xzupdate[.]exe

General

Target

xzupdate.exe
Size

61KB
MD5

f62b662f418fcaf2004dfa224ba441ea
SHA1

507437e30004c4703902ffb0712ead9e4fa7ff80
SHA256

c0103a838a6865460a3a5d5ee43c079e3f5e0b87d35a53611351056020eb1a73
SHA512

6eb9ad4d6e9711e14fb8fff941870604792970990200e1a1a7866c4250851413f8475368fab22e828a9a3a7baff7bea907763e421b7c5938ede11b29a803d635
SSDEEP

768:3kE2UEuNEK4pRD6NJ/IOt3LUELbI+IhwFlyl3DWIQgPtFOI8qcQaslmi:3kE2XnK4L68OiEPNIhpegFFO3slz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xzupdate.exe

Files

xzupdate.exe
.exe windows:1 windows x86 arch:x86

699035716eff0f4cbc45b97c4ff099a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExitThread
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

pbvm90

ord137

Sections

AUTO
Size: 16KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

699035716eff0f4cbc45b97c4ff099a5

Headers

File Characteristics

Imports

user32

kernel32

pbvm90

Sections

AUTO Size: 16KB - Virtual size:

.idata Size: 1KB - Virtual size:

DGROUP Size: 3KB - Virtual size:

.bss Size: 4KB - Virtual size:

.reloc Size: 1KB - Virtual size:

.rsrc Size: 33KB - Virtual size:

AUTO
Size: 16KB - Virtual size:

.idata
Size: 1KB - Virtual size:

DGROUP
Size: 3KB - Virtual size:

.bss
Size: 4KB - Virtual size:

.reloc
Size: 1KB - Virtual size:

.rsrc
Size: 33KB - Virtual size: