Extended Key Usages
ExtKeyUsageCodeSigning
Static task
static1
Behavioral task
behavioral1
Sample
Windows10Upgrade9252.exe
Resource
win10v2004-20240508-en
Target
Windows10Upgrade9252.exe
Size
3.2MB
MD5
c0b25def4312fbddbcc4f01c6c0f5ba6
SHA1
8d16a183d61233e7d6b6af7b3cafc6645ac2acb1
SHA256
c0424d0ae06ca1e6e0249b40d33ac40d74075856d543ec0924884664fba52b79
SHA512
8c67619747bb108dae5661688ec8fa4c62bc6ac38ee6ff14a4691aab04d7ddd870fee4262cb30624a6bd85ac1f7595af05311496b0336f979e7e5f797791bc0e
SSDEEP
98304:GgjXlctych4cCzJ8k2omX8sUf0ht5f/LyXtcH/:JjKtych9CzJqXM32jyX
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
upgraderstub.pdb
EnableTraceEx2
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryTraceW
EventUnregister
ControlTraceW
RegOpenKeyExW
RegSetValueExW
RegSetKeySecurity
EventSetInformation
RegCreateKeyExW
RegDeleteKeyW
EventRegister
EventWriteTransfer
RegCloseKey
StartTraceW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
OpenProcessToken
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
RevertToSelf
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
GetVolumePathNamesForVolumeNameW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WaitForMultipleObjectsEx
GlobalMemoryStatusEx
GetVolumeInformationByHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
WaitForMultipleObjects
GetPrivateProfileSectionW
UnlockFileEx
LockFileEx
InitializeCriticalSectionAndSpinCount
CreateEventW
GetVolumeInformationW
GetCurrentThread
SetThreadIdealProcessor
GetSystemInfo
GetOverlappedResult
GetHandleInformation
DeleteCriticalSection
LocalFree
CreateThread
GlobalFree
DeleteFileW
InitOnceComplete
GetExitCodeThread
GetFileAttributesW
LocalAlloc
CreateMutexW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetFullPathNameW
GetCommandLineW
EnterCriticalSection
SetDefaultDllDirectories
CompareStringW
WritePrivateProfileStringW
InitOnceBeginInitialize
CreateDirectoryW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
DeviceIoControl
FindClose
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
FreeLibrary
LoadLibraryExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
GetEnvironmentVariableW
SetEvent
ResetEvent
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryW
CreateFileA
GlobalAlloc
SetFilePointerEx
ReadFile
WriteFile
SetFilePointer
HeapReAlloc
HeapSize
GetShortPathNameW
SetEndOfFile
DuplicateHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
OpenProcess
OpenMutexW
LoadLibraryW
GetTempFileNameW
MoveFileW
VerifyVersionInfoW
UnhandledExceptionFilter
VerSetConditionMask
LoadStringW
CharUpperW
MessageBoxW
memcmp
strcpy_s
memcpy
memmove
_wcsicmp
wcsrchr
_wcsnicmp
iswspace
towupper
_vscwprintf
qsort
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
sprintf_s
memmove_s
wcschr
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_purecall
iswdigit
wcsnlen
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
swscanf_s
wcsncmp
wcsstr
memset
CoInitialize
CoTaskMemFree
CoUninitialize
RpcStringFreeW
UuidCreate
UuidToStringW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
PathRemoveFileSpecW
StrStrIW
PathFindFileNameW
ord22
ord20
ord23
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
NtYieldExecution
NtQueryInformationFile
RtlAdjustPrivilege
RtlGetLastNtStatus
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtQueryVolumeInformationFile
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U
NtCreateFile
NtClose
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlImpersonateSelf
NtSetEaFile
DbgPrintEx
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlReAllocateHeap
RtlRaiseStatus
GetModuleFileNameExW
EnumProcesses
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptGetProperty
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ