gpupdate[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

gpupdate.exe
Size

52KB
MD5

1548b48f672949e28beeac652968f008
SHA1

84729bc932252d13ba189c66732b0a7d5194ef46
SHA256

8ad31990e07069bcdc463445f4c16fbef3e45af15f3c7481d9dd3c8c6e4319d4
SHA512

fd668a6a558121eced75280c8b6c8ef72d46947a4c0df04a4d895ffabf1e73629991d649d92507325af96884c04a41f51e6ea77715fa74cc90009b5f4dc7fe7c
SSDEEP

384:hBpj3/LoAiXqhIiSsE5Lfm+OoWicN+N5J/NhQV2nA9mCwl2R/WoDF5WvWZJS4bUR:hM1FJcN+FNh3XHl07ZJS4bXx16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gpupdate.exe

Files

gpupdate.exe
.exe windows:10 windows x64 arch:x64

9ee60ed92e0d28ba89665375114f7806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

kernel32

GetLastError
LocalFree
GetCurrentProcess
GetConsoleOutputCP
WaitForMultipleObjects
SetThreadUILanguage
FormatMessageW
CloseHandle
CreateThread
HeapSetInformation
GetModuleHandleW
LocalReAlloc
Sleep
LocalAlloc

msvcrt

_wsetlocale
_wcsnicmp
__set_app_type
_XcptFilter
_amsg_exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
getwchar
towupper
_fmode
_ultow
__wgetmainargs
exit
_wcsicmp
wcstol
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_callnewh
_vsnwprintf
wprintf
malloc
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ

gpapi

ord115

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

userenv

ForceSyncFgPolicy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ntdll

RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlLengthSid
RtlCopySid

user32

ExitWindowsEx

wevtapi

EvtFormatMessage
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtClose

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ee60ed92e0d28ba89665375114f7806

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

gpapi

api-ms-win-core-libraryloader-l1-2-0

userenv

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

ntdll

user32

wevtapi

api-ms-win-core-synch-l1-1-0

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 828B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 444B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 828B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 444B