Static task
static1
General
-
Target
Updater.exe
-
Size
748KB
-
MD5
c3d119df52b9dd5f607d0ed20b9b02dd
-
SHA1
0620b025bf65698dcba78ad7f1d05bf115bbff60
-
SHA256
a79d69414e5613d62c4fca1642906a454d277623986c89e774f5487311ef62de
-
SHA512
3be0bf1f568f0a75f790d6a27e10b19fddf353a2e71b2df94dd7baa6f079713ec5087540eb75a1c0061f641b953ce743b0e2d75a45b970593964f223556fa6ed
-
SSDEEP
12288:R2ZM3dExa0VOQsO+DHIczWdlM6P21xcA12hVzBuRD2b/y:R2Z630VOQ+jIcG+6e1xgoi
Malware Config
Signatures
Files
-
Updater.exe.exe windows x64
793cff536f9567173006a89f4a917c9f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
comctl32
ord17
kernel32
LocalFree
WideCharToMultiByte
DeleteFileW
CreateDirectoryW
MultiByteToWideChar
FormatMessageA
GetModuleFileNameW
VirtualProtect
VirtualAlloc
GetCurrentProcess
RemoveDirectoryW
GetTempPathW
CopyFileW
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetLocaleInfoEx
GetLastError
FlushInstructionCache
OpenProcess
GetCurrentDirectoryW
CreateFileW
CloseHandle
lstrlenW
AreFileApisANSI
MoveFileExW
InitOnceBeginInitialize
InitOnceComplete
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
Sleep
FreeLibrary
VerifyVersionInfoW
GetTickCount64
SetLastError
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryW
LoadLibraryW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetProcAddress
GetModuleHandleW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
user32
SetWindowPos
GetSystemMetrics
SetWindowTextW
ShowWindow
DestroyWindow
GetMessageW
DispatchMessageW
RegisterClassW
PostQuitMessage
CreateWindowExW
PostMessageW
GetWindowRect
GetSysColorBrush
SetWindowLongW
SystemParametersInfoW
TranslateMessage
DefWindowProcW
MessageBoxW
SendMessageW
gdi32
CreateFontIndirectW
advapi32
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegGetValueA
shell32
ShellExecuteW
ord680
CommandLineToArgvW
ole32
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2
msvcp140
?id@?$numpunct@_W@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
?widen@?$ctype@D@std@@QEBADD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?id@?$ctype@D@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?classic@locale@std@@SAAEBV12@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?id@?$numpunct@D@std@@2V0locale@2@A
_Xtime_get_ticks
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bios_base@std@@QEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0_Lockit@std@@QEAA@H@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_join
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
ntdll
RtlInitUnicodeString
VerSetConditionMask
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
vcruntime140
strrchr
wcschr
_purecall
__std_terminate
strchr
__std_exception_destroy
_CxxThrowException
memchr
strstr
__std_exception_copy
memcmp
memcpy
__C_specific_handler
__current_exception_context
memmove
memset
__current_exception
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
_cexit
_exit
_seh_filter_exe
_initialize_onexit_table
_initialize_wide_environment
_c_exit
_register_onexit_function
exit
_register_thread_local_exe_atexit_callback
_set_app_type
strerror_s
_crt_atexit
_beginthreadex
terminate
_configure_wide_argv
abort
_get_wide_winmain_command_line
_getpid
__sys_nerr
strerror
_wassert
_errno
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0
fputc
__stdio_common_vsnprintf_s
_set_fmode
_fseeki64
fputs
__stdio_common_vsscanf
__acrt_iob_func
fclose
fseek
fflush
__p__commode
_ftelli64
fopen
_close
__stdio_common_vfprintf
fwrite
_lseeki64
_wfopen_s
_read
_write
_open
__stdio_common_vsprintf
fgets
fread
api-ms-win-crt-convert-l1-1-0
strtol
atoi
strtoul
strtoll
strtoull
api-ms-win-crt-heap-l1-1-0
_aligned_free
calloc
_aligned_malloc
_set_new_mode
free
malloc
_callnewh
realloc
api-ms-win-crt-math-l1-1-0
_dsign
__setusermatherr
_ldclass
_fdclass
_dclass
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
localeconv
api-ms-win-crt-string-l1-1-0
_wcsnicmp
tolower
toupper
_stricmp
isalpha
_strnicmp
_strdup
isgraph
isprint
islower
isupper
wcspbrk
isalnum
isspace
strpbrk
strncpy
wcsncpy
strncmp
isdigit
_wcsdup
isxdigit
strcmp
api-ms-win-crt-time-l1-1-0
_get_timezone
_get_dstbias
_time64
_localtime64_s
_tzset
_gmtime64
api-ms-win-crt-filesystem-l1-1-0
_wstat64
_fstat64
_stat64
shlwapi
PathIsDirectoryW
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-environment-l1-1-0
getenv
ws2_32
listen
recvfrom
gethostname
htonl
sendto
ioctlsocket
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
getpeername
closesocket
connect
ntohl
Sections
.text Size: 582KB - Virtual size: 582KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ