bd4140b5c3341f953686666db0e793a7bab321e369f22d28226076dc2d1257ec

Sharing

Copy URL Twitter E-mail

General

Target

bd4140b5c3341f953686666db0e793a7bab321e369f22d28226076dc2d1257ec
Size

869KB
MD5

a12e73a42404bc55b849f099ecce48f0
SHA1

67f11022408e1da03f945f050910a4aae1f8cfb4
SHA256

bd4140b5c3341f953686666db0e793a7bab321e369f22d28226076dc2d1257ec
SHA512

55d7f9d1d838e94e0a31f8388e739d48e8838d28d97bf9b3b1a5649eedb8c8c31e4ff2499e29ba5297be4fa3d7fe93a8562fa2ec1a5c0d249c0b069a29b23a8c
SSDEEP

12288:dejkVi0hVs7tz7BnSt3qkVcI5b0wvb1/OyanSeYoTjLL3hPcWlEC9/D:riUVsBz7BnUakj5b0wvJqSeYk3hEyH/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IE_Update_install/version.dll

Files

bd4140b5c3341f953686666db0e793a7bab321e369f22d28226076dc2d1257ec
.zip
IE_Update_install/IE_Update_install.exe
.exe windows:10 windows x64 arch:x64

793cbb4d9046e28819fce7335f7cab89

Code Sign

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:1f:a7:72:2b:8c:98:2a:c8:fe:ae:6e:31:95:7b:ef:09:53:d7:b9:d7:a4:af:66:2d:ac:75:b9:7d:b6:92:b6
Signer

Actual PE Digest

37:1f:a7:72:2b:8c:98:2a:c8:fe:ae:6e:31:95:7b:ef:09:53:d7:b9:d7:a4:af:66:2d:ac:75:b9:7d:b6:92:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mpextms.pdb

Imports

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
RtlCaptureContext

advapi32

RegCloseKey
RegGetValueW
RegOpenKeyExW
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegQueryValueExW

kernel32

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsThreadAFiber
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetStartupInfoW
SetStdHandle
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
ReadFile
ReadConsoleW
GetProcessHeap
RaiseException
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetTimeZoneInformation
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
CreateFileW
WriteConsoleW
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetLocalTime
HeapFree
GetTickCount64
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
DeleteFiber
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
SwitchToFiber
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
SubmitThreadpoolWork
SystemTimeToFileTime
ConvertFiberToThread
GetSystemTime
CreateFiberEx
ConvertThreadToFiber
CreateThreadpoolWork
WaitForSingleObject
CreateEventW
Sleep
ResetEvent
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SetEvent
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
HeapAlloc
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
CompareStringEx
GetCPInfo
GetStringTypeW
WideCharToMultiByte
LCMapStringEx
MultiByteToWideChar
LocalFree
GetLocaleInfoEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
ProcessIdToSessionId
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
GetFileInformationByHandleEx
FindFirstFileExW
GetFileAttributesExW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetEndOfFile

ole32

CoInitializeEx
CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

ShellExecuteExW

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IE_Update_install/version.dll
.dll windows:6 windows x64 arch:x64

99be29d5a7b5111aaa6c2befab6e6c7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
SizeofResource
GetCommandLineA
Sleep
LoadLibraryA
LockResource
LoadResource
FindResourceW
GetCurrentProcessId
GetLastError
LocalFree
FormatMessageA
CreateThreadpoolTimer
WriteProcessMemory
WriteFile
CreateFileW
DuplicateHandle
OpenProcess
SetEvent
CloseHandle
VirtualAllocEx
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
WaitForSingleObjectEx
CreateEventA
OpenEventA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
RtlUnwind

user32

MessageBoxW

ntdll

NtSetTimer2
NtQueryObject
RtlNtStatusToDosError
NtQueryInformationProcess
NtQueryInformationWorkerFactory

Exports

Exports

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

793cbb4d9046e28819fce7335f7cab89

Code Sign

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

37:1f:a7:72:2b:8c:98:2a:c8:fe:ae:6e:31:95:7b:ef:09:53:d7:b9:d7:a4:af:66:2d:ac:75:b9:7d:b6:92:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

advapi32

kernel32

ole32

version

shell32

Sections

.text Size: 636KB - Virtual size: 633KB

.rdata Size: 164KB - Virtual size: 161KB

.data Size: 28KB - Virtual size: 33KB

.pdata Size: 28KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

99be29d5a7b5111aaa6c2befab6e6c7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Exports

Exports

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 301KB - Virtual size: 301KB

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

37:1f:a7:72:2b:8c:98:2a:c8:fe:ae:6e:31:95:7b:ef:09:53:d7:b9:d7:a4:af:66:2d:ac:75:b9:7d:b6:92:b6
Signer

.text
Size: 636KB - Virtual size: 633KB

.rdata
Size: 164KB - Virtual size: 161KB

.data
Size: 28KB - Virtual size: 33KB

.pdata
Size: 28KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 301KB - Virtual size: 301KB

.reloc
Size: 4KB - Virtual size: 3KB