updater[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

updater.exe
Size

10.5MB
MD5

5cddd538dda48660c2274b4d856b675b
SHA1

354f3f2af795e78794553c02c3b8599256fed2ef
SHA256

afbf4ba207be397f10ac0e098ce0db52a5aaf2fa6d0a683fe70b4ea653c1bb2f
SHA512

18156b1da5a03905ef0a55a1f48d4e0ab2ad1381bf510953d1f0882e866235c9bc74233f4d074112c02faf150ecef6407801081b30afaedd54a04d092481278f
SSDEEP

98304:IxavvSuIJCvu2z90xW/dOtdp+qsoQsCF4:4Z6RAW4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
updater.exe

Files

updater.exe
.exe windows:6 windows x64 arch:x64

ba5182648d485bc89d2097f79a7e5079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlVirtualUnwind
ReleaseSRWLockShared
AcquireSRWLockShared
GlobalUnlock
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
SetHandleInformation
MultiByteToWideChar
AcquireSRWLockExclusive
WideCharToMultiByte
GetCurrentThreadId
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
LoadLibraryA
GetProcAddress
WriteConsoleW
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
CreateNamedPipeW
GetFullPathNameW
ExitProcess
GetFinalPathNameByHandleW
GlobalFree
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetCurrentProcessId
GlobalAlloc
TryAcquireSRWLockExclusive
GlobalSize
GlobalLock
GetFileInformationByHandle
CreateFileW
SleepConditionVariableSRW
FindNextFileW
CreateIoCompletionPort
HeapReAlloc
GetQueuedCompletionStatusEx
WakeConditionVariable
PostQueuedCompletionStatus
WakeAllConditionVariable
SetFileCompletionNotificationModes
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObject
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetModuleHandleW
GetLastError
LoadLibraryExW
TerminateProcess
FreeLibrary
GetModuleFileNameW
SetThreadErrorMode
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetProcessHeap
HeapFree
ReadFileEx
HeapAlloc
SleepEx
WriteFileEx
GetStdHandle
CreateEventA
GetConsoleMode
GetModuleHandleA
GetUserPreferredUILanguages
GetSystemInfo
CreateFileMappingW
MapViewOfFile
DuplicateHandle
UnmapViewOfFile
VirtualProtect
FormatMessageW
Sleep
SetFilePointerEx
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
CloseHandle
GetCommandLineW
IsProcessorFeaturePresent

user32

IsProcessDPIAware
IsIconic
GetWindowRect
InvalidateRgn
ShowCursor
ClipCursor
IsWindowVisible
GetClipCursor
ClientToScreen
AdjustWindowRectEx
GetWindowLongW
EnableMenuItem
GetSystemMenu
SetWindowLongW
SendMessageW
ShowWindow
GetActiveWindow
SystemParametersInfoA
SetForegroundWindow
SendInput
MapVirtualKeyW
SetWindowPos
GetForegroundWindow
GetRawInputData
SetWindowTextW
RedrawWindow
MonitorFromPoint
CreateIcon
DestroyIcon
PeekMessageW
GetKeyState
GetKeyboardState
GetKeyboardLayout
SetCapture
TranslateMessage
ToUnicodeEx
PostMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetWindowLongPtrW
RegisterWindowMessageA
RegisterRawInputDevices
SetWindowLongPtrW
CloseClipboard
GetDC
GetClientRect
SetClipboardData
EmptyClipboard
GetClipboardData
OpenClipboard
ValidateRect
PostThreadMessageW
DefWindowProcW
GetUpdateRect
ReleaseCapture
ScreenToClient
GetMenu
MonitorFromRect
TrackMouseEvent
LoadCursorW
SetCursor
GetTouchInputInfo
CloseTouchInputHandle
MonitorFromWindow
GetMonitorInfoW
FlashWindowEx
MapVirtualKeyA
GetMessageW
RegisterClassExW
CreateWindowExW
SetWindowDisplayAffinity
GetSystemMetrics
RegisterTouchWindow
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
GetCursorPos
DestroyWindow

ole32

RevokeDragDrop
CoUninitialize
CoInitializeEx
RegisterDragDrop
OleInitialize
CoCreateInstance

gdi32

GetDeviceCaps
DeleteObject
StretchDIBits
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ws2_32

getsockopt
shutdown
recv
getpeername
WSASend
setsockopt
WSAIoctl
getsockname
bind
connect
ioctlsocket
freeaddrinfo
WSASocketW
send
getaddrinfo
WSAGetLastError
WSAStartup
WSACleanup
closesocket

advapi32

RegQueryValueExW
OpenProcessToken
SystemFunction036
RegCloseKey
RegOpenKeyExW

shell32

DragFinish
DragQueryFileW

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

uxtheme

SetWindowTheme

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext

ntdll

NtDeviceIoControlFile
NtWriteFile
NtCreateFile
NtReadFile
NtCancelIoFileEx
RtlNtStatusToDosError

d3dcompiler_47

D3DCompile

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

userenv

GetUserProfileDirectoryW

vcruntime140

__current_exception
__current_exception_context
memmove
memset
memcpy
memcmp
__CxxFrameHandler3
__C_specific_handler

api-ms-win-crt-math-l1-1-0

round
sinf
cosf
tanf
expf
ceilf
fmodf
ceil
powf
tan
cos
fmod
sin
atan2
__setusermatherr
exp2
acosf
floorf
truncf
acos
roundf
exp2f
trunc
floor
pow
fmaf

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
strerror
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba5182648d485bc89d2097f79a7e5079

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

gdi32

dwmapi

ws2_32

advapi32

shell32

winmm

uxtheme

imm32

ntdll

d3dcompiler_47

oleaut32

bcrypt

userenv

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 14KB - Virtual size: 16KB

.pdata Size: 131KB - Virtual size: 130KB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 14KB - Virtual size: 16KB

.pdata
Size: 131KB - Virtual size: 130KB

.reloc
Size: 59KB - Virtual size: 59KB