UCCheckSystem.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 0/56 Related 2060
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 304.52 KB (311832 bytes)
Compile time: 2015-05-14 10:43:06
MD5: 5c1071636b14ce79abf1aea9467f1868
SHA1: a25e372e22db094a40ea1b03da5f8c6ab0d9febe
SHA256: a543aedc7aa3adedb130035c6bd29fe2cc4b43212ebe189f15f624af840030b4
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 5 import resource debug relocation security
First submission: 2016-10-06 13:28:06
Last submission: 2016-10-06 13:28:06
Filename detected: - UCCheckSystem.exe (1)
URL file hosting
hXXp://liu.lge.com/LGUpdateCenter/Update/VITA/0009/data/UCCheckSystem.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-10-05 23:07:43 [0/56] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x3204 13312 6b5572157a1d59a52554299138eac15f 23f3831da095e0042d3177d95692ed3144175572
.rsrc 0x6000 0x46b68 289792 1474a6f231b2e20fa18fc479b6813a52 d5d4a1976c87686931ff45e40ab2bbdffb88114f
.reloc 0x4e000 0xc 512 1e62834517c09e67097d482d2ad67c67 75fcb8a98537d1978c30e4620ac24ca6089d3693
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4a380 9640 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x4c928 76 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x61f0 720 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x4c978 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2012
Assembly Version: 1.0.0.0
InternalName: UCCheckSystem.exe
FileVersion: 1.0.0.0
FileDescription: UCCheckSystem
OriginalFilename: UCCheckSystem.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: UCCheckSystem
XOR
No XOR informations found in this file.
Signature
MD5: d55a9eaff9ce61a4b7496a8570ae62cc
SHA1: 9d44511b1f55378185e708b968e19722f63f838c
Block Size: 7704
Virtual Address: 304128
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
\POOL\KOR\Driverpool.xml
System.Xml
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
https://www.verisign.com/cps0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
https://d.symcb.com/cps0%
http://sf.symcb.com/sf.crt0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.verisign.com0
https://www.verisign.com/rpa
http://
http://ocsp.thawte.com0
http://sf.symcb.com/sf.crl0f
http://crl.verisign.com/pca3-g5.crl04
https://www.verisign.com/rpa0
http://logo.verisign.com/vslogo.gif0
http://logo.verisign.com/vslogo.gif04
http://sf.symcd.com0&
http://ts-ocsp.ws.symantec.com07
https://d.symcb.com/rpa0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
Assembly Version
WLAN
SETUP
UCCheckSyste
LAN_SetupPath
LAN_Find
%windir%
FIND
InternalName
OS_
SILENT_PAR
1.0.0.0
DRIVER_LIST/LAN
\Temp
StringFileInfo
Translation
DCB00C01-570F-4A9B-8D69-199FDBA5723B
/SETUP
CHECK
SYSNAME
VER
FileVersion
Copyright
VS_VERSION_INFO
DRIVER_LIST/LIST
DRIVER
LAN_Check
000004b0
ProductVersion
FileDescription
DETECTS/DETECT
UCCheckSystem
OriginalFilename
\POOL\KOR\Driverpool.xml
LegalCopyright
LAN
LAN_Silent
VarFileInfo
UCCheckSystem.exe
<<<Obsolete>>
.DEFAULT\Software\LGE\LG Update Center\Parameters
DRIVER_LIST/WLAN
ProductName
model
UCCheckSystem.Properties.Resources
TYPE
2012
$dcb00d01-570f-4a9b-8d69-199fdba5723b*NETWORKLIST.INetworkConnectionEvents_Event
0V0(
K0I0
.cctor
#http://logo.verisign.com/vslogo.gif0
Object
TypeIdentifierAttribute
FileSystemInfo
ZSystem.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
mscorlib
`F~T
Registry
XmlNode
ComVisibleAttribute
>mn< n
3System.Resources.Tools.StronglyTypedResourceBuilder
@.reloc
<i"{
$NETWORKLIST.INetworkConnectionEvents$NETWORKLIST.INetworkConnectionEvents
op_Inequality
PnpStart
Guid
EditorBrowsableState
AssemblyConfigurationAttribute
2Terms of use at https://www.verisign.com/rpa (c)101.0,
CultureInfo
1.0.0.0
WaitForExit
INetworkConnectionCostEvents
http://sf.symcb.com/sf.crl0f
LibGlobal
GwTO7cz_!C
Marshal
SelectSingleNode
K
iJXO`
1,0*
INetworkCostManager
XmlAttributeCollection
ProcessStartInfo
RSDS
H2k=
O =W
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
op_Equality
ToUpperInvariant
---a
---c
c=bk
.http://crl.thawte.com/ThawteTimestampingCA.crl0
Z-.j
get_Culture
{]KV
AssemblyDescriptionAttribute
Default
%VeriSign Class 3 Code Signing 2010 CA0
360716235959Z0
Symantec Corporation1402
GetTypeFromCLSID
UCCheckSystem.exe
PnpDetect
InterfaceTypeAttribute
AssemblyCompanyAttribute
GGG_
Contains
get_COMPUTER_TYPE
IsConnectedToInternet
VeriSign Trust Network1:08
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
System.ComponentModel
.NET Framework 4.5
GuidAttribute
111
INetworkConnectionEvents
i0g0e
0L0#
System.Threading
get_Count
get_LANGUAGE_USER_CODE
CreateRegistryKey
222~
201229235959Z0b1 0
Thawte Timestamping CA0
mscoree.dll
!This program cannot be run in DOS mode. $
PADPADP
AssemblyCultureAttribute
strValue
$DCB0000B-570F-4A9B-8D69-199FDBA5723B
INetworkListManagerEvents_Event
Thawte1
OpenSubKey
z;T0S
Dispose
http:// 0
System.CodeDom.Compiler
INetworkListManagerEvents
$DCB00004-570F-4A9B-8D69-199FDBA5723B
AssemblyTrademarkAttribute
get_Current
%NETWORKLIST.INetworkCostManagerEvents%NETWORKLIST.INetworkCostManagerEvents
$DCB00007-570F-4A9B-8D69-199FDBA5723B
SettingsBase
ToString
Trim
#Blob
https://www.verisign.com/rpa0
$J0_b
NETWORKLIST.INetworkEvents
J#}J
Split
BSJB
Type
resourceCulture
get_Attributes
****
$$$H
2oNW
Western Cape1
Copyright
set_Culture
get_StartInfo
get_ResourceManager
AssemblyTitleAttribute
NETWORKLIST
INetworkListManager
Char
'Symantec Time Stamping Services CA - G2
&J@<
UCCheckSystem.Properties.Resources.resources
TimeStamp-2048-20
_VtblGap1_4
GetValue
Start
Program
Microsoft.Win32
'Symantec Time Stamping Services CA - G20
INetworkCostManagerEvents
set_FileName
}E@r
get_IsConnectedToInternet
UCCheckSystem
UCCheckSystem.Properties
RegistryKey
Exception
CcjRK
GetFolderPath
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://ocsp.thawte.com0
set_WorkingDirectory
$dcb00d01-570f-4a9b-8d69-199fdba5723b+NETWORKLIST.INetworkListManagerEvents_Event
ComImportAttribute
y3+.{
!:@n?"U
.ctor
}+Pz
get_OS
Idm
http://ts-ocsp.ws.symantec.com07
Symantec Corporation100.
11.0.0.0
#http://crl.verisign.com/pca3-g5.crl04
999[
Main
.text
List`1
Users
v4.0.30319
XmlNodeList
File
System.Configuration
d:\LG Update Center\LGUpdateCenter\Utility\UCCheckSystem\obj\Debug\UCCheckSystem.pdb
35Hq
c 9D
System.Reflection
ay [
FrameworkDisplayName
INetworkCostManagerEvents_Event
VeriSign, Inc.1
INetworkEvents
System.Runtime.InteropServices
140730000000Z
[0Y0W0U
Resources
g0e0*
EFAn
Durbanville1
+Symantec Time Stamping Services Signer - G40
CompilationRelaxationsAttribute
GetProcessesByName
SpecialFolder
DeleteRegistry
https://d.symcb.com/rpa0
get_Is64BitOperatingSystem
XmlNamedNodeMap
MoveNext
RuntimeTypeHandle
System.Runtime.CompilerServices
_0]0[
0W='
ComInterfaceType
image/gif0!0
`.rsrc
4.0.0.0
UCCheckSystem
smI[m
get_Default
"/~b
GetRegistry
p ~K
Enumerator
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
DeleteValue
0^1 0
%VeriSign Class 3 Code Signing 2010 CA
Settings
GetTypeFromHandle
SetRegistry
Directory
IDisposable
&0$0"
Exists
get_FullName
121221000000Z
$DCB00000-570F-4A9B-8D69-199FDBA5723B
0r0^1 0
NetworkListManager
CreateSubKey
$dcb00d01-570f-4a9b-8d69-199fdba5723b NETWORKLIST.INetworkEvents_Event
LibPNPDetect
SelectNodes
RuntimeCompatibilityAttribute
200207235959Z0
AssemblyProductAttribute
Assembly
GetEnumerator
444U
<Module>
Concat
061108000000Z
$DCB00001-570F-4A9B-8D69-199FDBA5723B
TargetFrameworkAttribute
Synchronized
150515005210Z0#
Process
value
Culture
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
#http://logo.verisign.com/vslogo.gif04
http://sf.symcd.com0&
2012
(0&0$
CompilerGeneratedAttribute
get_COMPUTER_PROJECTNAME
http://ocsp.verisign.com0
9bbb
121018000000Z
$dcb00d01-570f-4a9b-8d69-199fdba5723b+NETWORKLIST.INetworkCostManagerEvents_Event
>"hcS
get_Assembly
100208000000Z
System.Xml
0U=#
$DCB00009-570F-4A9B-8D69-199FDBA5723B
#GUID
AssemblyFileVersionAttribute
B=e6
defaultInstance
-&
System.Resources
System.IO
WrapNonExceptionThrows
get_Id
IPropertyBag
$3e66bd96-7421-4b61-96ae-4a6f467eb6f0
ApplicationSettingsBase
>0 0
DispIdAttribute
^ooo
STAThreadAttribute
get_FILE_DRIVER
Thread
XmlDocument
https://www.verisign.com/cps0*
System.Runtime.Versioning
INetworkEvents_Event
TimeStamp-2048-10
System.Globalization
-0+0)
SetValue
ResourceManager
cTi%V
80604
+` v
AssemblyVersionAttribute
System
$55272A00-42CB-11CE-8135-00AA004BB851
*Vs
https://d.symcb.com/cps0%
1 0
INetworkConnectionCostEvents_Event
_CorExeMain
DebuggerNonUserCodeAttribute
v`0XF
Y0W03
"W*o
r+
CreateInstance
,&c3
DebuggingModes
k;J0
#Strings
DirectoryInfo
System.Collections
Replace
a;EQ
AssemblyCopyrightAttribute
<VeriSign Class 3 Public Primary Certification Authority - G50
%NETWORKLIST.INetworkListManagerEvents%NETWORKLIST.INetworkListManagerEvents
(NETWORKLIST.INetworkConnectionCostEvents(NETWORKLIST.INetworkConnectionCostEvents
EditorBrowsableAttribute
201230235959Z0^1 0
Environment
IEnumerator
VeriSignMPKI-2-80
VeriSign Trust Network1;09
clsGlobal
fxww
resourceMan
>]#K
LG Electronics Inc.0
LG Electronics Inc.1
System.Collections.Generic
CoClassAttribute
\vnO^
Load
3130
http://sf.symcb.com/sf.crt0
System.Diagnostics
get_InnerText
INetworkConnectionEvents_Event
e/ $
Thawte Certification1
.NETFramework,Version=v4.5
$0"0
170927235959Z0
Activator
]jxdE
$DCB00008-570F-4A9B-8D69-199FDBA5723B
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
50301
DebuggableAttribute
rK
G8J-l
GeneratedCodeAttribute
y@b%
GetNamedItem
get_Value
ComEventInterfaceAttribute
set_Arguments
$dcb00d01-570f-4a9b-8d69-199fdba5723b.NETWORKLIST.INetworkConnectionCostEvents_Event
String
b07x
get_Parent
strName
Sleep

#infosec #automation

TheSystem Itself @ 2016-10-06 13:28:06