GoogleUpdate[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GoogleUpdate.exe
Size

5.7MB
MD5

7d03cd9e630b1b514d14d78613fc98d7
SHA1

a36c272e8967d0bb4b0c5a1110f7a81b740bbb97
SHA256

6cdc2355cf07a240e78459dd4dd32e26210e22bf5e4a15ea08a984a5d9241067
SHA512

ac1b498daba492eef2e76c182f05789c1227070ee534175fbcfb663cf6f73b153dfcc1e19edaa2ac18923f29e88c2489282fe75e096a98b04ecaa9cada120614
SSDEEP

98304:meYUKRcmYt2pvKDmTO/Fmb7LcxLq1XcuQY2i3/jYruDEO:hKamkkO/s7IxG1sgh/MSD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GoogleUpdate.exe

Files

GoogleUpdate.exe
.exe windows:5 windows x64 arch:x64

b01c8fa497b961d16760ef35c6f6fa8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAllocEx
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathW

ntdll

NtSetContextThread

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.llc0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.llc1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b01c8fa497b961d16760ef35c6f6fa8c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ntdll

wtsapi32

user32

Sections

.text Size: - Virtual size: 39KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 518KB

.pdata Size: - Virtual size: 3KB

.llc0 Size: - Virtual size: 3.4MB

.llc1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: - Virtual size: 39KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 518KB

.pdata
Size: - Virtual size: 3KB

.llc0
Size: - Virtual size: 3.4MB

.llc1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 12KB - Virtual size: 11KB