gpupdate[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

gpupdate.exe
Size

25KB
MD5

974932b1f6ff9143ef816dcec47c7829
SHA1

6a0f9c6b780a7461586619b4e8ebcd763562dd29
SHA256

5c7702f6986281fe373093d5e3362bba6bae1b144db995df07ed9e54cb431f75
SHA512

b92a3c5784e827f2e4ca0165975fa947bd856f70041d6bdb5039984500308f2dc640fdd161c296efaba6282c0860cf8c0576b8a6639d7b2b37b5c2972ad540af
SSDEEP

384:qc+sv0sKmxTD1hVC+iQk3gAdFUdIL6Pnoyeu2vYLB5Oz4K3POWFIDWM:4sv0lUuD/MImautWz4GP+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gpupdate.exe

Files

gpupdate.exe
.exe windows x86

e28fe91aadcec39343d96c4659091959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

kernel32

GetLastError
LocalFree
GetCurrentProcess
GetConsoleOutputCP
WaitForMultipleObjects
SetThreadUILanguage
FormatMessageW
CloseHandle
CreateThread
HeapSetInformation
GetModuleHandleW
LocalReAlloc
Sleep
LocalAlloc

msvcrt

_XcptFilter
_wcsnicmp
_wsetlocale
__p__commode
getwchar
__wgetmainargs
__set_app_type
_exit
exit
_cexit
__p__fmode
__setusermatherr
_initterm
_amsg_exit
?terminate@@YAXXZ
_ultow
towupper
_wcsicmp
wcstol
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
_onexit
_callnewh
malloc
_vsnwprintf
wprintf
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z

gpapi

ord115

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

userenv

ForceSyncFgPolicy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlCopySid
RtlLengthSid

user32

ExitWindowsEx

wevtapi

EvtFormatMessage
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtClose

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e28fe91aadcec39343d96c4659091959

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

gpapi

api-ms-win-core-libraryloader-l1-2-0

userenv

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

user32

wevtapi

api-ms-win-core-synch-l1-1-0

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB