MicrosoftEdgeUpdat[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MicrosoftEdgeUpdat.exe
Size

1.2MB
MD5

5b7168afa2c5b3490a3155064041e4aa
SHA1

fb4730a727be370cb50798333bafa9ff10615bb5
SHA256

986f2046ef9e2f490f0aa14a91ab7f68fb55ead1bc4bdbce08a3e0b2f73a87fc
SHA512

94868d71b1cf70582aecedfe498ff82314de26a03dfce528c50649c72dfb1ec1ced7b64d8b840225e3d9e5d4787fe83a3b382e37d3c320f9e56affba60390644
SSDEEP

24576:gERWZiWbDMfbRa4hfJmG2rwzqIyjOUQn652ROihlmFX:gEwZiWbD8bRzN2rw+IoOrXREX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MicrosoftEdgeUpdat.exe

Files

MicrosoftEdgeUpdat.exe
.exe windows:6 windows x64 arch:x64

b9a7874ee4b25577e055a599bf68a8e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleA
EncryptMessage
DecryptMessage
DeleteSecurityContext
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
FreeContextBuffer
FreeCredentialsHandle
GetUserNameExW

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
LocalFree
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
SwitchToThread
CloseHandle
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
Sleep
FormatMessageW
TerminateProcess
GetCurrentProcessId
SleepEx
WriteFileEx
GetFileInformationByHandleEx
GetModuleHandleA
GetProcAddress
CopyFileExW
SetCurrentDirectoryW
MoveFileExW
DeleteFileW
GlobalMemoryStatusEx
GetLogicalDriveStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDriveTypeW
GetSystemInfo
FindClose
GetCurrentThread
TryAcquireSRWLockExclusive
RtlVirtualUnwind
GetConsoleMode
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetHandleInformation
ReadFileEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetFileInformationByHandle
WakeConditionVariable
SleepConditionVariableSRW
GetComputerNameExW
RtlUnwindEx
GetStdHandle
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
IsDebuggerPresent

iphlpapi

GetAdaptersAddresses

crypt32

CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain
CertOpenStore
CertAddCertificateContextToStore
CertFreeCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateContext
CertEnumCertificatesInStore

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
ioctlsocket
select
WSASocketW
getsockopt
shutdown
getpeername
setsockopt
closesocket
WSARecv
WSASend
getsockname
WSADuplicateSocketW
send
recv
WSAGetLastError
connect

advapi32

RegOpenKeyExW
RegQueryValueExW
SystemFunction036
GetUserNameW

user32

GetSystemMetrics

bcrypt

BCryptGenRandom

ole32

IIDFromString
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9a7874ee4b25577e055a599bf68a8e4

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

iphlpapi

crypt32

ws2_32

advapi32

user32

bcrypt

ole32

oleaut32

Sections

.text Size: 766KB - Virtual size: 765KB

.rdata Size: 449KB - Virtual size: 448KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 29KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 766KB - Virtual size: 765KB

.rdata
Size: 449KB - Virtual size: 448KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 29KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 8KB - Virtual size: 7KB