Extended Key Usages
ExtKeyUsageCodeSigning
Static task
static1
Behavioral task
behavioral1
Sample
Windows11InstallationAssistant (1).exe
Resource
win11-20240221-en
Target
Windows11InstallationAssistant (1).exe
Size
4.0MB
MD5
9efe0c8b7f96c1a7d5bdd52bf07d009d
SHA1
dc6ff2f1c0af472cdc81b05f876c10420a6bbb78
SHA256
03a9b3163071ecb41e20b95eb664c3165b9fcaba89f5e5433484d65e8cfa0380
SHA512
b66772e1faeff8c607b6624106530945997fe2105569cbf92cf0eaa31f7bd02ed46b74bae6e9d79b6f51da76445564ed73fe9eb2a6507e3ce5d543781ba227fb
SSDEEP
98304:Fguv/rctyMh4cCE3p8fuCNCzLX/sA2uQqvAVGht5f/LyXtcH//9:SVtyMh9CVPUDk+4QjyXa
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
upgraderstub.pdb
EnableTraceEx2
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryTraceW
EventUnregister
ControlTraceW
RegOpenKeyExW
RegSetValueExW
RegSetKeySecurity
EventSetInformation
RegCreateKeyExW
RegDeleteKeyW
EventRegister
EventWriteTransfer
RegCloseKey
StartTraceW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
OpenProcessToken
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
RevertToSelf
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
GetVolumePathNamesForVolumeNameW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WaitForMultipleObjectsEx
GlobalMemoryStatusEx
GetVolumeInformationByHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
WaitForMultipleObjects
GetPrivateProfileSectionW
UnlockFileEx
LockFileEx
InitializeCriticalSectionAndSpinCount
CreateEventW
GetVolumeInformationW
GetCurrentThread
SetThreadIdealProcessor
GetSystemInfo
GetOverlappedResult
GetHandleInformation
DeleteCriticalSection
LocalFree
CreateThread
GlobalFree
DeleteFileW
InitOnceComplete
GetExitCodeThread
GetFileAttributesW
LocalAlloc
CreateMutexW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetFullPathNameW
GetCommandLineW
EnterCriticalSection
SetDefaultDllDirectories
CompareStringW
WritePrivateProfileStringW
InitOnceBeginInitialize
CreateDirectoryW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
DeviceIoControl
FindClose
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
FreeLibrary
LoadLibraryExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
GetEnvironmentVariableW
SetEvent
ResetEvent
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryW
CreateFileA
GlobalAlloc
SetFilePointerEx
ReadFile
WriteFile
SetFilePointer
HeapReAlloc
HeapSize
GetShortPathNameW
SetEndOfFile
DuplicateHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
OpenProcess
OpenMutexW
LoadLibraryW
GetTempFileNameW
MoveFileW
VerifyVersionInfoW
UnhandledExceptionFilter
VerSetConditionMask
LoadStringW
CharUpperW
MessageBoxW
memcmp
strcpy_s
memcpy
memmove
_wcsicmp
wcsrchr
_wcsnicmp
iswspace
towupper
_vscwprintf
qsort
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
sprintf_s
memmove_s
wcschr
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_purecall
iswdigit
wcsnlen
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
swscanf_s
wcsncmp
wcsstr
memset
CoInitialize
CoTaskMemFree
CoUninitialize
RpcStringFreeW
UuidCreate
UuidToStringW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
PathRemoveFileSpecW
StrStrIW
PathFindFileNameW
ord22
ord20
ord23
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
NtYieldExecution
NtQueryInformationFile
RtlAdjustPrivilege
RtlGetLastNtStatus
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtQueryVolumeInformationFile
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U
NtCreateFile
NtClose
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlImpersonateSelf
NtSetEaFile
DbgPrintEx
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlReAllocateHeap
RtlRaiseStatus
GetModuleFileNameExW
EnumProcesses
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptGetProperty
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ