UrivenPlayerBeta[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UrivenPlayerBeta.exe
Size

1.5MB
MD5

b3aa8c4892e4ab08b92439ed2db71be6
SHA1

7c9cc3ee5ad566a3b4332578d441b068b0dc0eaa
SHA256

aff83016627b98548940c84ee7d1736b06b7ffef92e379a48f7d8ecbc14ba7a9
SHA512

d7b535f6859e1c34690fc56aa2ff7f794b95f4aff5fcba8c46f68cc7cc0f8fae64eaf62acd9b1b050ba24df14870978e51fc223eaea74cec7cb2a0212b5eaeeb
SSDEEP

24576:lgx9U8VtsAeg3yawXOaw2xz+nIXiWveYJ6sFIrmfjGSICWUOHMTvIadQvYyTbwM7:exVOaS1z+IXiU6s6QGnCWvHMTgadQvYi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UrivenPlayerBeta.exe

Files

UrivenPlayerBeta.exe
.exe windows:5 windows x86 arch:x86

760539734495881fe4cd8eef21ccca85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\trunk_ninja_boot-x86\build.ninja\common\vs2017\x86\release\Installer\BootstrapperClient\BootstrapperClient.pdb

Imports

powrprof

CallNtPowerInformation

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpQueryHeaders

kernel32

GetVersionExW
LocalFree
FormatMessageW
FindResourceA
VerifyVersionInfoW
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
CopyFileW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
FreeConsole
AttachConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
GetShortPathNameW
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
FlushFileBuffers
GetFileSizeEx
SetFileTime
lstrcpyW
MoveFileW
OpenEventA
SetLastError
CreateSemaphoreW
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
GetFileTime
FormatMessageA
GetSystemInfo
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateWaitableTimerA
HeapAlloc
GetTempPathW
SleepEx
CreateThread
GetExitCodeThread
GetVersion
LockFileEx
SetEndOfFile
UnlockFileEx
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetProcessTimes
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
SetFilePointerEx
FindFirstFileExW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
HeapDestroy
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
RtlUnwind
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
RaiseException
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
WriteFile
ReadFile
GetFileSize
VerSetConditionMask
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
InitializeCriticalSectionEx
SetUnhandledExceptionFilter
HeapReAlloc
DecodePointer
MulDiv
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GetProcAddress
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
DeleteFileW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetFileType

user32

GetDC
CreateWindowExW
GetWindowRect
MessageBoxW
DefWindowProcW
SendMessageW
InvalidateRect
CallWindowProcW
ShowWindow
GetWindowLongW
SetWindowLongW
RegisterClassW
GetParent
GetWindowTextW
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
EnumWindows
CharUpperW
GetWindowThreadProcessId
LoadIconW
MessageBoxA
MessageBoxExW
PostQuitMessage
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
DrawTextW
ReleaseDC
AllowSetForegroundWindow
BeginPaint
EndPaint
FillRect
LoadBitmapW
PostMessageW
IsWindowVisible
SetForegroundWindow
CharNextW

gdi32

SetBkMode
SetDCPenColor
SetDCBrushColor
SelectObject
RoundRect
SetTextColor
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateFontW
Rectangle

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
CommandLineToArgvW
Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteExW
ord165

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

advapi32

CryptAcquireContextW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
RevertToSelf
SystemFunction036
RegQueryValueExA
GetTokenInformation
RegFlushKey

shlwapi

PathAddBackslashW
HashData
SHDeleteKeyW
StrCmpNW
StrStrW
StrCmpW
PathFileExistsW
PathRemoveExtensionW
SHCopyKeyW
PathAppendW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree

wininet

HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
HttpQueryInfoA
InternetWriteFile
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetQueryDataAvailable

ws2_32

connect
closesocket
freeaddrinfo
getaddrinfo
inet_ntoa
htons
WSAGetLastError
WSACleanup
WSAStartup
socket
sendto
send

winmm

timeGetTime
timeSetEvent
timeGetDevCaps
timeBeginPeriod

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

760539734495881fe4cd8eef21ccca85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

powrprof

winhttp

kernel32

user32

gdi32

shell32

ole32

advapi32

shlwapi

version

iphlpapi

sensapi

comctl32

gdiplus

wininet

ws2_32

winmm

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 291KB - Virtual size: 290KB

.data Size: 23KB - Virtual size: 350KB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 291KB - Virtual size: 290KB

.data
Size: 23KB - Virtual size: 350KB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 53KB - Virtual size: 52KB