UpdateConfig[.]json

Sharing

Copy URL

Twitter E-mail

General

Target

UpdateConfig.json
Size

1.8MB
MD5

795dc022c8897e290b26f620b0124e5e
SHA1

6852777dbd21562869e57937dc61185ac6bc13ba
SHA256

5191fe222010ba7eb589e2ff8771c3a75ea7c7ffc00f0ba3f7d716f12010dd96
SHA512

d022243802e495bfeca016f9f3abcedf5192d90f9180a8472f8bee6263e3d5a4f9dba6329f1ffc29955cedecf9833248ea52cb69cb3e9727878bb6e4725b9901
SSDEEP

24576:t2z628Ewa0MIoe7yWL9XzUX3hXFA77mBRcTvM9qNi/qGbzaeILGXtx1K1vN9f:g6hEwiZ+yBXFAWrcSqGsGdxk1vN

Score

1^/10

Malware Config

Signatures

Files

UpdateConfig.json
.dll regsvr32 windows x64

8a8034dcff255e0445ff34225cb402e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddSecureMemoryCacheCallback
CancelIo
ChangeTimerQueueTimer
ClearCommBreak
CloseHandle
ConnectNamedPipe
CreateActCtxA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateMutexW
CreateNamedPipeA
CreatePipe
CreateProcessW
CreateRemoteThread
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DebugBreakProcess
DecodePointer
DeleteCriticalSection
DeleteTimerQueueEx
DeleteTimerQueueTimer
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FatalAppExitA
FileTimeToSystemTime
FindActCtxSectionGuid
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommConfig
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOriginalTitleA
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDllDirectoryW
GetEnvironmentStringsW
GetErrorMode
GetFileAttributesW
GetFileMUIPath
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNumaHighestNodeNumber
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessPreferredUILanguages
GetProcessWorkingSetSizeEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTapePosition
GetTapeStatus
GetThreadContext
GetThreadIOPendingFlag
GetThreadId
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeFormatW
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetWriteWatch
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsBadStringPtrA
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
OpenJobObjectW
OpenProcess
OpenThread
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryDepthSList
QueryMemoryResourceNotification
QueryPerformanceCounter
QueueUserWorkItem
RaiseException
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSemaphore
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetCalendarInfoW
SetConsoleDisplayMode
SetCurrentDirectoryW
SetEvent
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetLocalTime
SetLocaleInfoA
SetLocaleInfoW
SetStdHandle
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetupComm
SignalObjectAndWait
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnregisterWait
UnregisterWaitEx
VerLanguageNameA
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteConsoleW
WriteFile
WriteProcessMemory

user32

AnimateWindow
BroadcastSystemMessageExA
CallMsgFilterW
CallWindowProcA
CharNextW
CharToOemA
CreateAcceleratorTableW
DefFrameProcA
DefMDIChildProcW
DefRawInputProc
DestroyCaret
DrawIcon
DrawMenuBar
EnumDesktopsA
FindWindowA
FindWindowExA
GetCaretBlinkTime
GetClassNameW
GetClipboardData
GetClipboardFormatNameA
GetClipboardViewer
GetDlgCtrlID
GetFocus
GetIconInfoExA
GetMenuItemCount
GetMessagePos
GetMonitorInfoW
GetProcessDefaultLayout
GetSystemMetrics
GetThreadDesktop
GetWindowModuleFileNameA
GetWindowThreadProcessId
InsertMenuA
IsCharAlphaNumericW
IsProcessDPIAware
IsRectEmpty
IsWindowVisible
LoadMenuIndirectW
LoadStringW
LockSetForegroundWindow
LockWindowUpdate
MenuItemFromPoint
MessageBeep
PostQuitMessage
RealChildWindowFromPoint
RealGetWindowClassW
RegisterHotKey
RegisterWindowMessageW
RemoveMenu
SendMessageCallbackW
SetCaretBlinkTime
SetCaretPos
SetClassWord
SetDlgItemTextW
SetMenuDefaultItem
SetPropW
SetThreadDesktop
SetWindowLongA
ShowCursor
SubtractRect
SwitchToThisWindow
SystemParametersInfoW
TranslateMessage
UnregisterClassW
UserHandleGrantAccess
ValidateRect
keybd_event

gdi32

Chord
CopyMetaFileW
CreateColorSpaceW
CreateScalableFontResourceW
EnumFontFamiliesExA
FlattenPath
GetBkMode
GetCharWidth32W
GetCurrentObject
GetDIBColorTable
GetDeviceCaps
GetICMProfileW
GetOutlineTextMetricsA
GetRandomRgn
GetStockObject
GetTextCharsetInfo
GetTextMetricsW
GetWorldTransform
PlayEnhMetaFileRecord
PolyBezier
PolyPolyline
ResetDCA
SaveDC
SelectClipRgn
SetBitmapBits
SetColorSpace
SetMetaFileBitsEx
SetPixelFormat
StrokePath
TextOutA

shell32

CommandLineToArgvW
FindExecutableW
SHFileOperationW
SHGetDiskFreeSpaceExW
SHGetFileInfoA
SHInvokePrinterCommandA
SHQueryUserNotificationState
SHSetUnreadMailCountW

shlwapi

PathFindFileNameA
StrRChrIA
StrStrIW

rpcrt4

UuidCreate

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
recv
send
shutdown
socket

advapi32

AdjustTokenPrivileges
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
LogonUserW
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken
PrivilegeCheck
RevertToSelf
SetSecurityDescriptorDacl

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessImageFileNameW

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption

secur32

GetUserNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a8034dcff255e0445ff34225cb402e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

rpcrt4

iphlpapi

ws2_32

advapi32

userenv

psapi

winhttp

secur32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 254KB - Virtual size: 253KB

.data Size: 12KB - Virtual size: 100KB

.pdata Size: 67KB - Virtual size: 66KB

.00cfg Size: 512B - Virtual size: 16B

.gehcont Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 254KB - Virtual size: 253KB

.data
Size: 12KB - Virtual size: 100KB

.pdata
Size: 67KB - Virtual size: 66KB

.00cfg
Size: 512B - Virtual size: 16B

.gehcont
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 5KB - Virtual size: 4KB