UpdateMO[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UpdateMO.exe
Size

35.8MB
MD5

3f0b210932e2ae884ad8220c5ddd9b9d
SHA1

9717787360a02428780ea2712d22a8b0cd09a448
SHA256

1dd70ad9399b127e9cc2700248002d1100419ae97da7263055f6e25167cae05e
SHA512

44880de8c368a5c12bde38f818b3c1bc9fc0fc4ec1e739622a1671a15b39f753b6ab6713c3f4ced516145cf234dd0c89bd82ed645ba4b05f853af3b8a85ec974
SSDEEP

49152:LAmLhe9MaBQZOH6fLIqlmKYfk1ctXxId++BL57OfHH23L7+LpiIv0jiAL3:LAmLWFUfZZ79KfHH20piji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UpdateMO.exe

Files

UpdateMO.exe
.exe windows:6 windows x64 arch:x64

02adeecff4dce108c48952ac3d0e93bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

GetComputerNameExW
Sleep
FreeLibrary
LoadLibraryExW
VirtualQuery
GetStdHandle
GetCurrentThreadId
MultiByteToWideChar
WriteConsoleW
FormatMessageW
lstrlenW
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
CreateDirectoryW
SetFileCompletionNotificationModes
FindClose
GetFinalPathNameByHandleW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTimePreciseAsFileTime
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlVirtualUnwind
SetHandleInformation
TerminateProcess
RtlCaptureContext
GetCurrentThread
RtlLookupFunctionEntry
ReleaseMutex
GetProcAddress
CreateMutexA
GetModuleHandleA
WaitForSingleObject
SetFilePointerEx
GetLastError
GetTickCount64
GetModuleHandleW
GetCurrentProcess
CreateProcessW
GetLogicalDrives
GetCurrentProcessId
LoadLibraryA
WaitForSingleObjectEx
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetProcessTimes
OpenProcess
InitializeSListHead
ReadProcessMemory
VirtualQueryEx
IsDebuggerPresent
GetSystemTimes
GetProcessIoCounters
HeapReAlloc
LocalFree
SetThreadStackGuarantee
CloseHandle
SwitchToThread
HeapFree
AddVectoredExceptionHandler
CreateSymbolicLinkW
DeleteFileW
GetSystemInfo
FindFirstFileW
IsProcessorFeaturePresent
GetConsoleMode

crypt32

CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertDuplicateStore
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore

pdh

PdhCloseQuery
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryA
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx

ntdll

NtReadFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQuerySystemInformation
NtWriteFile
NtCancelIoFileEx
NtQueryInformationProcess
RtlGetVersion

advapi32

OpenProcessToken
LookupAccountSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
RegCloseKey
CopySid
GetLengthSid
IsValidSid
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

user32

GetSystemMetrics
ExitWindowsEx

ws2_32

setsockopt
ioctlsocket
WSAIoctl
bind
connect
getsockopt
closesocket
freeaddrinfo
WSAStartup
WSACleanup
WSASocketW
getsockname
WSAGetLastError
getpeername
shutdown
recv
send
WSASend
getaddrinfo

bcrypt

BCryptGenRandom

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
ApplyControlToken
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
AcceptSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
EncryptMessage
InitializeSecurityContextW

oleaut32

VariantClear
SysAllocString
SysFreeString

iphlpapi

FreeMibTable
GetIfTable2
GetIfEntry2
GetAdaptersAddresses

netapi32

NetUserGetInfo
NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups

shell32

CommandLineToArgvW

powrprof

CallNtPowerInformation

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
__CxxFrameHandler3
memcpy
memset
memcmp
memmove
_CxxThrowException

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
ceil

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
realloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_seh_filter_exe
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
exit
_exit
_crt_atexit
_c_exit
terminate
_set_app_type
__p___argv
_cexit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32.6MB - Virtual size: 32.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02adeecff4dce108c48952ac3d0e93bf

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

crypt32

pdh

ole32

ntdll

advapi32

user32

ws2_32

bcrypt

secur32

oleaut32

iphlpapi

netapi32

shell32

powrprof

psapi

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 32.6MB - Virtual size: 32.6MB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 131KB - Virtual size: 131KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 32.6MB - Virtual size: 32.6MB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 131KB - Virtual size: 131KB

.reloc
Size: 15KB - Virtual size: 15KB