urelas | 34ac579ac3b0a05af8fe93d96337a12e38b4b55066f46b57d2d6833b8168a0ecN

Sharing

Copy URL

Twitter E-mail

General

Target

34ac579ac3b0a05af8fe93d96337a12e38b4b55066f46b57d2d6833b8168a0ecN
Size

458KB
MD5

7b71458e7c0196c106b3ce6556ab2540
SHA1

15cd146a05f89369da87a21e5516e88cde8feaac
SHA256

34ac579ac3b0a05af8fe93d96337a12e38b4b55066f46b57d2d6833b8168a0ec
SHA512

ded897a6123f6e50d2f769cf281d7ced4849c487bc774ce8e0897399c02077b50da5f6af0c6546aba8dede43ccf7f66d414b6bd85c90d96e0ed8afd05ba2d3a5
SSDEEP

6144:l+89tuc2/zrVhVa2H6jkEgAnLjCyl5afu/KQw3hwglo8uBqjnv6D3WwhD5RzC913:lJYH6jkEgAnieafuzQTlhuwv6Dd9C9GA

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
34ac579ac3b0a05af8fe93d96337a12e38b4b55066f46b57d2d6833b8168a0ecN

Files

34ac579ac3b0a05af8fe93d96337a12e38b4b55066f46b57d2d6833b8168a0ecN
.exe windows:5 windows x86 arch:x86

df08ca2958073764431835d21f7060fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PMS\pms4\Project(20131120)\GolfProject\bin\GolfProject.pdb

Imports

kernel32

GetCurrentDirectoryW
LocalFileTimeToFileTime
WideCharToMultiByte
SystemTimeToFileTime
SetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalAlloc
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
GlobalFree
TlsFree
InterlockedDecrement
FreeLibrary
lstrlenW
FormatMessageW
SetFilePointer
GetCurrentThreadId
InterlockedIncrement
lstrcmpA
lstrlenA
GetVersionExA
lstrcmpW
LoadLibraryA
LoadLibraryW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetStartupInfoW
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFileAttributesW
GetTempPathA
GetModuleFileNameA
DeviceIoControl
LockResource
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
GetVersionExW
SizeofResource
GetSystemDirectoryW
WriteFile
GetProcessHeap
GetModuleHandleW
HeapFree
HeapAlloc
LoadResource
FindResourceW
FreeResource
CreateFileA
GetProcAddress
GetModuleHandleA
Process32NextW
Process32FirstW
GetLastError
GetCurrentProcessId
CreateToolhelp32Snapshot
DeleteFileW
GetModuleFileNameW
CreateThread
CreateEventW
CloseHandle
GetFileAttributesW
GetTickCount
ExitProcess
Sleep
GetTempPathW
OpenEventW

user32

ClientToScreen
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
SetWindowTextW
GetDlgCtrlID
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadStringW
LoadAcceleratorsW
MessageBoxW
UnhookWindowsHookEx
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
FindWindowW
GetWindowRect
WindowFromPoint
GetWindowTextW
SendInput
SetCursorPos
wsprintfW
RegisterWindowMessageW
WinHelpW
GetWindowPlacement

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteA

ws2_32

gethostbyname
WSAStartup
closesocket
gethostbyaddr
connect
inet_addr
htonl
WSAGetLastError
htons
recv
socket
send

iphlpapi

GetAdaptersAddresses

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

DeleteDC
GetStockObject
TextOutW
PtVisible
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
ExtTextOutW
SaveDC
RestoreDC
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
RectVisible
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 448KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df08ca2958073764431835d21f7060fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 448KB - Virtual size: 472KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 448KB - Virtual size: 472KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 4KB