C:\Users\Administrator\source\repos\Updater\FZ\Updater.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Updater.exe
Resource
win10v2004-20240802-en
General
-
Target
Updater.exe
-
Size
1.1MB
-
MD5
ae27ffa80489dd0e188ed6b60e36f965
-
SHA1
05f7012723ce29e15eda68464734a43febb85bf9
-
SHA256
6f7005a64375c8a9cedd118b973707d2d68ef1bf1325ca563d6e6bd496c14db7
-
SHA512
81f2a0b1cb5fb3da0b51cfdb0425276975e73cc61dea1346a9cbc0ce596df0cd8f3bad278b2cd9175c61f12e4a8a37f2ed4cd2e0431c9c2e38701fd32cf603b9
-
SSDEEP
24576:KcsNg0PzlHw/bsBoa43DqmobxyltGvaWEBM:NiGeFxiteE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Updater.exe
Files
-
Updater.exe.exe windows:6 windows x86 arch:x86
450e57c3bd77f7842566867cea4e5f00
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
GetProcAddress
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
FormatMessageW
SetLastError
GetModuleFileNameA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeProcess
FormatMessageA
CreateProcessA
LocalFree
CreateThread
CloseHandle
GetLastError
Sleep
WaitForSingleObject
GetStdHandle
GetCurrentProcess
SetConsoleTitleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
PeekNamedPipe
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
crypt32
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
ws2_32
WSAEventSelect
getsockopt
WSAResetEvent
gethostname
WSAEnumNetworkEvents
ioctlsocket
WSAWaitForMultipleEvents
getpeername
closesocket
sendto
WSAGetLastError
ntohs
WSASetLastError
recvfrom
freeaddrinfo
WSACreateEvent
WSAStartup
WSACleanup
setsockopt
WSAIoctl
getaddrinfo
htons
socket
__WSAFDIsSet
recv
select
accept
bind
connect
WSACloseEvent
listen
send
getsockname
htonl
normaliz
IdnToAscii
IdnToUnicode
wldap32
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46
ord143
ord217
msvcp140
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?xalloc@ios_base@std@@SAHXZ
?iword@ios_base@std@@QAEAAJH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
bcrypt
BCryptGenRandom
vcruntime140
__current_exception
_CxxThrowException
strstr
memmove
memchr
memcpy
__current_exception_context
strchr
memset
__std_terminate
__std_exception_copy
__std_exception_destroy
_except_handler4_common
strrchr
__CxxFrameHandler3
api-ms-win-crt-stdio-l1-1-0
_write
_read
fputc
__acrt_iob_func
_lseeki64
fflush
fclose
__stdio_common_vsprintf
fgetc
_open
fopen
_close
__stdio_common_vfprintf
_isatty
ftell
feof
_fileno
fwrite
fputs
__p__commode
fopen_s
fseek
_set_fmode
__stdio_common_vsscanf
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgets
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_exit
__sys_nerr
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_errno
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
_beginthreadex
_set_app_type
exit
_initterm
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
__sys_errlist
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
calloc
malloc
realloc
_callnewh
api-ms-win-crt-math-l1-1-0
round
__setusermatherr
_dclass
_fdopen
_dsign
api-ms-win-crt-convert-l1-1-0
atoi
strtoull
strtoul
strtol
strtoll
strtod
wcstombs
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_fstat64
_unlink
_stat64
_unlock_file
remove
_access
api-ms-win-crt-string-l1-1-0
_strdup
strncmp
strpbrk
strspn
strncpy
tolower
strcspn
api-ms-win-crt-locale-l1-1-0
localeconv
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_gmtime64
strftime
_time64
Sections
.text Size: 438KB - Virtual size: 437KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 380KB - Virtual size: 381KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ