uvnBLl0dUa[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

uvnBLl0dUa.exe
Size

31.7MB
MD5

5d26442c3cb8aa26a43b54ee85934c1f
SHA1

189c0599223a553263a3beb47e8104f2c6b69278
SHA256

bad85e10a276ec69cb47780c2f3d0cedc24bf6150ba9fa8d3d93e8b033be14a0
SHA512

83b92f203fa0762ae960456c7822551260948b52671f1b60c8aa12dd53beab01192c7baa466f6c908710df52fe47b23138000278e6b7938ce01f9f11d983ddda
SSDEEP

786432:ePO8OWlicV/ZYB1dfc+i5unLmPPcnHG2zudzmp6NX:ePeBc4lVikLmHMgNlt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
uvnBLl0dUa.exe

Files

uvnBLl0dUa.exe
.exe windows:6 windows x64 arch:x64

d3517dbc3af43e5118267be09f70b917

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tbs

Tbsi_GetDeviceInfo

advapi32

RegEnumKeyW

user32

MessageBoxW

bcrypt

BCryptGenRandom

kernel32

AreFileApisANSI

gdi32

GetDIBits

shell32

ShellExecuteA

ole32

CoTaskMemFree

msvcp140

_Xtime_get_ticks

ntdll

NtFreeVirtualMemory

netapi32

NetLocalGroupAddMembers

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-runtime-l1-1-0

system

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-conio-l1-1-0

_getch

ws2_32

ioctlsocket

setupapi

SetupDiDestroyDeviceInfoList

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eac0
Size: - Virtual size: 22.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eac1
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eac2
Size: 31.7MB - Virtual size: 31.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3517dbc3af43e5118267be09f70b917

Headers

DLL Characteristics

File Characteristics

Imports

tbs

advapi32

user32

bcrypt

kernel32

gdi32

shell32

ole32

msvcp140

ntdll

netapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

ws2_32

setupapi

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 683KB

.data Size: - Virtual size: 61KB

.pdata Size: - Virtual size: 25KB

.eac0 Size: - Virtual size: 22.1MB

.eac1 Size: 512B - Virtual size: 464B

.eac2 Size: 31.7MB - Virtual size: 31.7MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 683KB

.data
Size: - Virtual size: 61KB

.pdata
Size: - Virtual size: 25KB

.eac0
Size: - Virtual size: 22.1MB

.eac1
Size: 512B - Virtual size: 464B

.eac2
Size: 31.7MB - Virtual size: 31.7MB

.rsrc
Size: 512B - Virtual size: 480B