GigabyteUpdateService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GigabyteUpdateService.exe
Size

877KB
MD5

c40eb0cc3843b8df5d11e9f0cd9a2a45
SHA1

ef74960fecb6c8f4a252ec8369a98de3c91fd5bc
SHA256

3d4307df519050a673ca4ee9be8b2320612adacc2c73438676c74a05e0f7ce83
SHA512

d357408baec2075972c5a94edd6b5f033ce2c103de7cfbfebcbe4fef9b966320b1779ea204674126d461a7c47abfcd2a24371b18138bbfa407c20960645ae1ef
SSDEEP

24576:Tvl8+drPRDmWxy6O0ZUk1R5XCR1dDBPP3WAC1b2DK:TvlDpZDmWIsZUk1qRR/WAEoK

Score

1^/10

Malware Config

Signatures

Files

GigabyteUpdateService.exe
.exe windows:6 windows x64 arch:x64

403ed4ad94b35eebb9dc942fbd82146a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:04:2d:76:53:ff:b5:cf:06:fb:28:0a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

23/11/2021, 09:20

Not After

23/11/2024, 09:20

Subject

SERIALNUMBER=22044755,CN=GIGA-BYTE TECHNOLOGY CO.\, LTD.,O=GIGA-BYTE TECHNOLOGY CO.\, LTD.,STREET=5 F.\, No. 6\, Baoqiang Rd.\, Xindian Dist.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:62:2c:d2:22:e3:c1:17:8c:cf:92:1c:82:1d:a6:49:e3:35:1c:98:e7:74:7e:c5:5d:10:cc:e5:38:24:1a:a9
Signer

Actual PE Digest

0b:62:2c:d2:22:e3:c1:17:8c:cf:92:1c:82:1d:a6:49:e3:35:1c:98:e7:74:7e:c5:5d:10:cc:e5:38:24:1a:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

kernel32

Process32FirstW
WTSGetActiveConsoleSessionId
GetExitCodeProcess
CreateDirectoryW
GetTempPathW
DeleteFileW
CreateEventW
Sleep
OutputDebugStringW
SetEvent
ResetEvent
SetStdHandle
Process32NextW
ProcessIdToSessionId
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
GetModuleHandleW
FindResourceW
LoadResource
CloseHandle
GetLastError
CreateFileW
GetModuleFileNameW
WriteFile
SizeofResource
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
WriteConsoleW
QueueUserWorkItem
RtlLookupFunctionEntry
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
RtlCaptureContext
RtlUnwind
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CreateProcessW
GetFileAttributesExW
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP

advapi32

CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
DeregisterEventSource
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterEventSourceW
ReportEventW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegGetValueW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

403ed4ad94b35eebb9dc942fbd82146a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

4a:04:2d:76:53:ff:b5:cf:06:fb:28:0aCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

0b:62:2c:d2:22:e3:c1:17:8c:cf:92:1c:82:1d:a6:49:e3:35:1c:98:e7:74:7e:c5:5d:10:cc:e5:38:24:1a:a9Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

userenv

wtsapi32

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 712KB - Virtual size: 712KB

.reloc Size: 2KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

4a:04:2d:76:53:ff:b5:cf:06:fb:28:0a
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

0b:62:2c:d2:22:e3:c1:17:8c:cf:92:1c:82:1d:a6:49:e3:35:1c:98:e7:74:7e:c5:5d:10:cc:e5:38:24:1a:a9
Signer

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 712KB - Virtual size: 712KB

.reloc
Size: 2KB - Virtual size: 1KB