updater[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

updater.exe
Size

5.6MB
MD5

b2e8a371cb744b6eedb7d9deb9fb7a02
SHA1

7ddb817e8d795da4b52ff7aecbb6077ad4fb5dd8
SHA256

7fa602f06577511cc9a762bddde74c95bd30e8fc2f1523b83dc5a684c62e9b4b
SHA512

b21fade1f8929d5d9c87e9f0d4b7ea2e97fe90dc2eba09ba6a293268cb8532494a007b01068e3346dbfbb71a6f1c5735c25be43380645f15142d87291145edf7
SSDEEP

98304:wHHtN/IxCKes0Lv6/155C7aqx1OXXxmNejDq7D89udEyfrWqqohc9n+bKjVghkJb:mgxveTv6/JCrx1wXY/tCqqohclOfIn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
updater.exe

Files

updater.exe
.exe windows:6 windows x64 arch:x64

4def7148f41037b3bc9c17dcf019fe56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler

kernel32

DeleteCriticalSection
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp4-O-
Size: - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpP-w-
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpu-P-
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4def7148f41037b3bc9c17dcf019fe56

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: - Virtual size: 88KB

.rdata Size: - Virtual size: 24KB

.data Size: - Virtual size: 5.2MB

.pdata Size: - Virtual size: 408B

.00cfg Size: - Virtual size: 16B

.tls Size: - Virtual size: 16B

.vmp4-O- Size: - Virtual size: 622KB

.vmpP-w- Size: 1KB - Virtual size: 1KB

.vmpu-P- Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 622KB

.text
Size: - Virtual size: 88KB

.rdata
Size: - Virtual size: 24KB

.data
Size: - Virtual size: 5.2MB

.pdata
Size: - Virtual size: 408B

.00cfg
Size: - Virtual size: 16B

.tls
Size: - Virtual size: 16B

.vmp4-O-
Size: - Virtual size: 622KB

.vmpP-w-
Size: 1KB - Virtual size: 1KB

.vmpu-P-
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 622KB