crypt32

ws2_32

wldap32

iphlpapi

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msimg32

comctl32

winmm

imm32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 494KB - Virtual size: 494KB

.data Size: 16KB - Virtual size: 43KB

.rsrc Size: 280KB - Virtual size: 279KB

.reloc Size: 98KB - Virtual size: 98KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 494KB - Virtual size: 494KB

.data
Size: 16KB - Virtual size: 43KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 98KB - Virtual size: 98KB