Summary | ZeroBOX

uDUxwumDrV.dll

OS Processor Check PE64 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6402 April 28, 2021, 4:06 p.m. April 28, 2021, 4:09 p.m.
Size 15.9MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 ee03a7aafeaa2e4b937066e5efe8016f
SHA256 071726ffe3567442cc251bb3bf1b72db413081cbe1a41483c8cc230c31834816
CRC32 3AA46985
ssdeep 196608:TtPW0qJXS7S/PzVjqjKj4U1tc18OXVmJXSMKAQPJjDqPXDKw9AHurr6:Tt6Jjvj1tc1XVmJXvKAykPXOwuHh
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
section ?MYF.v\x1d%
section bX,7Ic,:
section 7vVtIR\x1fP
section 8:!CD-Y#
section lX9\x1cFMLW
section YT;jIN:!
section B;bdgtRg
section TD_8>Y0q
section =\Q-FAQc
section \x1c*\x1eHAdSP
section V:D8)cUm
section S%w9EedK
section vdR&<rVA
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2a83fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2a3b975
0x263000
0x25f508

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2a83fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 2491696
registers.r10: -1951159840
registers.rbx: 2490976
registers.rsp: 2093712
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 43298143
registers.rbp: 2479488
registers.rdi: 2491216
registers.rax: 3478307267
registers.r13: 0
1 0 0

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2bb3fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2b6b975
0x3720e0
0x36e578

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2bb3fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 3601824
registers.r10: -1949914656
registers.rbx: 3601104
registers.rsp: 1831568
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 44543327
registers.rbp: 3593600
registers.rdi: 3601344
registers.rax: 2696101604
registers.r13: 0
1 0 0

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2a83fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2a3b975
0x3120e0
0x30e578

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2a83fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 3208608
registers.r10: -1951159840
registers.rbx: 3207888
registers.rsp: 1830944
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 43298143
registers.rbp: 3200384
registers.rdi: 3208128
registers.rax: 2627131305
registers.r13: 0
1 0 0

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2ae3fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2a9b975
0x1320c0
0x12e558

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2ae3fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 1242496
registers.r10: -1950766624
registers.rbx: 1241776
registers.rsp: 2748384
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 43691359
registers.rbp: 1234272
registers.rdi: 1242016
registers.rax: 3274137831
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00048a00', u'virtual_address': u'0x006b1000', u'entropy': 7.9991395216885115, u'name': u'TD_8>Y0q', u'virtual_size': u'0x000488e0'} entropy 7.99913952169 description A section with a high entropy has been found
section {u'size_of_data': u'0x00050200', u'virtual_address': u'0x006fa000', u'entropy': 7.995932504638369, u'name': u'=\\Q-FAQc', u'virtual_size': u'0x000501c0'} entropy 7.99593250464 description A section with a high entropy has been found
section {u'size_of_data': u'0x0057d000', u'virtual_address': u'0x0074b000', u'entropy': 7.863972219166107, u'name': u'\\x1c*\\x1eHAdSP', u'virtual_size': u'0x0057ce61'} entropy 7.86397221917 description A section with a high entropy has been found
section {u'size_of_data': u'0x002ef600', u'virtual_address': u'0x00cc8000', u'entropy': 7.617840162915499, u'name': u'V:D8)cUm', u'virtual_size': u'0x002ef574'} entropy 7.61784016292 description A section with a high entropy has been found
entropy 0.566465303119 description Overall entropy of this PE file is high
host 172.217.25.14
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.FGHR
Cylance Unsafe
CrowdStrike win/malicious_confidence_100% (W)
K7GW Spyware ( 005791d51 )
K7AntiVirus Spyware ( 005791d51 )
Arcabit Trojan.Agent.FGHR
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win64/Spy.Mekotio.P
APEX Malicious
Avast Win64:Trojan-gen
BitDefender Trojan.Agent.FGHR
AegisLab Trojan.Win32.Fghr.4!c
Rising Spyware.Mekotio!8.F5DF (CLOUD)
Ad-Aware Trojan.Agent.FGHR
Emsisoft Trojan.Agent.FGHR (B)
McAfee-GW-Edition BehavesLike.Win64.Softcnapp.wc
FireEye Generic.mg.ee03a7aafeaa2e4b
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
Webroot W32.Trojan.Gen
MAX malware (ai score=83)
Kingsoft Win32.Troj.Generic.a.(kcloud)
Gridinsoft Trojan.Heur!.02296202
Microsoft Trojan:Win32/Wacatac.B!ml
GData Trojan.Agent.FGHR
McAfee Artemis!EE03A7AAFEAA
Malwarebytes Malware.AI.4211687409
TrendMicro-HouseCall TROJ_FRS.VSNTDR21
Fortinet W64/Mekotio.P!tr.spy
AVG Win64:Trojan-gen