Fwupdate[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Fwupdate.exe
Size

1.5MB
MD5

b381d106cf5f10999336637e9ac0d7e5
SHA1

885b8296e3e5e8f0823ddb70e24157986310d39a
SHA256

a9feedd22d05bbce2d830a1d789b43150db8bd35009dca9a693c42d40969acda
SHA512

c3e9e48fbd18f60b9426526c5704f87afc669c7aa5795d79aabf6fd7325d982a2c6495a65a1a6e9ebb27532e0d6a373a256bfe053c4b802c73c8068608812de4
SSDEEP

12288:RfsZAnSMwYlYRHytDWhkXrEaGmwCZr7MPB/g/ONpxxDeKmceOSrsdsbrKTX+4c45:W1Yl89kXrEaLi/g/wxrdQrl3wX+415

Score

1^/10

Malware Config

Signatures

Files

Fwupdate.exe
.exe windows:6 windows x86 arch:x86

864938cec430a26f15320afa9eac03ff

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:d1:c3:0e:24:f6:fa:6b:c5:59:47:e3:c7:fa:19:d3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/02/2022, 00:00

Not After

22/02/2023, 23:59

Subject

CN=Lenovo,OU=G06,O=Lenovo,L=Morrisville,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:4d:79:b7:84:06:f3:2d:39:b4:9f:c8:9e:6f:43:df:87:b4:e3:f6:aa:e9:44:b2:c6:9f:18:63:d3:61:4f:02
Signer

Actual PE Digest

8f:4d:79:b7:84:06:f3:2d:39:b4:9f:c8:9e:6f:43:df:87:b4:e3:f6:aa:e9:44:b2:c6:9f:18:63:d3:61:4f:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\patho\OneDrive\source\repos\MP\03_DBB9003L1\GW_IspConsole_New_20220225_Dynamic_TBT_ShowVer_ar_tbtdockfw10_TVSUxWEB_tvsu_exit0_sdk85\Release\GW_IspConsole.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
CM_Locate_DevNodeW
CM_Get_Device_IDW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
CM_Enable_DevNode
CM_Disable_DevNode

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetAttributes

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
SetThreadPriority
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
InitializeCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcessId
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetStdHandle
HeapQueryInformation
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
QueryPerformanceFrequency
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
OutputDebugStringW
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
lstrcmpW
lstrcmpA
GlobalDeleteAtom
TlsAlloc
GetStartupInfoW
LoadLibraryExW
GetVersionExW
GetCurrentThreadId
GetCurrentThread
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
WaitForSingleObject
SetEvent
ResumeThread
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
WriteFile
GetNativeSystemInfo
GetCommandLineW
CreateMutexW
LocalFree
FormatMessageW
FreeLibrary
LoadLibraryW
DeleteFileW
CreateFileW
SetFilePointer
GetFileSize
SetCurrentDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetProcAddress
TerminateProcess
ReadFile
CloseHandle
CreateProcessW
CreatePipe
GetConsoleWindow
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
Sleep
GetSystemPowerStatus
WinExec
GetModuleFileNameW
SetThreadExecutionState
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
SetConsoleMode
ReadConsoleInputW
SetErrorMode
RtlUnwind
SuspendThread
FileTimeToLocalFileTime
WriteConsoleW

user32

CharUpperW
DestroyMenu
InvalidateRect
RealChildWindowFromPoint
SetCursor
GetSysColorBrush
GetCursorPos
GetActiveWindow
GetMessageW
GetWindowThreadProcessId
ClientToScreen
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
SetWindowTextW
IsWindowEnabled
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
MessageBoxW
EnableWindow
MessageBoxA
GetDC
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextW
SetMenuItemBitmaps
LoadIconW
GetSysColor
LoadCursorW
SystemParametersInfoW
SendMessageW
IsWindow
OffsetRect
GetParent
GetSystemMetrics
ReleaseDC
GetWindowRect
GetClientRect
UpdateWindow
IsWindowVisible
RedrawWindow
PostMessageW
SetForegroundWindow
GetFocus
PeekMessageW
PtInRect
PostQuitMessage
SetTimer
KillTimer
SetRect
ShowWindow
TranslateMessage
DispatchMessageW
wsprintfW
CreateWindowExW
RegisterClassExW
RegisterDeviceNotificationW
CloseWindow
RemovePropW
GetPropW
SetPropW
GetScrollPos
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetMenuItemCount
FindWindowW
GetMenuItemID
GetSubMenu
SetRectEmpty

gdi32

CreateFontIndirectW
GetDeviceCaps
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontW
GetTextExtentPoint32W
CreateSolidBrush
GetStockObject
PatBlt
DeleteDC
SetBkColor
SetTextColor
CreateBitmap
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetMapMode
SetBkMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetClipBox
Escape
DeleteObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFileExistsW

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VariantClear
VariantChangeType
SysAllocString
VariantInit
SysFreeString

iphlpapi

GetAdaptersInfo

powrprof

PowerWriteACValueIndex
PowerWriteDCValueIndex

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

864938cec430a26f15320afa9eac03ff

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:d1:c3:0e:24:f6:fa:6b:c5:59:47:e3:c7:fa:19:d3Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

8f:4d:79:b7:84:06:f3:2d:39:b4:9f:c8:9e:6f:43:df:87:b4:e3:f6:aa:e9:44:b2:c6:9f:18:63:d3:61:4f:02Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

iphlpapi

powrprof

oleacc

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 10KB - Virtual size: 25KB

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 32KB - Virtual size: 32KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:d1:c3:0e:24:f6:fa:6b:c5:59:47:e3:c7:fa:19:d3
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8f:4d:79:b7:84:06:f3:2d:39:b4:9f:c8:9e:6f:43:df:87:b4:e3:f6:aa:e9:44:b2:c6:9f:18:63:d3:61:4f:02
Signer

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 32KB - Virtual size: 32KB