WLUpdate[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WLUpdate.exe
Size

1.6MB
MD5

68d63b2b54aebd3035c4361dca2ab662
SHA1

b269bffa56e1d79f84f730874a4c33c44a56be4f
SHA256

429d0af5e034d1fbd36f3be23c4f966cbdbeaa3a6b94413eec3acd26986c3ee8
SHA512

1d6f2ac84aa686cc09cf4cbcb792bc2addc8783e09d459ded3769e50112531d080f21398934477b488cd374e1fdc47829365bf966dbcbe67876c9412eec51d5c
SSDEEP

24576:e8m657w6ZBLmkitKqBCjC0PDgM5AasdgGIXD8m657w6ZBLmkitKqBCjC0PDgM5Ap:eVV1BCjBl4gGIjVV1BCjBr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WLUpdate.exe

Files

WLUpdate.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ