xZUpdater[.]exe

Resubmissions

16-06-2024 14:34

240616-rxmmka1cnn 3

16-06-2024 14:34

240616-rxdpnaxakg 3

Sharing

Copy URL

Twitter E-mail

General

Target

xZUpdater.exe
Size

4.0MB
MD5

03d44181b5e7a135d4a4ee9392a6632a
SHA1

dd6538ceeb979f34eba33b52dd950a60d352f1e5
SHA256

0d3adaeb1806a5845b55998281a530b8d79086bc8378dbae86d572af80678c4f
SHA512

ac465110a78ea30699f6563c2bf907781855ee99574cfd570cb69c2ac7f4bc9e0bf76bfcd6a501178554510d8c96aa0618660117c2eee3f6bcd0ec6ec5ff8869
SSDEEP

98304:DD9z89ENpcNM44/lAY2ekhgTcfdbMm0ECoJxInx:X1NoQd5Tcf23EdJSn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xZUpdater.exe

Files

xZUpdater.exe
.exe windows:6 windows x64 arch:x64

487bcfc2f89dd34c30de655dbafe9023

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetWaitableTimer
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

ws2_32

WSACleanup

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-heap-l1-1-0

_aligned_malloc

api-ms-win-crt-stdio-l1-1-0

fflush

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fsaf0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fsaf1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fsaf2
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

487bcfc2f89dd34c30de655dbafe9023

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: - Virtual size: 71KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 4KB

fsaf0 Size: - Virtual size: 2.3MB

fsaf1 Size: 3KB - Virtual size: 3KB

fsaf2 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 512B - Virtual size: 84B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 71KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 4KB

fsaf0
Size: - Virtual size: 2.3MB

fsaf1
Size: 3KB - Virtual size: 3KB

fsaf2
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 512B - Virtual size: 84B

.rsrc
Size: 512B - Virtual size: 480B