download[.]php?file=update[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

download.php?file=update.exe
Size

1.4MB
MD5

1deefe6649699946590856e901bbe5ff
SHA1

a2183901f65b6789494ab712c54b6202a56ca5a0
SHA256

c1e42d8b76a86ea1890ad080e69a04c75a5f2c0484bdcd838dc8fa908dd4a84c
SHA512

d6a2c527a8ccc216e0e23826d11eac5e7edaa8265eb7388d162fafe97c794f87b853f156790abbded8f4dab728b91ac3bc6b5ae1840ff23dc88d397aade8be30
SSDEEP

24576:LHWtE7VXaPMV+gP0ay5lxTu7StVXQyawK0JxWGoVCLpCHiPKdCXpA05YVGVDyMFR:LHWGYg8HPugVXGwTJ4GoUL3PB5A05xVZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
download.php?file=update.exe

Files

download.php?file=update.exe
.exe windows:4 windows x86 arch:x86

f5dfddd6a86649f27882f151e32580a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ole32

CoInitialize
CoCreateInstance

user32

PeekMessageW
ExitWindowsEx
GetDlgItemTextW
SetWindowTextW
ShowWindow
MessageBoxW
CreateDialogParamW
LoadIconW
GetMessageW
EnableWindow
GetDlgItem
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetDlgItemTextW
DestroyWindow
SendMessageW

advapi32

RegSetValueExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

msvcrt

memmove
memcmp
memcpy
memset
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
free
malloc

kernel32

ReadFile
CloseHandle
CreateFileW
FormatMessageW
LocalFree
DeleteFileW
CreateDirectoryW
WriteFile
lstrlenW
GetFileAttributesW
SetFileAttributesW
SetFileTime
MoveFileExW
GetLastError
lstrcatW
SetFilePointer
GetVersionExW
LoadLibraryExW
GetSystemDirectoryW
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameW
GetCommandLineW
lstrcpynW
GetModuleHandleW
GetProcAddress
lstrcpyW
GetCurrentProcess

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5dfddd6a86649f27882f151e32580a6

Headers

DLL Characteristics

File Characteristics

Imports

version

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB