UCRename.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 0/55 Related 2238
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 300.07 KB (307272 bytes)
Compile time: 2014-07-17 10:05:53
MD5: b697beeb040f4c720529a6242bac6a8b
SHA1: e96a91d30e31d8dd268d684d7343477ff8688985
SHA256: 755e7628bee7605ca7054477e4191522f0773f1911a995148474d64c75e0e200
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 5 import resource debug relocation security
First submission: 2016-10-06 13:22:07
Last submission: 2016-10-06 13:22:07
Filename detected: - UCRename.exe (1)
URL file hosting
hXXp://liu.lge.com/LGUpdateCenter/Update/VITA/0009/data/UCRename.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2014-09-22 09:48:16 [0/55] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1614 6144 d3507067fea732da1aef58e87f30607d 046369a7e85748041d697bca6ceb9bc274d0b048
.rsrc 0x4000 0x47510 292352 6ba763e62830b0f3540368ceb9125cbd 62c1958fb754bd73bacdfe0554fd46f12773785a
.reloc 0x4c000 0xc 512 422b1827e015b55bfd390ffce1ea0aee 6503c68fcbe8976b4d39e2fde83eadd530489e66
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x483a8 9640 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x4a950 76 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x41f0 760 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x4a9a0 2921 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 Microsoft 2012
Assembly Version: 1.0.0.0
InternalName: UCRename.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
OriginalFilename: UCRename.exe
Translation: 0x0000 0x04b0
FileDescription: UCRename
ProductVersion: 1.0.0.0
ProductName: UCRename
XOR
No XOR informations found in this file.
Signature
MD5: 54b6255aa811a4ebfb0d3f3a7eed6697
SHA1: 4e31fd6b795fd93bcff67d9dbd2b180ad5772cf7
Block Size: 7752
Virtual Address: 299520
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
https://www.verisign.com/cps0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.verisign.com0
http://www.w3.org/2001/XMLSchema-instance
http://
http://crl.verisign.com/pca3.crl0
http://crl.verisign.com/pca3-g5.crl04
https://www.verisign.com/rpa0
http://ocsp.thawte.com0
http://logo.verisign.com/vslogo.gif04
http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
https://www.verisign.com/rpa
http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://ocsp.verisign.com0;
http://ts-ocsp.ws.symantec.com07
VarFileInfo
ProductName
\UCUpdate.new
InternalName
UCRename.exe
TRAYREQUIRED
\UCAlarm.exe
1.0.0.0
StringFileInfo
Translation
UCRenam
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
UCRename
UCRename.Properties.Resources
START
000004b0
ProductVersion
FileDescription
AUTOMATIC
Microsoft
OriginalFilename
LegalCopyright
CompanyName
\UCUpdate.exe
\LGUpdateCenter.exe
UCUpdate
Microsoft 2012
<<<Obsolete>>
_CorExeMain
g0e0*
'Symantec Time Stamping Services CA - G2
DebuggerNonUserCodeAttribute
0V0(
@.reloc
http:// 0
ApplicationSettingsBase
>0 0
Y0W03
set_WindowStyle
Resources
z;T0S
AssemblyTrademarkAttribute
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
.cctor
121221000000Z
EFAn
.NET Framework 4.5
Object
+Symantec Time Stamping Services Signer - G40
CompilationRelaxationsAttribute
GetProcessesByName
mscorlib
211107235959Z0
`F~T
\vnO^
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
VeriSign, Inc.1
#http://crl.verisign.com/pca3-g5.crl04
VeriSign, Inc.1705
^ooo
https://www.verisign.com/cps0
*0(0&
ComVisibleAttribute
+G'L?
STAThreadAttribute
Thread
SettingsBase
G8J-l
System.Runtime.CompilerServices
140717081004Z0#
%VeriSign Class 3 Code Signing 2010 CA
https://www.verisign.com/cps0*
System.Runtime.Versioning
System.Runtime.InteropServices
o
TimeStamp-2048-10
201230235959Z0^1 0
System.Globalization
#Blob
-0+0)
image/gif0!0
GetCommandLineArgs
d:\LG Update Center\LGUpdateCenter\Window\UCRename\obj\Debug\UCRename.pdb
ResourceManager
Start
2oNW
Move
`.rsrc
*Vs
4.0.0.0
Kill
sProName
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
,&c3
^TK]
e0c0$
SetAttributes
AssemblyVersionAttribute
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
http://ocsp.verisign.com0;
get_Default
5Digital ID Class 3 - Microsoft Software Validation v21
$fffa0d9e-1953-4a46-80aa-7abacf0effd2
[0Y0W0U
System
EditorBrowsableState
AssemblyConfigurationAttribute
Application
ProcessWindowStyle
BSJB
80604
Type
resourceCulture
Y3
VeriSignMPKI-2-80
Kill_APP
CultureInfo
.ctor
sfAY
<VeriSign Class 3 Public Primary Certification Authority - G50
Copyright
UCRename.Properties
1.0.0.0
y@b%
0^1 0
90705
RuntimeTypeHandle
$$$H
http://ocsp.verisign.com0>
op_Inequality
.Class 3 Public Primary Certification Authority0
#http://logo.verisign.com/vslogo.gif04
"W*o
****
Western Cape1
Settings
set_Culture
get_ResourceManager
AssemblyTitleAttribute
1"0
0r0^1 0
DebuggingModes
get_StartupPath
Assembly
#Strings
LG Electronics Inc.0
&0$0"
Exists
http://crl.verisign.com/pca3.crl0
K
|te A
1 0
System.ComponentModel
AssemblyCopyrightAttribute
;=0
;=0
http://ts-ocsp.ws.symantec.com07
Thawte Timestamping CA0
&J@<
ProcessStartInfo
Durbanville1
Gyeonggi-do1
RSDS
0_1 0
O =W
TimeStamp-2048-20
EditorBrowsableAttribute
op_Equality
Environment
RuntimeCompatibilityAttribute
Program
Exit
60402
200207235959Z0
ToUpperInvariant
---a
---c
}HZ h
'Symantec Time Stamping Services CA - G20
Microsoft
AssemblyProductAttribute
UCRename.exe
VeriSign Trust Network1;09
^:H@[5
set_FileName
444U
J&f'
.http://crl.thawte.com/ThawteTimestampingCA.crl0
<Module>
Delete
get_Culture
Concat
{]KV
UCRename.Properties.Resources.resources
AssemblyDescriptionAttribute
CcjRK
201229235959Z0b1 0
Default
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
UCRename
resourceMan
qqfE
%VeriSign Class 3 Code Signing 2010 CA0
9bbb
ay [
http://ocsp.thawte.com0
(0&0$
Business Solution1
a;EQ
3130m
https://www.verisign.com/rpa0
110729000000Z
<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app" /> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <!-- UAC Manifest Options If you want to change the Windows User Account Control level replace the requestedExecutionLevel node with one of the following. <requestedExecutionLevel level="asInvoker" uiAccess="false" /> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> Specifying requestedExecutionLevel node will disable file and registry virtualization. If you want to utilize File and Registry Virtualization for backward compatibility then delete the requestedExecutionLevel node. --> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> <applicationRequestMinimum> <defaultAssemblyRequest permissionSetReference="Custom" /> <PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true" ID="Custom" SameSite="site" /> </applicationRequestMinimum> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- A list of all Windows versions that this application is designed to work with. Windows will automatically select the most compatible environment.--> <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node--> <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>--> <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node--> <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>--> <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node--> <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>--> </application> </compatibility> <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> <!-- <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency>--> </asmv1:assembly>
TargetFrameworkAttribute
3130
Synchronized
System.Diagnostics
Process
R5 >
y3+.{
value
AssemblyFileVersionAttribute
Culture
Symantec Corporation1402
2Terms of use at https://www.verisign.com/rpa (c)101.0,
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
System.Windows.Forms
0*0(
GetTypeFromHandle
Idm
FileAttributes
CompilerGeneratedAttribute
061108000000Z
AssemblyCompanyAttribute
Thawte Certification1
http://ocsp.verisign.com0
Symantec Corporation100.
GGG_
.NETFramework,Version=v4.5
Exception
WrapNonExceptionThrows
11.0.0.0
=0;09
121018000000Z
222~
Pyeongtaek-si1
Main
.text
>"hcS
VeriSign Trust Network1:08
]jxdE
LG Electronics Inc.1>0<
ReName_Autoupdate
get_Assembly
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
50301
DebuggableAttribute
100208000000Z
999[
System.CodeDom.Compiler
GuidAttribute
fxww
111
Microsoft 2012
3System.Resources.Tools.StronglyTypedResourceBuilder
#GUID
GeneratedCodeAttribute
v4.0.30319
i0g0e
Find_Process
DoEvents
System.Threading
B=e6
System.Configuration
set_Arguments
defaultInstance
140816235959Z0
c 9D
System.Resources
String
Trim
System.Reflection
b07x
System.IO
mscoree.dll
!This program cannot be run in DOS mode. $
PADPADP
AssemblyCultureAttribute
FrameworkDisplayName
Sleep
File
get_StartInfo
9 0
Thawte1

#infosec #automation

TheSystem Itself @ 2016-10-06 13:22:07