gpupdate[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

gpupdate.exe
Size

25KB
MD5

f67035a0f3f09450af3e58a3b8eca976
SHA1

6e301b8701f1794237997f01f9cd3526655c2553
SHA256

b0b129612a3067d799a6ef75b4f7596eb699e1c351aee4229748f3b75ec17f09
SHA512

3ccc86a37bbc6384427657d718db80073b5af84c80ec1e88741d8b73fa16a6ff38df8ea25a5e02137cf3db03593db3aac63dcd94a4edd8c30c16673544d3adac
SSDEEP

384:mGH6eYsKmxTDN+iIMferNtC7N/XP6tX5KuGvY1k2tRG4zU3/SWFwDWyX9lX:ceYlUT2t8/StUuA4G4zQ/qln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gpupdate.exe

Files

gpupdate.exe
.exe windows x86

63406737dbfda68c1b64635c25c61035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

kernel32

GetLastError
LocalFree
GetCurrentProcess
GetConsoleOutputCP
WaitForMultipleObjects
SetThreadUILanguage
FormatMessageW
CloseHandle
CreateThread
HeapSetInformation
GetModuleHandleW
LocalReAlloc
Sleep
LocalAlloc

msvcrt

_wcsnicmp
_wsetlocale
_amsg_exit
__wgetmainargs
getwchar
__p__commode
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_XcptFilter
exit
?terminate@@YAXXZ
_ultow
towupper
__set_app_type
_wcsicmp
wcstol
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
_onexit
_callnewh
malloc
_vsnwprintf
wprintf
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z

gpapi

ord115

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

userenv

ForceSyncFgPolicy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlCopySid
RtlLengthSid

user32

ExitWindowsEx

wevtapi

EvtFormatMessage
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtClose

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63406737dbfda68c1b64635c25c61035

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

gpapi

api-ms-win-core-libraryloader-l1-2-0

userenv

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

user32

wevtapi

api-ms-win-core-synch-l1-1-0

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB