updater[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

updater.dll.exe
Size

234KB
MD5

9b4b4a7caa4bb0853f91c54577c484b1
SHA1

a2f117bb1c7dd7d9f3d5bbdca293e6057f79e7d3
SHA256

8ed90a0b90d972e3b57cf8f9cf3ecf1ca08b611f74394b41d63433ca18a1bf59
SHA512

32f5f39f9201f3068df147eed0d4ddd45a94c773c51eee9353184f2ce09c15ecc5fd1e4be1521f94fb38c25eaccb28bc4430b510411e9f11bbad75897a7eb3df
SSDEEP

3072:8CFR8tmYgAbR+89Iz8Nb58Ls/XqSMGiyfOi8Bv/MJbnWF0Wvl8eOq/d5lq1:8CGl+8hb+Lsvq0iT6bnWdvlvBVQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
updater.dll.exe

Files

updater.dll.exe
.exe windows x86

5b776df520ace051c45f52eb27a73fee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathW
EnumCalendarInfoA
GetDriveTypeW
GetConsoleAliasExesLengthA
InterlockedIncrement
InterlockedDecrement
HeapFree
FreeEnvironmentStringsA
MoveFileWithProgressA
GetTickCount
GetSystemTimeAsFileTime
EnumTimeFormatsA
SetProcessPriorityBoost
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
AddRefActCtx
LoadLibraryW
IsProcessInJob
GetCalendarInfoA
InitAtomTable
GetFileAttributesW
CompareStringW
MultiByteToWideChar
GetStringTypeExA
GetProfileIntA
GetLastError
GetCurrentDirectoryW
GetProcAddress
SetComputerNameA
WriteConsoleA
SetCalendarInfoW
AddAtomW
RemoveDirectoryW
SetFileApisToANSI
BeginUpdateResourceA
GetModuleFileNameA
FindFirstVolumeMountPointA
CreateIoCompletionPort
GetModuleHandleA
lstrcatW
FreeEnvironmentStringsW
FindNextFileW
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
EnumSystemLocalesW
CloseHandle
WriteConsoleW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
GetCPInfo
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
GetModuleFileNameW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW

user32

DefDlgProcW

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b776df520ace051c45f52eb27a73fee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 109KB - Virtual size: 2.6MB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 109KB - Virtual size: 2.6MB

.rsrc
Size: 18KB - Virtual size: 18KB