MicrosoftEdgeUpdate_2[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

MicrosoftEdgeUpdate_2.7z
Size

622KB
MD5

da7d74d3613b02a4b62f0e3abfacd9e9
SHA1

56cd72b9b7c9adf6ae5336534b6a99167400cb1e
SHA256

baad4f16470bf1274df878ac45ff36964f6674624d367e761999f591c6ef19f1
SHA512

62d274e2ced0b3cbe816f20895c106d3d4854f1f3e7926b88f31415f7c3f4aaafcaf201870dc0e47d6519c691a6e10c3b2c0991344c660eea835fd1e36994d08
SSDEEP

12288:YX7qera/smo4YphQ9+Rw92Hs+Q/lLisMx4i5+MBlB7LJI:shaXo4YphM+RS2M/UsMx4c+M5nm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MicrosoftEdgeUpdate.exe

Files

MicrosoftEdgeUpdate_2.7z
.7z

Password: infected
MicrosoftEdgeUpdate.zip
.zip

Password: infected
MicrosoftEdgeUpdate.exe
.exe windows:5 windows x86 arch:x86

Password: infected

e00d60405a249a05d3b09aa7fe924b17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
CloseHandle
GetProcAddress
CreateProcessW
FreeLibrary
GetTempFileNameW
LoadLibraryExW
GetCommandLineW
GetModuleHandleW
WriteConsoleW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LocalFree
FormatMessageA
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
RemoveDirectoryW
SetFilePointerEx
AreFileApisANSI
SetLastError
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCPInfo
HeapAlloc
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

ole32

CoTaskMemFree

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

e00d60405a249a05d3b09aa7fe924b17

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 3KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 572KB - Virtual size: 576KB