OpsCenterUpdater[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OpsCenterUpdater.exe
Size

1.2MB
MD5

462ac84ec0dfb4bc3baf747fc163834c
SHA1

3bc46e0f878c3448915daf5a6e70c34b4b296b78
SHA256

c618f3590e7b1ebf8ec0bbe0002f4b4feba397981ddb87f602655709b2ce37a7
SHA512

430c47fc36cc63ecc9bd5514576ef29870a3d03f5ed7dd2981a23cb99eacbb338f71f4b6c4e920680404b43f74cfd9165b7e1f88bd73bdab23bf1eee8b84efdc
SSDEEP

24576:mVPGG4snrFbepfhMB9RlrliK0UJEZTmQr0ivC6154fXq9bi+PR/:sGG4WRbIilrljdJEZTVr0ivC6154fXqr

Score

1^/10

Malware Config

Signatures

Files

OpsCenterUpdater.exe
.exe windows x64

7ab11114394f2acec7e132b0bb8af2ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?toupper@?$ctype@D@std@@QEBADD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
?eof@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Cnd_destroy_in_situ
_Mtx_unlock
_Thrd_join
_Cnd_init
_Mtx_destroy
_Xtime_get_ticks
_Thrd_id
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Cnd_signal
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?exceptions@ios_base@std@@QEAAXH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetModuleFileNameA
VerifyVersionInfoA
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
SetLastError
InitializeCriticalSectionEx
LoadLibraryA
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FormatMessageA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
MoveFileExW
CopyFileW
CreateDirectoryExW
GetModuleHandleA
GetWindowsDirectoryW
DeviceIoControl
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
GetFullPathNameW
GetFileTime
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetEnvironmentVariableW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
MoveFileA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
CreateSemaphoreW
ResetEvent
CloseHandle
SetEvent
GetLastError
CreateEventW
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
ReadFile

api-ms-win-crt-stdio-l1-1-0

fopen_s
fputc
fflush
fclose
fgetc
fwrite
fgetpos
fgets
_read
fopen
fseek
_get_stream_buffer_pointers
_close
__stdio_common_vsprintf
setvbuf
__acrt_iob_func
_open
fputs
__stdio_common_vsscanf
ungetc
ftell
_lseeki64
fsetpos
_fseeki64
fread
_write

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_unlock_file
rename
remove
_access
_stat64
_lock_file

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
terminate
abort
_getpid
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit
_cexit
_configure_narrow_argv
_errno
_seh_filter_dll
_execute_onexit_table
strerror
_crt_atexit
_initialize_narrow_environment
__sys_nerr
_beginthreadex

api-ms-win-crt-time-l1-1-0

_mktime64
_time64
_gmtime64
_localtime64
strftime
_localtime64_s

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc
realloc

api-ms-win-crt-string-l1-1-0

isalnum
strcmp
tolower
strncmp
memset
strcspn
strspn
isupper
_stricmp
_strdup
strncpy
strpbrk

api-ms-win-crt-environment-l1-1-0

getenv

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CheckTokenMembership
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
AllocateAndInitializeSid
FreeSid

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

vcruntime140

__C_specific_handler
_CxxThrowException
memcmp
memcpy
memmove
__current_exception
__current_exception_context
__std_terminate
__CxxFrameHandler3
memchr
__FrameUnwindFilter
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__std_exception_copy
strstr
strchr
strrchr
_purecall
__std_type_info_compare
__std_exception_destroy
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize

ole32

CoUninitialize
CoCreateInstance
CoInitialize

api-ms-win-crt-convert-l1-1-0

atoi
strtoll
strtol
strtoul

ws2_32

connect
getpeername
socket
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
ntohl
closesocket
WSAGetLastError
send
recv
bind
getsockname

wldap32

ord27
ord26
ord22
ord32
ord50
ord200
ord301
ord211
ord33
ord35
ord79
ord41
ord30
ord46
ord217
ord143
ord45
ord60

crypt32

CryptQueryObject
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertGetCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-utility-l1-1-0

qsort

mscoree

_CorExeMain

Sections

.text
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ab11114394f2acec7e132b0bb8af2ad

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

kernel32

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

advapi32

version

vcruntime140

ole32

api-ms-win-crt-convert-l1-1-0

ws2_32

wldap32

crypt32

normaliz

api-ms-win-crt-utility-l1-1-0

mscoree

Sections

.text Size: 770KB - Virtual size: 770KB

.nep Size: 4KB - Virtual size: 4KB

.rdata Size: 386KB - Virtual size: 386KB

.data Size: 13KB - Virtual size: 16KB

.pdata Size: 41KB - Virtual size: 41KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 770KB - Virtual size: 770KB

.nep
Size: 4KB - Virtual size: 4KB

.rdata
Size: 386KB - Virtual size: 386KB

.data
Size: 13KB - Virtual size: 16KB

.pdata
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB