b9607b3524ce77bac45ebee3e364dac0

Sharing

Copy URL Twitter E-mail

General

Target

b9607b3524ce77bac45ebee3e364dac0
Size

170KB
MD5

b9607b3524ce77bac45ebee3e364dac0
SHA1

879cc7ce8c12e47f9c0b8e4d9181703f7d814aa9
SHA256

40b537f52f4084d2ef2ec431e1ad8bab603a2925fd2898d6c6acae956468545c
SHA512

eb795093c0b98204371248a54985760441748eab2457cc6762b072cfcf4371e7d3906af58a5336f05be37eec5b4cb4cb0458e2a02c5d7f2db4f2702fe9d40a84
SSDEEP

3072:8BnMrYgIuX+YaKlAbCpeXoFyvYoU5sAoHz:8BMsf2Z+begvYoBbz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9607b3524ce77bac45ebee3e364dac0

Files

b9607b3524ce77bac45ebee3e364dac0
.exe windows:4 windows x86 arch:x86

e161321a282de676aedd74f8f263518f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pulse\recipes\318278815\base\branches\ci_release_branch\googleclient\ci\build\ship\obj\shell\setup\GoogleUpdaterSetup_not_signed_exe.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
CloseHandle
RaiseException
GetLastError
GetCurrentProcess
FreeLibrary
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateFileA
SetStdHandle
LocalFree
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetStartupInfoA
WriteConsoleW
FormatMessageW
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetTickCount
VirtualQuery
GetModuleFileNameW
GetTempPathW
GetModuleHandleW
ExitProcess
IsDebuggerPresent
OutputDebugStringW
InterlockedCompareExchange
Sleep
lstrcpynW
InterlockedDecrement
FindResourceExW
lstrlenW
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceW
WaitForSingleObject
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrcmpW
GetFileAttributesExW
CreateMutexW
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
GlobalFree
CreateFileW
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetLocaleInfoW
GetThreadLocale
GetVersionExW
TerminateProcess
LocalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
InterlockedIncrement
SetUnhandledExceptionFilter
GetCurrentThreadId
LoadLibraryExW
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
GetStartupInfoW
UnhandledExceptionFilter
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SearchPathW

user32

UnregisterClassA
MessageBoxW
wvsprintfW
CharLowerW
CharUpperW

ole32

CoUninitialize
CoInitializeEx

comctl32

InitCommonControlsEx

userenv

UnloadUserProfile

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e161321a282de676aedd74f8f263518f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

comctl32

userenv

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 42KB - Virtual size: 41KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 42KB - Virtual size: 41KB