GUpdater[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

GUpdater.exe.7z
Size

15KB
MD5

689bd1bf0f3e0494b089936419b09ce0
SHA1

ed25d76fbfc882bfd2a0f27a834b297c43b6a41b
SHA256

cf2b4bdfe7591d0113b8f2e57533f6577bc78ec2269fbde931119fa1dc64884f
SHA512

1792afcac90a2985a560ae0b9ab8279708632fe82c61439dd478fdb8676b2bcc4ad72cd8773a5c2597c50f32b79dc16cafc7761284abe787033602e3c64ad352
SSDEEP

384:jhtCsi5YupuFiqKzxhit+FkFRv3ucTJypIw:6siimuC9hiAm3uc1A

Score

N/A

Malware Config

Signatures

Files

GUpdater.exe.7z
.7z

Password: infected
GUpdater.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:aa:ee:18:61:75:25:ea:b2:fb:d5:ba
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/04/2019, 14:37

Not After

11/04/2022, 14:37

Subject

SERIALNUMBER=515044956,CN=Terser Tude LTD,O=Terser Tude LTD,STREET=10 Habarzel,L=Tel Aviv,ST=Tel Aviv,C=IL,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:82:04:e3:89:09:ea:de:00:b3:76:57:23:d8:1b:2f:86:4f:9e:ff
Signer

Actual PE Digest

ea:82:04:e3:89:09:ea:de:00:b3:76:57:23:d8:1b:2f:86:4f:9e:ff

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=515044956,CN=Terser Tude LTD,O=Terser Tude LTD,STREET=10 Habarzel,L=Tel Aviv,ST=Tel Aviv,C=IL,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/08/2019, 06:54
Valid: true

Chain 1

SERIALNUMBER=515044956,CN=Terser Tude LTD,O=Terser Tude LTD,STREET=10 Habarzel,L=Tel Aviv,ST=Tel Aviv,C=IL,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

17:aa:ee:18:61:75:25:ea:b2:fb:d5:baCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ea:82:04:e3:89:09:ea:de:00:b3:76:57:23:d8:1b:2f:86:4f:9e:ffSigner

Signature Validations

Verification

01/08/2019, 06:54 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

17:aa:ee:18:61:75:25:ea:b2:fb:d5:ba
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ea:82:04:e3:89:09:ea:de:00:b3:76:57:23:d8:1b:2f:86:4f:9e:ff
Signer

01/08/2019, 06:54
Valid: true

.text
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B