Windows10UpgraderApp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Windows10UpgraderApp.exe
Size

1.9MB
MD5

4b24d6dd32482d252dd61f856c719531
SHA1

091977a8c83447b01bf9a0ca90e2e4f6e5de37a1
SHA256

daabb3aef3ba7bb5ef598f7c755ca417844622954a3d7128a3dbd0a5a40474f8
SHA512

3253dd913b5b6e2efd3c979158974425af9c8084d16fed003a31b12cd92d5eab4049fcc2e71ded728645fa9ee807195ced113d3a6633dce10ab2db9078d0a09d
SSDEEP

49152:2ccXiMHPGS0JOhQQZm+5jW9lkqWEp9kkpDLviR:EiZ9O

Score

1^/10

Malware Config

Signatures

Files

Windows10UpgraderApp.exe
.exe windows:6 windows x86 arch:x86

Password: infected

d530a0b4b38ff9004f1a7a9b0366d2af

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:e8:46:7f:34:35:4a:b3:39:d2:da:98:52:6b:3d:1b:cf:30:53:c1:cc:6d:d8:09:30:4d:77:2d:0a:6d:7c:41
Signer

Actual PE Digest

7a:e8:46:7f:34:35:4a:b3:39:d2:da:98:52:6b:3d:1b:cf:30:53:c1:cc:6d:d8:09:30:4d:77:2d:0a:6d:7c:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Windows10UpgraderApp.pdb

Imports

mfc42u

ord2977
ord3142
ord3254
ord4459
ord324
ord3592
ord1165
ord1105
ord4215
ord2576
ord6266
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord800
ord4155
ord540
ord815
ord5298
ord4692
ord5710
ord2717
ord3948
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord561
ord3733
ord1131
ord2388
ord3341
ord5296
ord4074
ord5303
ord5285
ord641
ord2506
ord2078
ord825
ord4269
ord818
ord5714
ord6211
ord2680
ord2810
ord942
ord861
ord700
ord5590
ord4184
ord398
ord2294
ord755
ord470
ord850
ord4229
ord3658
ord1569
ord2447
ord1637
ord2858
ord6376
ord5261
ord6048
ord1767
ord4419
ord2430
ord5276
ord4847
ord4992
ord3434
ord1941
ord5286
ord413
ord711
ord913
ord823
ord6374
ord4282
ord567
ord5273
ord2116
ord2127
ord2438
ord5257
ord1720
ord6195
ord4294
ord6193
ord5059
ord3744
ord6372
ord1761
ord2047
ord2640
ord4029
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2371
ord2377
ord5237
ord4401
ord1768
ord4073
ord4621
ord6051
ord4508
ord3397
ord1143
ord3649
ord4704

msvcrt

memset
wcsstr
wcscpy_s
memcpy
swprintf_s
memmove_s
_wcsicmp
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
towlower
_wtoi
memcpy_s
strrchr
?what@exception@@UBEPBDXZ
strcspn
bsearch
wcschr
_vscwprintf
memmove
wcscat_s
?name@type_info@@QBEPBDXZ
__RTtypeid
_ftime64
__isascii
iswalnum
wcsncmp
localeconv
wcsncpy_s
fputwc
free
ungetwc
ungetc
fgetpos
fflush
fgetc
??1exception@@UAE@XZ
_vsnwprintf
fsetpos
___mb_cur_max_func
setvbuf
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
fgetwc
??0exception@@QAE@XZ
swscanf_s
fwrite
fseek
fclose
_wgetenv
wcstoul
_ultow
sprintf_s
memchr
_except_handler4_common
_controlfp
?terminate@@YAXXZ
__uncaught_exception
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
abort
_callnewh
__crtGetStringTypeW
malloc
__mb_cur_max
__pctype_func
__crtLCMapStringW
_wfsopen
setlocale
___lc_codepage_func
___lc_handle_func
_purecall
vswprintf_s
_errno
wcstok_s
wcstombs
_wcsnicmp
time
_CxxThrowException
__CxxFrameHandler3

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownW
RegDeleteKeyW
RegOpenKeyExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceConfigW
StartServiceW
ControlService
RegQueryInfoKeyW
RegEnumKeyExW
RegGetValueW
QueryServiceStatusEx
ChangeServiceConfigW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam

comctl32

InitCommonControlsEx

gdi32

CreateSolidBrush

kernel32

SetErrorMode
GetFileAttributesW
GetFullPathNameW
WriteFile
SetFilePointer
SetFileAttributesW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetExitCodeProcess
GlobalUnlock
GlobalLock
IsWow64Process
GlobalFree
GetFileSizeEx
WritePrivateProfileStringW
CompareStringW
CreateFileW
LoadLibraryW
GlobalAlloc
SetEnvironmentVariableW
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentDirectoryW
CompareStringOrdinal
GetEnvironmentVariableW
FindNextFileW
FindClose
FindFirstFileW
CopyFileW
LoadLibraryExW
FreeLibrary
CreateThread
GetDiskFreeSpaceExW
GetTempPathW
SetThreadPriority
GetVersionExW
WaitForSingleObject
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetNativeSystemInfo
ExpandEnvironmentStringsW
DeleteFileW
CreateProcessW
LocalFree
GetExitCodeThread
ExitThread
GetSystemPowerStatus
GetProcessHeap
SetThreadExecutionState
HeapFree
HeapAlloc
GetCommandLineW
GetSystemTime
GetModuleFileNameW
Sleep
GetTickCount
SystemTimeToFileTime
GetSystemDefaultUILanguage
CloseHandle
ReleaseMutex
DeleteCriticalSection
GetUserDefaultUILanguage
EnterCriticalSection
GetProcAddress
GetLastError
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetModuleHandleExW
CreateMutexW
FileTimeToSystemTime
GetPrivateProfileStringW
SetLastError
RemoveDirectoryW
InitializeCriticalSectionAndSpinCount
OpenProcess
OpenMutexW
GetSystemWindowsDirectoryW
GetCurrentThreadId

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
CoInitializeEx
StringFromGUID2
StringFromIID

oleaut32

VariantClear
SysStringLen
VariantInit
SysAllocStringLen
SysFreeString

netapi32

NetGetJoinInformation
NetApiBufferFree
NetUserDel

shell32

SHChangeNotify
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

shlwapi

StrStrIW
PathFindFileNameW
StrChrW
PathFileExistsW
PathRemoveFileSpecW
PathGetDriveNumberW

userenv

DeleteProfileW

urlmon

URLDownloadToFileW

user32

CloseClipboard
EmptyClipboard
SetClipboardData
SetActiveWindow
GetTopWindow
OpenClipboard
AttachThreadInput
SetFocus
GetForegroundWindow
GetWindowThreadProcessId
GetWindow
GetKeyState
GetSystemMenu
GetWindowRect
PostQuitMessage
DefWindowProcW
UpdateWindow
SendMessageW
GetSystemMetrics
CreateWindowExW
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
RegisterClassExW
FindWindowW
LoadCursorW
DestroyWindow
AdjustWindowRect
EnableWindow
CreatePopupMenu
GetLastInputInfo
LoadStringW
GetCursorPos
GetDesktopWindow
SetWindowLongW
EnableMenuItem
AppendMenuW
GetWindowLongW
LoadIconW
GetClientRect
DrawIcon
SetForegroundWindow
PostMessageW
IsIconic

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

downloader

GetEsd

wininet

DeleteUrlCacheEntryW

psapi

GetModuleFileNameExW
EnumProcesses

crypt32

CertGetNameStringW
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext

wintrust

WinVerifyTrust

ntdll

RtlGetVersion
RtlAllocateHeap
RtlFreeHeap
NtQueryLicenseValue

Sections

.text
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d530a0b4b38ff9004f1a7a9b0366d2af

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:dfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7a:e8:46:7f:34:35:4a:b3:39:d2:da:98:52:6b:3d:1b:cf:30:53:c1:cc:6d:d8:09:30:4d:77:2d:0a:6d:7c:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

comctl32

gdi32

kernel32

ole32

oleaut32

netapi32

shell32

secur32

shlwapi

userenv

urlmon

user32

version

downloader

wininet

psapi

crypt32

wintrust

ntdll

Sections

.text Size: 463KB - Virtual size: 462KB

.data Size: 6KB - Virtual size: 21KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 38KB - Virtual size: 37KB

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7a:e8:46:7f:34:35:4a:b3:39:d2:da:98:52:6b:3d:1b:cf:30:53:c1:cc:6d:d8:09:30:4d:77:2d:0a:6d:7c:41
Signer

.text
Size: 463KB - Virtual size: 462KB

.data
Size: 6KB - Virtual size: 21KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 38KB - Virtual size: 37KB