GoogleUpdate[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GoogleUpdate.exe
Size

111KB
MD5

c667cae395fd34323e7acecbed584db8
SHA1

44cf84693216f7a4b44c89bdbffa10e72fbfffdd
SHA256

2e850cb2a1d06d2665601cefd88802ff99905de8bc4ea348ea051d4886e780ee
SHA512

560574349e0894e10fa298c5cf46f1ed812f5161acf1f9c34e05fd124d9a3c7ed0073dfd16d9d5f564c2e3c2756e6834515fc9cc2938db7ff287e17e06f10e5c
SSDEEP

3072:QghXvOL9cOYqWDHjgT7byoftqQrVI6N/nJIRLI:Qg8JnYRgT7pftq67JI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GoogleUpdate.exe

Files

GoogleUpdate.exe
.exe windows:5 windows x64 arch:x64

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\方案四\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
VirtualAllocEx
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Sleep
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WriteProcessMemory
EncodePointer
DecodePointer
ExitProcess
GetFileAttributesA
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 1KB - Virtual size: 1KB