wupdmgr[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wupdmgr.exe
Size

35KB
MD5

d509d8a327baf270f38c49a90589f2cd
SHA1

fd6f5d995a645c04c77b4132dd15a1e8d9a756e2
SHA256

c5653f9376b46a8792ab078005bc10b7674d0b652ed99d019598d219f516973a
SHA512

c676213c744f5e3bb8e03b71cbc1d233505cbbeb9e47759a269f48ce32233bd9b2ce960299c0227bc8489e2ff74187202a039ba0922e89ed2226b9e977ca5d53
SSDEEP

768:JtHj30B4TmjHFv/FFlF9BFfYRoJxb0CWignq:3gB4TmjHFv9FlF9BFfYRKYqgnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wupdmgr.exe

Files

wupdmgr.exe
.exe windows:5 windows x64 arch:x64

ccef8922baf23d080c1367e801aecf67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WUpdMgr.pdb

Imports

msvcrt

_cexit
_exit
_c_exit
__getmainargs
malloc
exit
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_XcptFilter
__initenv
__dllonexit
_onexit
free
__C_specific_handler

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

GetVersionExA
RtlCaptureContext
RtlLookupFunctionEntry
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
LocalFree
GetCurrentThreadId
lstrcpyW
QueryPerformanceCounter
RtlVirtualUnwind
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
GetTickCount

ntdll

memset

user32

MessageBoxW
SetForegroundWindow

shell32

ShellExecuteW

wininet

InternetGetConnectedState

rasapi32

RasEnumEntriesW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccef8922baf23d080c1367e801aecf67

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdll

user32

shell32

wininet

rasapi32

ole32

oleaut32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 192B

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 192B

.rsrc
Size: 26KB - Virtual size: 26KB