upgrade[.]exe | Triage

Sharing

General

Target

upgrade.exe
Size

13KB
MD5

fd4bf565af2154c5651a5d34bf993660
SHA1

4419971b7bf4fd32393707a5c18c66b19ffb46a0
SHA256

d0ec7df89e17c336e054aeb8dc433226fceff8dfc7d35f4f56dec398a6c1677e
SHA512

7b2c652f9d30cb434c57d11394e9d5c8267e923d2e3277ba643ae4560e7784eadee1911a6e2f9dd572cb812ed5924d0e61636ada2cb821b2e639a664da89d9f8
SSDEEP

192:MyM3mQn/knz2JA4GbfXi/VUktqq/Fb+pkVwpzRNca4a:MyM2Qn9C4GbfuVDqq1+Gw1Qa4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
upgrade.exe

Files

upgrade.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\updater_\obj\Release\upgrade.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ