Static task
static1
General
-
Target
updater.exe
-
Size
9.0MB
-
MD5
57bf9463ea02d0d8d47114e652a8942e
-
SHA1
0dac3a64c64d1400774fda0955b70faa9c52b9b3
-
SHA256
9d170398038c40284b00e215d1be66a4637238024defd807ca7f04e87c87ddfa
-
SHA512
ad74031b42579cd6799011a99f61bfe8639b81025d6e9b6f319ac71b5a58f4cbb7e3f50b3e2f4fc195a3417e5dd46ac443d6370dd3e81b063f45f60e037b8c2a
-
SSDEEP
49152:aAIEJvGkp9r7I1G6FB5UWOEJeu5alhDz3aNm8n7L/re8QXYSC+ZlZnfOHeMVuLDe:SbkAOEQaH7W6GVOEoehof4+RNHwRix
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource updater.exe
Files
-
updater.exe.exe windows:6 windows x64 arch:x64
45ab44b706ad404185a1ded76d5f57ae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036
OpenProcessToken
d3dcompiler_47
D3DCompile
gdi32
DeleteObject
GetDeviceCaps
CreateRectRgn
kernel32
CloseHandle
GetCurrentThreadId
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlVirtualUnwind
ReleaseSRWLockShared
AcquireSRWLockShared
SetHandleInformation
GetCurrentProcessId
TryAcquireSRWLockExclusive
GetModuleHandleW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
WaitForSingleObject
LoadLibraryExW
GetLastError
GetProcAddress
CreateEventA
FreeLibrary
GetModuleFileNameW
SetThreadErrorMode
GetConsoleMode
Sleep
FormatMessageW
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
SleepConditionVariableSRW
LoadLibraryA
GetModuleHandleA
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetSystemInfo
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
DuplicateHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
ntdll
NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtCreateFile
ole32
RevokeDragDrop
CoInitializeEx
CoUninitialize
CoCreateInstance
RegisterDragDrop
OleInitialize
shell32
DragQueryFileW
DragFinish
user32
CreateIcon
DestroyIcon
GetRawInputData
IsProcessDPIAware
GetWindowRect
GetWindowPlacement
DestroyWindow
GetCursorPos
ReleaseCapture
PostMessageW
IsWindowVisible
GetForegroundWindow
RegisterClassExW
CreateWindowExW
SetWindowLongPtrW
RedrawWindow
GetClientRect
LoadCursorW
SetCursor
FlashWindowEx
MapVirtualKeyA
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetWindowLongPtrW
DefWindowProcW
ChangeDisplaySettingsExW
PeekMessageW
ToUnicodeEx
SetWindowPlacement
SetWindowPos
InvalidateRgn
GetActiveWindow
GetSystemMetrics
RegisterTouchWindow
ValidateRect
GetUpdateRect
ScreenToClient
TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
OpenClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
GetDC
CloseClipboard
RegisterWindowMessageA
RegisterRawInputDevices
MsgWaitForMultipleObjectsEx
SetCapture
SystemParametersInfoA
MonitorFromPoint
SetWindowTextW
MapVirtualKeyW
SendInput
SetForegroundWindow
SendMessageW
SetWindowLongW
ShowWindow
GetWindowLongW
GetMenu
AdjustWindowRectEx
ClientToScreen
GetClipCursor
ClipCursor
ShowCursor
GetKeyState
GetKeyboardState
GetKeyboardLayout
ws2_32
bind
connect
ioctlsocket
getsockname
getpeername
getsockopt
closesocket
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
WSASocketW
shutdown
dwmapi
DwmEnableBlurBehindWindow
winmm
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
uxtheme
SetWindowTheme
imm32
ImmGetContext
ImmReleaseContext
ImmAssociateContextEx
ImmGetCompositionStringW
bcrypt
BCryptGenRandom
userenv
GetUserProfileDirectoryW
vcruntime140
memcmp
__CxxFrameHandler3
__C_specific_handler
__current_exception
__current_exception_context
memmove
memset
memcpy
api-ms-win-crt-math-l1-1-0
round
fmodf
ceil
exp2
truncf
floorf
__setusermatherr
roundf
ceilf
powf
pow
floor
trunc
exp2f
api-ms-win-crt-runtime-l1-1-0
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
strerror
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
api-ms-win-crt-string-l1-1-0
strlen
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
Sections
.text Size: 6.8MB - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ