self_updater[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

self_updater.exe
Size

288KB
MD5

a6e4bd1b55655a29a1b25f2a567a65b7
SHA1

7a40ce5381449e369042f7a9adc1ae49ff1b22d3
SHA256

34077f9227c2fd9ee9949a0ff0ee436d80b0ac5322a02c524327be953be08c70
SHA512

d0cd269f9ac94be178f0428af048d077edad767c3a6c5ecde553ca36baf1dcab07bfc9353fb875d78b7e0c0c63dd92ef1624445e9318dbf7a3d5a154acccd328
SSDEEP

3072:1naSAxCbhyHGsuHvWmDDkIOBiWGZzsmuW3hPMqCbQeLz8iCCWhjarxwJJJRJRJEl:AnwOuHOmDD8Gp9MbQeL4iCxwMfY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
self_updater.exe

Files

self_updater.exe
.exe windows:6 windows x64 arch:x64

eacde63b8c5ae9b27d4f93898653d04e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\clangen\clangen\self_updater\target\release\deps\self_updater.pdb

Imports

kernel32

DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
Sleep
QueryPerformanceCounter
AcquireSRWLockExclusive
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
SetFileInformationByHandle
DuplicateHandle
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
TerminateProcess
TryAcquireSRWLockExclusive
HeapFree
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleA
GetProcAddress
GetProcessHeap
FreeEnvironmentStringsW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
CopyFileExW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FreeLibrary
ReleaseSRWLockExclusive
CloseHandle
HeapAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
LoadLibraryExW

advapi32

SystemFunction036

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
RtlNtStatusToDosError
NtWriteFile

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
abort
_seh_filter_exe
_set_app_type
_crt_atexit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_cexit
_initterm_e
_c_exit
_register_onexit_function
__p___argv
__p___argc
exit
_exit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
free

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eacde63b8c5ae9b27d4f93898653d04e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

bcrypt

ntdll

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 9KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 1KB - Virtual size: 1KB