updater (3)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

updater (3).exe
Size

5.2MB
MD5

252625eb456fc6a9c60cce3d9615a879
SHA1

67e63e3c0446b5bf1b4d4aaad0498230fc65a2b5
SHA256

40626978cb838d76f89ad1e99eb759e2e41e1e30dbcad506f5a8418f50a7a65a
SHA512

b947708b6d44f923b93b1a217b24cac94f2c015fe3287474b5fcf7276553be7105ec56715831ee7d1b152fe7dc9a5a37aeaa702adad56032fa088220febebe68
SSDEEP

98304:MGFGo8+cPMa1SBL+we60zQNIqUZPG931p6vJcAnmWTpdv+7iXu2cRKpeqI/PIHJs:MGFGoo2B3e6hIrsHY7zpdv+7iebREej3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
updater (3).exe

Files

updater (3).exe
.exe windows:6 windows x64 arch:x64

9d0695e7124a89dfb80280cdf8168312

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetThreadContext

user32

GetForegroundWindow

gdi32

SelectObject

advapi32

GetUserNameW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ntdll

NtQueryInformationProcess

version

VerQueryValueW

wintrust

WinVerifyTrust

Sections

.text
Size: - Virtual size: 866KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._|j
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.U^Z
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

..?E
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d0695e7124a89dfb80280cdf8168312

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

version

wintrust

Sections

.text Size: - Virtual size: 866KB

.rdata Size: - Virtual size: 764KB

.data Size: - Virtual size: 16KB

.pdata Size: - Virtual size: 29KB

._|j Size: - Virtual size: 4.1MB

.U^Z Size: 512B - Virtual size: 216B

..?E Size: 5.2MB - Virtual size: 5.2MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 866KB

.rdata
Size: - Virtual size: 764KB

.data
Size: - Virtual size: 16KB

.pdata
Size: - Virtual size: 29KB

._|j
Size: - Virtual size: 4.1MB

.U^Z
Size: 512B - Virtual size: 216B

..?E
Size: 5.2MB - Virtual size: 5.2MB

.rsrc
Size: 512B - Virtual size: 480B