gpupdate[.]zip | Triage

Resubmissions

13/02/2024, 06:30

240213-g9tljach44 3

13/02/2024, 06:26

240213-g7cv1acg74 3

Sharing

General

Target

gpupdate.zip
Size

33KB
MD5

500b76e27e32913ac4bf277e6fd1ab86
SHA1

1b56c451c2f040180b997b5505059f233200b83b
SHA256

5bda68934eb914bf6fb47137528b7a8c1ee8ec8e8e77ed2c11b03a0626ac151b
SHA512

098ab89d1abc3310d6b2fc30336b330ebe36bdfe7424adefb1f0f6f8b644855f9f1e01082b33b96665cc3f867b448eb6df3c757a4ac6de030d5060d09a5f6407
SSDEEP

768:WOslFg//j3SmDid4WJnfcqedePS7cBz+W9TXLtAic8lf0k:PslC7SmG3ftbS7cB6g3tmk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gpupdate.exe

Files

gpupdate.zip
.zip

Password: infected
gpupdate.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

+i_niY
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ