Updater[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Updater.exe
Size

7.9MB
MD5

32329e6cd713e2ea1540a1564c5cadb7
SHA1

ee9c26c55e6aa87a93a3dc1ca56d1e9a3bd02624
SHA256

fd3d2d3ca97fd5b6b9383cec72d4913e9bb02a8f369d5f813166f6e6f8028092
SHA512

411df62bcefd3c60ca812e01c6fe917faf89b0d9b4174f91f220cf325342c57a81b2340b18b6bbe4df9492eb076041966a5ebf2290c03bcf0661ebf93229309a
SSDEEP

98304:BjKDl2zZe//rYp1pTzQgB6xFIMVF46xeedrsIwDF5+pyG4UkU:BjKDl2leXrKTkoz4wDfTqkU

Score

1^/10

Malware Config

Signatures

Files

Updater.exe
.exe windows:6 windows x64 arch:x64

ac1ef3e80e67f6be786d6480bdd4a0e0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:63:b2:89:92:c4:d9:a4:e7:86:d5:f7:f9:13:d2:4c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16-09-2023 00:00

Not After

18-09-2025 23:59

Subject

SERIALNUMBER=202224238M,CN=TRUESIGHT PTE. LTD.,O=TRUESIGHT PTE. LTD.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:66:31:cc:f8:d2:7a:db:8e:3f:69:eb:15:65:59:ee:7c:e7:86:c2:41:b3:56:a7:1e:5b:02:b7:22:cb:b1:63
Signer

Actual PE Digest

c3:66:31:cc:f8:d2:7a:db:8e:3f:69:eb:15:65:59:ee:7c:e7:86:c2:41:b3:56:a7:1e:5b:02:b7:22:cb:b1:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\GitLabBuildDir\builds\PixDownloader\develop\build\app_dist\win\CMakeBuild\x64\build\src\Release\EvotoInstaller.pdb

Imports

ws2_32

listen
recv
recvfrom
accept
send
getsockname
setsockopt
shutdown
socket
WSAGetLastError
__WSAFDIsSet
getsockopt
connect
closesocket
sendto
bind
select
htonl
WSAAsyncSelect
WSACleanup
WSAStartup
ioctlsocket
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
ntohs
ntohl
inet_ntoa
inet_addr
htons

comctl32

ImageList_Copy
ImageList_GetIconSize
ImageList_Remove
ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_GetImageInfo
ord16
ord17
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add

kernel32

MulDiv
SetLastError
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
GlobalSize
GlobalHandle
IsBadReadPtr
LoadLibraryA
GetUserDefaultUILanguage
SetThreadLocale
LoadLibraryW
FreeLibrary
GetCommandLineW
GetLocaleInfoW
GetACP
RtlCaptureContext
GetCPInfo
RtlPcToFileHeader
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsValidCodePage
GetComputerNameW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetNativeSystemInfo
GetVersionExW
TerminateProcess
GetCurrentProcessId
IsDebuggerPresent
GetEnvironmentVariableW
GetSystemTimeAsFileTime
OutputDebugStringW
FormatMessageW
LocalFree
CreateProcessW
CreateThread
WaitForMultipleObjects
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlUnwind
LoadLibraryExW
GetModuleHandleExW
DeleteFileW
FlushFileBuffers
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
CreateEventW
SetEvent
PeekNamedPipe
SetNamedPipeHandleState
CreatePipe
SetHandleInformation
WriteFile
ReadFile
FindNextFileW
CopyFileW
GetFileType
SetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
SetFilePointerEx
SetStdHandle
GetDriveTypeW
GetFullPathNameW
IsBadStringPtrA
GetLongPathNameW
GetFileSize
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetCurrentThreadId
GetCurrentThread
ExitProcess
GetCurrentProcess
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
SetErrorMode
GetExitCodeProcess
GetLastError
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
GetDiskFreeSpaceExW
MoveFileExW
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEndOfFile
GetCurrentDirectoryW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileSizeEx
FindFirstFileExW
GetCommandLineA
GetProcessHeap
HeapSize
GetLogicalDriveStringsW
QueryPerformanceFrequency
GetSystemDirectoryA

user32

AdjustWindowRectEx
wsprintfW
IsClipboardFormatAvailable
EnumDisplayMonitors
MonitorFromPoint
EnumDisplaySettingsW
ChangeDisplaySettingsExW
GetClipboardFormatNameW
RegisterClipboardFormatW
CheckMenuRadioItem
GetSysColorBrush
GetMenuItemID
CheckMenuItem
DrawFrameControl
DrawEdge
FindWindowExW
ChildWindowFromPoint
GetDesktopWindow
UnionRect
EndPaint
BeginPaint
GetWindowDC
ValidateRect
GetMessageW
IsRectEmpty
ValidateRgn
SetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyCursor
GetComboBoxInfo
GetCaretBlinkTime
GetDoubleClickTime
GetClassNameW
MessageBeep
GetWindowTextW
GetProcessDefaultLayout
SetRectEmpty
SetRect
DrawStateW
DrawIconEx
DestroyIcon
HideCaret
GetWindowTextLengthW
keybd_event
IsMenu
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
GetDialogBaseUnits
CreateDialogIndirectParamW
IsZoomed
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
GetMonitorInfoW
MonitorFromWindow
OffsetRect
CopyRect
GetWindowPlacement
SetWindowRgn
DrawTextW
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetClientRect
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
AnimateWindow
ShowWindow
IsWindow
CallWindowProcW
PostQuitMessage
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
TranslateMessage
GetWindowRect
SetMenu
RegisterWindowMessageW
CreateIconIndirect
ReleaseDC
GetDC
GetIconInfo
LoadImageW
LoadIconW
LoadBitmapW
LoadCursorW
SetCursor
KillTimer
SetTimer
MsgWaitForMultipleObjects
DispatchMessageW
DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeGetLastError
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
BringWindowToTop
CreateWindowExW
RegisterClassW
PostMessageW
DestroyWindow
UnregisterClassW
DefWindowProcW
WaitForInputIdle
ShowCursor
SendMessageW
PeekMessageW
PostThreadMessageW
MessageBoxW
DrawFocusRect

gdi32

LPtoDP
DPtoLP
CreatePolygonRgn
ExtTextOutW
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetStretchBltMode
SetROP2
StretchDIBits
StretchBlt
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
CreatePen
ExtCreatePen
CreateICW
GetTextExtentPoint32W
GetBkColor
LineTo
MoveToEx
SetAbortProc
CreateDCW
SetPolyFillMode
EndDoc
StartPage
EndPage
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
Arc
SetDIBColorTable
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
SetViewportOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetSystemPaletteEntries
EnumFontFamiliesExW
GetStockObject
CreateSolidBrush
CreatePatternBrush
CreateHatchBrush
OffsetRgn
GetRegionData
ExtCreateRegion
SetBkMode
GdiFlush
SetBrushOrgEx
SelectPalette
RealizePalette
ExcludeClipRect
CreateRectRgn
GetTextMetricsW
SetPixel
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SelectClipRgn
ExtSelectClipRgn
RoundRect
Rectangle
PolyPolygon
Pie
MaskBlt
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetGraphicsMode
GetClipBox
ExtFloodFill
GetObjectW
StartDocW
BitBlt
GetOutlineTextMetricsW
GetDeviceCaps
CreateFontIndirectW
SetBkColor
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmapIndirect
CreateBitmap
SetTextColor
DeleteObject
Ellipse

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetPrinterW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
DragFinish
SHGetFileInfoW
DragQueryPoint
DragQueryFileW
DragAcceptFiles
ExtractIconExW
ExtractIconW
ShellExecuteExW
ord6
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
RevokeDragDrop
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoLockObjectExternal
RegisterDragDrop
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
PageSetupDlgW
ChooseFontW

advapi32

GetUserNameW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

oleacc

LresultFromObject

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
GetCurrentThemeName
SetWindowTheme
GetThemeBackgroundExtent
IsThemePartDefined
GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
IsAppThemed
IsThemeActive
GetThemeMargins
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent

shlwapi

PathMatchSpecW
AssocQueryStringW
SHAutoComplete

msimg32

GradientFill
AlphaBlend

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac1ef3e80e67f6be786d6480bdd4a0e0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:63:b2:89:92:c4:d9:a4:e7:86:d5:f7:f9:13:d2:4cCertificate

Extended Key Usages

Key Usages

c3:66:31:cc:f8:d2:7a:db:8e:3f:69:eb:15:65:59:ee:7c:e7:86:c2:41:b3:56:a7:1e:5b:02:b7:22:cb:b1:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

kernel32

user32

gdi32

winspool.drv

shell32

ole32

comdlg32

advapi32

oleacc

uxtheme

shlwapi

msimg32

rpcrt4

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 3.0MB - Virtual size: 3.2MB

.pdata Size: 129KB - Virtual size: 129KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 94KB - Virtual size: 94KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:63:b2:89:92:c4:d9:a4:e7:86:d5:f7:f9:13:d2:4c
Certificate

c3:66:31:cc:f8:d2:7a:db:8e:3f:69:eb:15:65:59:ee:7c:e7:86:c2:41:b3:56:a7:1e:5b:02:b7:22:cb:b1:63
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 3.0MB - Virtual size: 3.2MB

.pdata
Size: 129KB - Virtual size: 129KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 94KB - Virtual size: 94KB