wushowhide[.]diagcab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wushowhide.diagcab
Size

47KB
MD5

8509b9cb62eb87580f39809f75f5b7e7
SHA1

7e2a669e3542303c275d32cf2bd1d4922b1ab204
SHA256

8723b97b8e4ede3b5b7fd0ba129edfbc113a4db329609f0eaffe24e6a37e019e
SHA512

b6d191a7b5dd77bf416942e9c6f61aef8c68ce1076b84fb3937443f572572a65afc0750d057fa98793629016d9316d23e641689607662aad6ac8940b686a982d
SSDEEP

768:0i0u1qWxXPO3e9O71BtGo7dbN57d1bsAK47Z0z7TNk4Klj8kFgPda3ZFMsg1by57:n723N7PtNRPHbsPUZ+kjRbZFk1q7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DiagPackage.dll

Files

wushowhide.diagcab
.cab
CL_Windows_HU.ps1
.ps1
DiagPackage.cat
DiagPackage.diagpkg
DiagPackage.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC_HideUpdates.ps1
.ps1
RC_UnHideUpdates.ps1
.ps1
RS_HideUpdates.ps1
.ps1
RS_UnHideUpdates.ps1
.ps1
TS_Main.ps1
.ps1
VF_HideUpdates.ps1
.ps1
VF_UnHideUpdates.ps1
.ps1
en-us/en-us.cat
en-us/rc_hideupdates.psd1
en-us/rc_unhideupdates.psd1
en-us/ts_main.psd1
fr-fr/fr-FR.cat
fr-fr/rc_hideupdates.psd1
fr-fr/rc_unhideupdates.psd1
fr-fr/ts_main.psd1
rc_hideupdates.psd1
rc_unhideupdates.psd1
ts_main.psd1