Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Mar-18 11:47:03 |
Detected languages |
English - United States
|
CompanyName | Microsoft Corporation |
FileDescription | Windows ipdate Standalone ikstaller |
FileVersion | 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
InternalName | wusa.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | wusa.exe |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 6.1.7601.17514 |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: NTMMCUHN
Issuer: NTMMCUHN |
Malicious | VirusTotal score: 58/70 (Scanned on 2019-11-13 14:16:47) |
MicroWorld-eScan:
Trojan.GenericKD.31803877
FireEye: Generic.mg.611dc5874a6eed36 CAT-QuickHeal: Trojan.AgentPMF.S5629287 McAfee: Trojan-FQPI!611DC5874A6E Cylance: Unsafe VIPRE: Trojan.Win32.Generic.pak!cobra SUPERAntiSpyware: Trojan.Agent/Gen-Emotet K7AntiVirus: Trojan ( 00546c801 ) Alibaba: Trojan:Win32/Emotet.fa56c070 K7GW: Trojan ( 00546c801 ) CrowdStrike: win/malicious_confidence_100% (D) Arcabit: Trojan.Generic.D1E549E5 Invincea: heuristic F-Prot: W32/Emotet.SN.gen!Eldorado Symantec: Packed.Generic.459 APEX: Malicious Paloalto: generic.ml ClamAV: Win.Trojan.Emotet-6912292-0 Kaspersky: Trojan-Banker.Win32.Emotet.cpcp BitDefender: Trojan.GenericKD.31803877 NANO-Antivirus: Trojan.Win32.Emotet.foduft Avast: Win32:DangerousSig [Trj] Ad-Aware: Trojan.GenericKD.31803877 Sophos: Mal/Emotet-Q Comodo: TrojWare.Win32.Banker.XE@83s6vi F-Secure: Trojan.TR/Crypt.Agent.zubaq DrWeb: Trojan.Emotet.652 Zillya: Trojan.Emotet.Win32.15962 TrendMicro: TrojanSpy.Win32.EMOTET.SMA McAfee-GW-Edition: Trojan-FQPI!611DC5874A6E Fortinet: W32/Kryptik.CBF!tr Trapmine: malicious.high.ml.score Emsisoft: Trojan.GenericKD.31803877 (B) Ikarus: Trojan-Banker.Emotet Cyren: W32/Emotet.SN.gen!Eldorado Jiangmin: Trojan.Banker.Emotet.khq Webroot: W32.Trojan.Emotet Avira: TR/Crypt.Agent.zubaq Antiy-AVL: Trojan[Banker]/Win32.Emotet Endgame: malicious (high confidence) Microsoft: Trojan:Win32/Emotet.PA!MTB AegisLab: Trojan.Win32.Emotet.L!c ZoneAlarm: Trojan-Banker.Win32.Emotet.cpcp AhnLab-V3: Malware/Gen.Generic.C3105554 Acronis: suspicious BitDefenderTheta: Gen:NN.ZexaF.32250.uq1@aidFg8di ALYac: Trojan.GenericKD.31803877 VBA32: BScope.Malware-Cryptor.Emotet Malwarebytes: Trojan.Emotet ESET-NOD32: a variant of Win32/Kryptik.GPCF TrendMicro-HouseCall: TrojanSpy.Win32.EMOTET.SMA Rising: Trojan.Generic@ML.100 (RDML:XoR+/aWVb291qM2XgzMCtQ) Yandex: Trojan.PWS.Emotet! GData: Trojan.GenericKD.31803877 AVG: Win32:DangerousSig [Trj] Cybereason: malicious.74a6ee Panda: Trj/GdSda.A Qihoo-360: Win32/Trojan.c42 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2019-Mar-18 11:47:03 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0xb200 |
SizeOfInitializedData | 0x45a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001D40 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xd000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x54000 |
SizeOfHeaders | 0x400 |
Checksum | 0x56140 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetCommandLineW
GetCPInfo GetACP FreeEnvironmentStringsW FormatMessageW FlushFileBuffers GetConsoleCP EnterCriticalSection EncodePointer DeleteCriticalSection DecodePointer CreateFileW VirtualAllocEx GetConsoleMode GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetEnvironmentStringsW GetFileType GetLastError GetModuleFileNameW GetModuleHandleExW GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetStartupInfoW GetStdHandle GetStringTypeW lstrcatW WriteFile WideCharToMultiByte UnhandledExceptionFilter TlsSetValue TlsGetValue TlsFree TlsAlloc Sleep SetUnhandledExceptionFilter SetLastError RtlUnwind QueryPerformanceCounter OutputDebugStringW MultiByteToWideChar LoadLibraryW LoadLibraryExW LeaveCriticalSection LCMapStringW IsValidCodePage IsProcessorFeaturePresent IsDebuggerPresent InterlockedIncrement InterlockedDecrement InitializeCriticalSectionAndSpinCount HeapSize HeapReAlloc HeapFree HeapAlloc ExitProcess GetSystemTimeAsFileTime GetModuleHandleA |
---|---|
USER32.dll |
GetMenuState
GetMessageA GetMessagePos GetMessageTime GetNextDlgGroupItem GetNextDlgTabItem GetParent GetPropA GetSubMenu GetSysColor GetSysColorBrush GetTopWindow GetWindow GetWindowDC GetWindowLongA GetWindowPlacement GetWindowRect GetWindowTextA GetWindowTextLengthA GetWindowTextLengthW GetWindowTextW GetWindowThreadProcessId GrayStringA GetMenuItemID InflateRect IntersectRect InvalidateRect IsChild IsClipboardFormatAvailable IsDialogMessageA IsIconic IsRectEmpty IsWindow IsWindowEnabled IsWindowUnicode IsWindowVisible KillTimer LoadBitmapA LoadCursorA LoadIconA LoadImageA LoadImageW LoadStringA LockWindowUpdate MapDialogRect MapWindowPoints MessageBeep MessageBoxA MessageBoxW ModifyMenuA ModifyMenuW MoveWindow MsgWaitForMultipleObjects OffsetRect PeekMessageA PostMessageA PostQuitMessage PostThreadMessageA PtInRect RegisterClassA RegisterClipboardFormatA RegisterWindowMessageA ReleaseCapture ReleaseDC RemoveMenu RemovePropA ScreenToClient SendDlgItemMessageA SendMessageA SendMessageW SetActiveWindow SetCapture SetClipboardViewer SetCursor SetCursorPos SetDlgItemTextA SetDlgItemTextW SetFocus SetForegroundWindow SetMenuItemBitmaps SetParent SetPropA SetRect SetRectEmpty SetTimer SetWindowContextHelpId SetWindowLongA SetWindowPos SetWindowTextA SetWindowTextW SetWindowsHookExA ShowCaret ShowWindow SystemParametersInfoA SystemParametersInfoW TabbedTextOutA TrackPopupMenu TranslateMessage UnhookWindowsHookEx UnionRect UnregisterClassA UpdateWindow ValidateRect WinHelpA WindowFromPoint wsprintfA wsprintfW GetMenuItemCount GetMenuCheckMarkDimensions GetLastActivePopup GetKeyState GetForegroundWindow GetFocus GetDlgItemTextA GetDlgItem GetDlgCtrlID GetDCEx GetDC GetCursorPos GetClientRect GetClassNameA GetClassLongA GetClassInfoA GetCapture GetAsyncKeyState GetActiveWindow FrameRect FindWindowA FillRect ExitWindowsEx ExcludeUpdateRgn EqualRect EnumWindows EndPaint EndDialog EndDeferWindowPos EnableWindow EnableMenuItem DrawTextW DrawTextA DrawStateA DrawIconEx DrawIcon DrawFrameControl DrawFocusRect DispatchMessageA DestroyMenu DestroyIcon DeleteMenu DeferWindowPos DefWindowProcW DefWindowProcA DefDlgProcA CreateWindowExW CreateWindowExA CreatePopupMenu CreateDialogParamW CreateDialogParamA CreateDialogIndirectParamA CopyRect CopyIcon CopyAcceleratorTableA ClientToScreen CheckMenuRadioItem CheckMenuItem CharUpperA CharNextA ChangeClipboardChain CallWindowProcA CallNextHookEx BeginPaint BeginDeferWindowPos AppendMenuW AppendMenuA AdjustWindowRectEx EndMenu GetClipboardViewer GetDesktopWindow PaintDesktop GetSystemMetrics GetThreadDesktop DestroyWindow GetMenu DrawMenuBar OpenIcon HideCaret |
GDI32.dll |
GetDCPenColor
DeleteDC BeginPath CreateDCW CreateFontIndirectW CreatePen CreateSolidBrush DeleteObject EngDeletePalette EnumICMProfilesW EnumObjects GdiConvertBitmapV5 GdiEntry4 GdiEntry6 GdiFixUpHandle GdiRealizationInfo GdiSetPixelFormat GdiStartDocEMF GdiSwapBuffers GetClipRgn GetDeviceCaps GetGlyphIndicesW GetRegionData GetStockObject GetTextAlign GetTextCharacterExtra GetTextFaceW LineTo MoveToEx PolyPolyline PolyTextOutA RectVisible Rectangle ResetDCA STROBJ_dwGetCodePage SelectObject SetAbortProc SetBitmapBits SetColorSpace SetGraphicsMode SetLayout SetPixel StretchDIBits UpdateICMRegKeyW XLATEOBJ_piVector bInitSystemAndFontsDirectoriesW CreatePatternBrush |
ADVAPI32.dll |
RegQueryValueExA
RegOpenKeyA AllocateAndInitializeSid CheckTokenMembership ConvertStringSecurityDescriptorToSecurityDescriptorW CryptAcquireContextW CryptCreateHash CryptDestroyHash CryptGetHashParam CryptHashData CryptReleaseContext DuplicateToken FreeSid LookupAccountNameW OpenThreadToken RegCloseKey RegCreateKeyExW RegDeleteKeyW RegDeleteValueW RegEnumKeyExW RegEnumValueW RegNotifyChangeKeyValue RegOpenKeyExW RegQueryValueExW RegSetValueExW RegisterServiceCtrlHandlerW SetFileSecurityW SetServiceStatus SetThreadToken StartServiceCtrlDispatcherW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.1.7601.17514 |
ProductVersion | 6.1.7601.17514 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Windows ipdate Standalone ikstaller |
FileVersion (#2) | 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
InternalName | wusa.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | wusa.exe |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 6.1.7601.17514 |
Resource LangID | English - United States |
---|
XOR Key | 0x84681311 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 build 21022) | 1 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 9 |
Total imports | 324 |
C objects (VS2008 build 21022) | 1 |
Unmarked objects (#2) | 2 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |