update[.]exe[.]virus

Sharing

Copy URL Twitter E-mail

General

Target

update.exe.virus
Size

4.2MB
MD5

4b8e2b606392c17ae8922c146a5c1fb5
SHA1

7a3c7cb797d9487d30362509c74316bdebcab728
SHA256

116ed79c62fc892b732e3168a832b165850ad83287c08117dae07666a724fb11
SHA512

0ac453316cf48006bcec6da0fe3c67ece2674bb89661a9740208a0224125bea23a610ed17281fb11353608c48891165aea01ea3366c68fbf47a84c918e3e83a1
SSDEEP

98304:hlrBNh2swAaMHQlSbXJDRjbXs9kNpIte:Ht2swJSrs9kNpI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
update.exe.virus

Files

update.exe.virus
.exe windows x86

938b2eeffb26e284cda4321a271baa0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipCloneImage
GdiplusShutdown
GdipLoadImageFromStream
GdiplusStartup
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC2
GdipDrawImageRectI
GdipGetImageHeight
GdipFree

kernel32

SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
PeekNamedPipe
VerifyVersionInfoA
SleepEx
InitializeCriticalSectionEx
GetTickCount64
FormatMessageA
GetFileType
GetStdHandle
LCMapStringW
GetCPInfo
WaitForSingleObjectEx
GetStringTypeW
TryEnterCriticalSection
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
MoveFileExW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetUserDefaultLCID
GetCommandLineW
HeapQueryInformation
UnhandledExceptionFilter
QueryPerformanceFrequency
SetStdHandle
VirtualAlloc
VirtualQuery
GetACP
SetConsoleCtrlHandler
GetDriveTypeW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GlobalMemoryStatus
GetSystemTime
SizeofResource
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapSize
GetLastError
GlobalAlloc
HeapReAlloc
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
GlobalLock
DeleteCriticalSection
GetProcessHeap
GlobalUnlock
FreeResource
LockResource
GetProcAddress
GetModuleHandleW
CreateMutexW
GetPrivateProfileStringW
GetCurrentProcess
GetPrivateProfileIntW
GetSystemDirectoryW
Sleep
LoadLibraryW
FreeLibrary
GetModuleFileNameA
SetFilePointer
SetEndOfFile
CreateFileW
DeleteFileW
CloseHandle
CopyFileW
CreateFileMappingW
GetTickCount
WritePrivateProfileStringW
GetLocalTime
GetModuleFileNameW
LocalFree
WideCharToMultiByte
CreateDirectoryW
FindFirstFileW
RemoveDirectoryW
FindClose
GetVersionExW
SetFileAttributesW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetTimeZoneInformation
Process32NextW
Process32FirstW
GlobalFree
GetSystemInfo
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
SetThreadPriority
SuspendThread
ResumeThread
TerminateThread
CreateThread
GetExitCodeThread
WaitForMultipleObjects
OutputDebugStringW
ReleaseSemaphore
ReadFile
WriteFile
GetFileAttributesW
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
MulDiv
OutputDebugStringA
EncodePointer
SetLastError
GetCurrentThreadId
GetModuleHandleA
LoadLibraryExW
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GlobalSize
FormatMessageW
GetCurrentProcessId
LocalAlloc
SystemTimeToTzSpecificLocalTime
GetCurrentThread
lstrcmpA
lstrcpyW
FileTimeToLocalFileTime
FindNextFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetThreadLocale
GlobalFlags
InitializeCriticalSection
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetFileAttributesExW
GetFileSizeEx
GetFileTime
VerSetConditionMask
VerifyVersionInfoW
SetErrorMode
FindResourceExW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
SearchPathW
GetProfileIntW
ExpandEnvironmentStringsA

user32

GetAsyncKeyState
CopyImage
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
CharUpperW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
SetRectEmpty
SendDlgItemMessageA
MapDialogRect
SetWindowContextHelpId
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
ShowOwnedPopups
PostQuitMessage
GetActiveWindow
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
LoadMenuW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetParent
GetClassLongW
SetWindowLongW
UnpackDDElParam
ReuseDDElParam
EnableWindow
InvalidateRect
EnumDisplayMonitors
SetCursor
GetSysColor
PtInRect
EqualRect
DeleteMenu
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
RegisterClipboardFormatW
ScrollWindow
RedrawWindow
ValidateRect
DrawFocusRect
DrawStateW
ClientToScreen
CopyRect
OffsetRect
DestroyCursor
UpdateWindow
TrackPopupMenu
TrackMouseEvent
IsZoomed
InsertMenuItemW
SetWindowRgn
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
BringWindowToTop
TranslateAcceleratorW
LoadAcceleratorsW
WaitMessage
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetCapture
ReleaseCapture
DestroyIcon
CharNextW
CopyAcceleratorTableW
InvalidateRgn
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
WindowFromPoint
UnregisterClassW
SendMessageW
FillRect
InflateRect
GetWindowLongW
FindWindowW
GetClassInfoW
MessageBoxW
PostMessageW
GetCursorPos
IsIconic
SetForegroundWindow
KillTimer
AppendMenuW
GetClientRect
LoadIconW
GetForegroundWindow
SetTimer
DrawEdge
DrawFrameControl
DrawIconEx
ToUnicodeEx
DrawIcon
GetSystemMetrics
ScreenToClient
SetActiveWindow
SetWindowPos
GetSystemMenu
MapWindowPoints
SetLayeredWindowAttributes
MoveWindow
GetWindowRect
GetDesktopWindow
ReleaseDC
LoadImageW
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetParent
LockWindowUpdate
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
SetMenu
GetMenu
GetCapture
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IntersectRect
GetDC
SetRect
EmptyClipboard
CharUpperBuffW
ModifyMenuW
CopyIcon
FrameRect
PostThreadMessageW
GetIconInfo
HideCaret
InvertRect
GetKeyNameTextW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
GetWindowRgn
SetScrollPos

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
LPtoDP
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
Rectangle
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
EnumFontFamiliesExW
CreateDIBSection
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetRgnBox
GetTextColor
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePen
CreateHatchBrush
DPtoLP
ExtTextOutW
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateRectRgn
CreatePatternBrush
CreateBitmap
CombineRgn
GetDeviceCaps
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
GetObjectW
SetBkColor
DeleteObject
CreateFontIndirectW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteKeyW
RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW

shell32

SHAppBarMessage
DragQueryFileW
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
DragFinish

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsDirectoryW
StrFormatKBSizeW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
UrlUnescapeW

uxtheme

GetThemePartSize
GetCurrentThemeName
GetThemeSysColor
OpenThemeData
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeColor
DrawThemeBackground
CloseThemeData
DrawThemeParentBackground
DrawThemeText
IsAppThemed

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoInitialize
CreateStreamOnHGlobal

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
OleLoadPicture
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysFreeString
VariantChangeType

oledlg

OleUIBusyW

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
socket
WSAGetLastError
WSACleanup
WSAStartup
ntohs
shutdown
setsockopt

wininet

HttpOpenRequestW
InternetSetStatusCallbackW
InternetOpenW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
HttpAddRequestHeadersW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetReadFile
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

wldap32

ord30
ord79
ord200
ord301
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

938b2eeffb26e284cda4321a271baa0c

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

winmm

version

sensapi

ws2_32

wininet

oleacc

imm32

wldap32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 684KB - Virtual size: 684KB

.data Size: 64KB - Virtual size: 99KB

.rsrc Size: 233KB - Virtual size: 233KB

.reloc Size: 192KB - Virtual size: 192KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 684KB - Virtual size: 684KB

.data
Size: 64KB - Virtual size: 99KB

.rsrc
Size: 233KB - Virtual size: 233KB

.reloc
Size: 192KB - Virtual size: 192KB