4ceed46ddab911ae1298422bfb12460c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Jan-17 06:48:56
Detected languages English - United States
Debug artifacts upfc.pdb
CompanyName Microsoft Corporation
FileDescription Updateability From SCM
FileVersion 10.0.17134.1 (WinBuild.160101.0800)
InternalName UPFC
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename upfc.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.17134.1

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Suspicious The PE contains functions most legitimate programs don't use. Can access the registry:
  • RegSetValueExW
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegCreateKeyExW
  • RegCloseKey
 Interacts with services:
  • QueryServiceConfigW
  • QueryServiceConfig2W
  • ChangeServiceConfigW
  • OpenSCManagerW
  • OpenServiceW
 Changes object ACLs:
  • SetSecurityInfo
Info The PE is digitally signed. Signer: Microsoft Windows Publisher
Issuer: Microsoft Windows Production PCA 2011
Safe VirusTotal score: 0/73 (Scanned on 2024-07-08 12:35:30) All the AVs think this file is safe.

Hashes

MD5 4ceed46ddab911ae1298422bfb12460c
SHA1 2a3bfed90c680fc78e229091b6786aaf9655aa6b
SHA256 1a20f7a7bbaf5b7d4435471a2cf3ec96787b068f1a63caa5dedc52b8faaa60c8
SHA3 a8b33331c9638778b2146dee82c156f298ac17c1e33871f317cd858815cc2bb6
SSDeep 1536:IJY1Xjv7mjVN0OpMSzkqkWHL9yBpDdv7M8T84Rrrjbk9RP+S+sjT6NfPN:IJYtmj6C7HRM9S0trvkPHDjT6NfV
Imports Hash f0da8aeed5a338157d22bf69d307a84e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2019-Jan-17 06:48:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x10400
SizeOfInitializedData 0x8c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000010450 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0x293d6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x80000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1531ff113218e8382aab74d56d5ce54c
SHA1 ea5cbb11f80ad0e6aa41041daf7ae96f42493999
SHA256 4cdb17081337bdb3cb5a015b236c9a44f9a3b47ea532491669048664bb04d8b5
SHA3 52f6c77ab29612ddb7c310ae19237b691efa6a0f6873ce1c913d2bc68d19f47c
VirtualSize 0x103d5
VirtualAddress 0x1000
SizeOfRawData 0x10400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.40839

.rdata

MD5 0c36067f95e5d7bfc23f7b85bcf68e0f
SHA1 8a12bef10633d5b1110047da7d271ae08e83eaf1
SHA256 186f538654d4d488e9175f836f4775aae1992dee2f8ab0ee23a9bf1821289d40
SHA3 9bb41e005eacb21ece9445ce93b6332652e261838c5b9eeaa268e95c1c5284f0
VirtualSize 0x6bd8
VirtualAddress 0x12000
SizeOfRawData 0x6c00
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.07584

.data

MD5 96c8d91bb04a1c32810d05a52ee37d71
SHA1 e49c22b0f3034f8ae9e37af3043cecb41e3c97b8
SHA256 9bf9154886593f5484f6fc6d13caeb3fb778ae612f374a9e80684e3485f1708d
SHA3 e9d1c5c138824572ca42c669fe986d034c7a3b56efafc04e3a1af98f4103438f
VirtualSize 0xc68
VirtualAddress 0x19000
SizeOfRawData 0x400
PointerToRawData 0x17400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.5363

.pdata

MD5 8b1f1d288294b35a8ca2484f5a7e2cec
SHA1 e199749bf52ef4bc194d7798772303e63f270098
SHA256 c74ef8bdb70f29d5bbd7da06cdd60daa4ddf0595d9feca9c05e3d355dca20077
SHA3 bfdfc7130234af48ca5adf6dd2f8aa7de7acff755a76498e0ebeb06777e5cfac
VirtualSize 0x648
VirtualAddress 0x1a000
SizeOfRawData 0x800
PointerToRawData 0x17800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.01749

.rsrc

MD5 892f1c3dd3473bebbdf97c7f13116579
SHA1 c4f0ada7af5c5f5ce7d211b53925f50afc27f836
SHA256 44b1e2e7880b92998febd0715898b3a5b49deb679eed9356911d3474f955b37c
SHA3 2393995ebd3c8da4d04c999989701edf9e6762f65f02ce96edc5a905dadcac82
VirtualSize 0x6f8
VirtualAddress 0x1b000
SizeOfRawData 0x800
PointerToRawData 0x18000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.02588

.reloc

MD5 199048bbb312ab2510d5ee480b319110
SHA1 5d1be7e7d81300455f0ea5c1a42f3670f81f9822
SHA256 7f5ce8292584030b4457691b792be3383bdd3b8dc4e6fca8a5a977a7bcbf21b6
SHA3 3a385a2aab889cd2bc5a96928350a9aeb4eda8db105ead8450306de3db27ee05
VirtualSize 0x154
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x18800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.78767

Imports

api-ms-win-crt-runtime-l1-1-0.dll _initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
api-ms-win-crt-string-l1-1-0.dll memset
wcscmp
api-ms-win-crt-private-l1-1-0.dll _o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstombs_s
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
strchr
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
api-ms-win-core-libraryloader-l1-2-0.dll GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
api-ms-win-core-debug-l1-1-0.dll DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0.dll GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
api-ms-win-core-sysinfo-l1-1-0.dll GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll InitializeSListHead
api-ms-win-core-rtlsupport-l1-1-0.dll RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0.dll SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-processthreads-l1-1-1.dll IsProcessorFeaturePresent
GetProcessMitigationPolicy
api-ms-win-eventing-provider-l1-1-0.dll EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
api-ms-win-core-com-l1-1-0.dll CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
api-ms-win-core-string-obsolete-l1-1-0.dll lstrcmpiW
api-ms-win-core-handle-l1-1-0.dll CloseHandle
api-ms-win-core-sysinfo-l1-2-0.dll GetNativeSystemInfo
api-ms-win-core-registry-l1-1-0.dll RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
api-ms-win-core-timezone-l1-1-0.dll FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-core-localization-l1-2-0.dll FormatMessageW
api-ms-win-core-path-l1-1-0.dll PathCchCombine
api-ms-win-core-file-l1-1-0.dll FindFirstFileW
FindNextFileW
FindClose
api-ms-win-service-management-l2-1-0.dll QueryServiceConfigW
QueryServiceConfig2W
ChangeServiceConfig2W
ChangeServiceConfigW
api-ms-win-service-management-l1-1-0.dll CloseServiceHandle
OpenSCManagerW
OpenServiceW
api-ms-win-core-heap-l1-1-0.dll HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-processenvironment-l1-1-0.dll ExpandEnvironmentStringsW
api-ms-win-security-sddl-l1-1-0.dll ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-security-base-l1-1-0.dll GetSecurityDescriptorSacl
api-ms-win-security-provider-l1-1-0.dll SetSecurityInfo
api-ms-win-core-heap-l2-1-0.dll LocalAlloc
LocalFree
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll StrStrW
api-ms-win-shcore-stream-l1-1-0.dll SHCreateStreamOnFileW
XmlLite.dll CreateXmlReader

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x38c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.45346
MD5 5dfa49112bf1c83ac2051f01cc2813de
SHA1 3d43d3673e51d66142d52a6aff637701bba6ae11
SHA256 27914360aa8cf4243e04218fef8130f67592ebb951011bf0f766feb463dae2e1
SHA3 8cba2decc4a4ff0824a572cf4ac5efa09a786a12f9e915ccbf93fff76cdc17fe

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x2c6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.83715
MD5 8085d07f0db8e82d7ceea8371ec6e7d2
SHA1 15d6813252fe67888ecc7260655080787056707d
SHA256 af3ff2a05d35eede59cb05d05576ca8bf07dca34cf32778c037c5cf85772dd6d
SHA3 e7ac2383e1665e9dcb2bbd260c99682266faea7f069c399a4ead95b26e5a10d2

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.17134.1
ProductVersion 10.0.17134.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Updateability From SCM
FileVersion (#2) 10.0.17134.1 (WinBuild.160101.0800)
InternalName UPFC
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename upfc.exe
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.17134.1
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Jan-17 06:48:56
Version 0.0
SizeofData 33
AddressOfRawData 0x16bc8
PointerToRawData 0x153c8
Referenced File upfc.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Jan-17 06:48:56
Version 0.0
SizeofData 928
AddressOfRawData 0x16bec
PointerToRawData 0x153ec

UNKNOWN

Characteristics 0
TimeDateStamp 2019-Jan-17 06:48:56
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x100
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140019250
GuardCFCheckFunctionPointer 5368785216
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x5a1d899e
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 75
Total imports 1131
C objects (VS2015/2017 runtime 25711) 10
ASM objects (VS2015/2017 runtime 25711) 3
C++ objects (VS2015/2017 runtime 25711) 31
C++ objects (LTCG) (VS2015/2017 runtime 25711) 21
253 (VS2015/2017 runtime 25711) 1
Resource objects (VS2015/2017 runtime 25711) 1
Linker (VS2015/2017 runtime 25711) 1

Errors

<-- -->