Summary | ZeroBOX

uDUxwumDrV.dll

OS Processor Check PE64 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6402 April 28, 2021, 4:14 p.m. April 28, 2021, 4:16 p.m.
Size 15.9MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 ee03a7aafeaa2e4b937066e5efe8016f
SHA256 071726ffe3567442cc251bb3bf1b72db413081cbe1a41483c8cc230c31834816
CRC32 3AA46985
ssdeep 196608:TtPW0qJXS7S/PzVjqjKj4U1tc18OXVmJXSMKAQPJjDqPXDKw9AHurr6:Tt6Jjvj1tc1XVmJXvKAykPXOwuHh
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
section ?MYF.v\x1d%
section bX,7Ic,:
section 7vVtIR\x1fP
section 8:!CD-Y#
section lX9\x1cFMLW
section YT;jIN:!
section B;bdgtRg
section TD_8>Y0q
section =\Q-FAQc
section \x1c*\x1eHAdSP
section V:D8)cUm
section S%w9EedK
section vdR&<rVA
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2c03fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2bbb975
0x2520e0
0x24e578

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2c03fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 2422176
registers.r10: -1949586976
registers.rbx: 2421456
registers.rsp: 1569328
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 44871007
registers.rbp: 2413952
registers.rdi: 2421696
registers.rax: 2276224475
registers.r13: 0
1 0 0

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2b13fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2acb975
0x273000
0x26f508

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2b13fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 2557232
registers.r10: -1950570016
registers.rbx: 2556512
registers.rsp: 2027408
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 43887967
registers.rbp: 2545024
registers.rdi: 2556752
registers.rax: 1662517746
registers.r13: 0
1 0 0

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2b03fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2abb975
0x2120e0
0x20e578

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2b03fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 2160032
registers.r10: -1950635552
registers.rbx: 2159312
registers.rsp: 1831056
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 43822431
registers.rbp: 2151808
registers.rdi: 2159552
registers.rax: 2002683833
registers.r13: 0
1 0 0

__exception__

stacktrace:
dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba @ 0x2b73fba
dbkFCallWrapperAddr+0x72c6dd uduxwumdrv+0xdcb975 @ 0x2b2b975
0x2f20c0
0x2ee558

exception.instruction_r: 90 68 c1 bc a9 dc e8 ec c8 07 00 68 81 bc 22 0d
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol: dbkFCallWrapperAddr+0x774d22 uduxwumdrv+0xe13fba
exception.address: 0x2b73fba
registers.r14: 5
registers.r15: 0
registers.rcx: 3735929054
registers.rsi: 3077504
registers.r10: -1950176800
registers.rbx: 3076784
registers.rsp: 2486288
registers.r11: 84
registers.r8: 655420
registers.r9: 43840
registers.rdx: 10114
registers.r12: 44281183
registers.rbp: 3069280
registers.rdi: 3077024
registers.rax: 3158755606
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00048a00', u'virtual_address': u'0x006b1000', u'entropy': 7.9991395216885115, u'name': u'TD_8>Y0q', u'virtual_size': u'0x000488e0'} entropy 7.99913952169 description A section with a high entropy has been found
section {u'size_of_data': u'0x00050200', u'virtual_address': u'0x006fa000', u'entropy': 7.995932504638369, u'name': u'=\\Q-FAQc', u'virtual_size': u'0x000501c0'} entropy 7.99593250464 description A section with a high entropy has been found
section {u'size_of_data': u'0x0057d000', u'virtual_address': u'0x0074b000', u'entropy': 7.863972219166107, u'name': u'\\x1c*\\x1eHAdSP', u'virtual_size': u'0x0057ce61'} entropy 7.86397221917 description A section with a high entropy has been found
section {u'size_of_data': u'0x002ef600', u'virtual_address': u'0x00cc8000', u'entropy': 7.617840162915499, u'name': u'V:D8)cUm', u'virtual_size': u'0x002ef574'} entropy 7.61784016292 description A section with a high entropy has been found
entropy 0.566465303119 description Overall entropy of this PE file is high
host 172.217.25.14
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.FGHR
Cylance Unsafe
CrowdStrike win/malicious_confidence_100% (W)
K7GW Spyware ( 005791d51 )
K7AntiVirus Spyware ( 005791d51 )
Arcabit Trojan.Agent.FGHR
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win64/Spy.Mekotio.P
APEX Malicious
Avast Win64:Trojan-gen
BitDefender Trojan.Agent.FGHR
AegisLab Trojan.Win32.Fghr.4!c
Rising Spyware.Mekotio!8.F5DF (CLOUD)
Ad-Aware Trojan.Agent.FGHR
Emsisoft Trojan.Agent.FGHR (B)
McAfee-GW-Edition BehavesLike.Win64.Softcnapp.wc
FireEye Generic.mg.ee03a7aafeaa2e4b
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
Webroot W32.Trojan.Gen
MAX malware (ai score=83)
Kingsoft Win32.Troj.Generic.a.(kcloud)
Gridinsoft Trojan.Heur!.02296202
Microsoft Trojan:Win32/Wacatac.B!ml
GData Trojan.Agent.FGHR
McAfee Artemis!EE03A7AAFEAA
Malwarebytes Malware.AI.4211687409
TrendMicro-HouseCall TROJ_FRS.VSNTDR21
Fortinet W64/Mekotio.P!tr.spy
AVG Win64:Trojan-gen