Manalyze report for 611dc5874a6eed36c4ab8ee80042fcc3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-18 11:47:03
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows ipdate Standalone ikstaller
FileVersion	`6.1.7601.17514 (win7sp1_rtm.101119-1850)`
InternalName	wusa.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	wusa.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.1.7601.17514`

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegQueryValueExA RegOpenKeyA RegCloseKey RegCreateKeyExW RegDeleteKeyW RegDeleteValueW RegEnumKeyExW RegEnumValueW RegNotifyChangeKeyValue RegOpenKeyExW RegQueryValueExW RegSetValueExW` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptDestroyHash CryptGetHashParam CryptHashData CryptReleaseContext` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState CallNextHookEx` `Functions related to the privilege level: CheckTokenMembership DuplicateToken` `Changes object ACLs: SetFileSecurityW` `Can take screenshots: GetDCEx GetDC FindWindowA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: NTMMCUHN` `Issuer: NTMMCUHN`
Malicious	VirusTotal score: 58/70 (Scanned on 2019-11-13 14:16:47)	`MicroWorld-eScan: Trojan.GenericKD.31803877` `FireEye: Generic.mg.611dc5874a6eed36` `CAT-QuickHeal: Trojan.AgentPMF.S5629287` `McAfee: Trojan-FQPI!611DC5874A6E` `Cylance: Unsafe` `VIPRE: Trojan.Win32.Generic.pak!cobra` `SUPERAntiSpyware: Trojan.Agent/Gen-Emotet` `K7AntiVirus: Trojan ( 00546c801 )` `Alibaba: Trojan:Win32/Emotet.fa56c070` `K7GW: Trojan ( 00546c801 )` `CrowdStrike: win/malicious_confidence_100% (D)` `Arcabit: Trojan.Generic.D1E549E5` `Invincea: heuristic` `F-Prot: W32/Emotet.SN.gen!Eldorado` `Symantec: Packed.Generic.459` `APEX: Malicious` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Emotet-6912292-0` `Kaspersky: Trojan-Banker.Win32.Emotet.cpcp` `BitDefender: Trojan.GenericKD.31803877` `NANO-Antivirus: Trojan.Win32.Emotet.foduft` `Avast: Win32:DangerousSig [Trj]` `Ad-Aware: Trojan.GenericKD.31803877` `Sophos: Mal/Emotet-Q` `Comodo: TrojWare.Win32.Banker.XE@83s6vi` `F-Secure: Trojan.TR/Crypt.Agent.zubaq` `DrWeb: Trojan.Emotet.652` `Zillya: Trojan.Emotet.Win32.15962` `TrendMicro: TrojanSpy.Win32.EMOTET.SMA` `McAfee-GW-Edition: Trojan-FQPI!611DC5874A6E` `Fortinet: W32/Kryptik.CBF!tr` `Trapmine: malicious.high.ml.score` `Emsisoft: Trojan.GenericKD.31803877 (B)` `Ikarus: Trojan-Banker.Emotet` `Cyren: W32/Emotet.SN.gen!Eldorado` `Jiangmin: Trojan.Banker.Emotet.khq` `Webroot: W32.Trojan.Emotet` `Avira: TR/Crypt.Agent.zubaq` `Antiy-AVL: Trojan[Banker]/Win32.Emotet` `Endgame: malicious (high confidence)` `Microsoft: Trojan:Win32/Emotet.PA!MTB` `AegisLab: Trojan.Win32.Emotet.L!c` `ZoneAlarm: Trojan-Banker.Win32.Emotet.cpcp` `AhnLab-V3: Malware/Gen.Generic.C3105554` `Acronis: suspicious` `BitDefenderTheta: Gen:NN.ZexaF.32250.uq1@aidFg8di` `ALYac: Trojan.GenericKD.31803877` `VBA32: BScope.Malware-Cryptor.Emotet` `Malwarebytes: Trojan.Emotet` `ESET-NOD32: a variant of Win32/Kryptik.GPCF` `TrendMicro-HouseCall: TrojanSpy.Win32.EMOTET.SMA` `Rising: Trojan.Generic@ML.100 (RDML:XoR+/aWVb291qM2XgzMCtQ)` `Yandex: Trojan.PWS.Emotet!` `GData: Trojan.GenericKD.31803877` `AVG: Win32:DangerousSig [Trj]` `Cybereason: malicious.74a6ee` `Panda: Trj/GdSda.A` `Qihoo-360: Win32/Trojan.c42`

Hashes

MD5	`611dc5874a6eed36c4ab8ee80042fcc3`
SHA1	`0557941afd9d6694392047454cf34dad48a93cf3`
SHA256	`fa4b5c0149d1adce3cafe63f780123f08ea8d5d4e0297075654e1a25b32aae57`
SHA3	`6e4f9a1f3e8d16ebe1695072e9d3292d229ceffbe495aff2a07ae3b303c6e8fc`
SSDeep	`3072:t0HStokYy7XCQW4rKMXxgT1urCdxW3aMp3cKAArDZz4N9GhbkUNEko7:KAKCxgAOuZpxyN90vER`
Imports Hash	`8767c8de1badc0243da4558cee64ed5e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2019-Mar-18 11:47:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0xb200`
SizeOfInitializedData	`0x45a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001D40 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x54000`
SizeOfHeaders	`0x400`
Checksum	`0x56140`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4a64e99bdb2a4ccc67d189fdaed62ef8`
SHA1	`02721a37ee48cb617fc897fe99bd1aa4798c82b6`
SHA256	`9e28aa0d14a7882dbab319386ae9acfdab2f4de5c9b3e34ef7e4e731932a91da`
SHA3	`a9471fea97046e567e9c40c9bb916b9166d0bccdb571809ff5e3fe134f048126`
VirtualSize	`0xb14b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.97287`

.rdata

MD5	`e842e1c5971434d863c30a9d838e1f25`
SHA1	`8fa48612c84bc50f8bfd73728f5526747fd2a506`
SHA256	`f7d330ca160ec31fc5a9a9f2775fe6c1e467aa6eebac8efbd163a75106d6898a`
SHA3	`2b936c9fb34e923f0d17d502d2c7e9ad33d3574ae6ad7ff388089399d766ef15`
VirtualSize	`0x1ee32`
VirtualAddress	`0xd000`
SizeOfRawData	`0x1f000`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96367`

.data

MD5	`e9acefd210550f92c36c2e1a2e509ad6`
SHA1	`1b1f032ebb9b78c3d95dad8ae454fc7e0c759355`
SHA256	`393bf53645fd0ef87c502418862fcd4d1f0ea9f510c8c34358916cf22c24b15e`
SHA3	`c0abf81398cce2d7ec06e507e469f5fa7a47858d7cd5d5966234b146ae0a6c29`
VirtualSize	`0x11294`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x2a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0208579`

.rsrc

MD5	`1a8a014f863f545656438a33be8cff5a`
SHA1	`ec53bd2f846a62c8f0000720d0d158d47193b696`
SHA256	`777afc0cbc4997aefd8c39ffc5e6c91b39ff2b2bd95d834cf1c4589e50fffb32`
SHA3	`53522eeba370ff1506d75810e0f513395b679238c81b6ea901501b62bd13745e`
VirtualSize	`0x15458`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x15600`
PointerToRawData	`0x3b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.35493`

Imports

KERNEL32.dll	`GetCommandLineW` `GetCPInfo` `GetACP` `FreeEnvironmentStringsW` `FormatMessageW` `FlushFileBuffers` `GetConsoleCP` `EnterCriticalSection` `EncodePointer` `DeleteCriticalSection` `DecodePointer` `CreateFileW` `VirtualAllocEx` `GetConsoleMode` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetFileType` `GetLastError` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `lstrcatW` `WriteFile` `WideCharToMultiByte` `UnhandledExceptionFilter` `TlsSetValue` `TlsGetValue` `TlsFree` `TlsAlloc` `Sleep` `SetUnhandledExceptionFilter` `SetLastError` `RtlUnwind` `QueryPerformanceCounter` `OutputDebugStringW` `MultiByteToWideChar` `LoadLibraryW` `LoadLibraryExW` `LeaveCriticalSection` `LCMapStringW` `IsValidCodePage` `IsProcessorFeaturePresent` `IsDebuggerPresent` `InterlockedIncrement` `InterlockedDecrement` `InitializeCriticalSectionAndSpinCount` `HeapSize` `HeapReAlloc` `HeapFree` `HeapAlloc` `ExitProcess` `GetSystemTimeAsFileTime` `GetModuleHandleA`
USER32.dll	`GetMenuState` `GetMessageA` `GetMessagePos` `GetMessageTime` `GetNextDlgGroupItem` `GetNextDlgTabItem` `GetParent` `GetPropA` `GetSubMenu` `GetSysColor` `GetSysColorBrush` `GetTopWindow` `GetWindow` `GetWindowDC` `GetWindowLongA` `GetWindowPlacement` `GetWindowRect` `GetWindowTextA` `GetWindowTextLengthA` `GetWindowTextLengthW` `GetWindowTextW` `GetWindowThreadProcessId` `GrayStringA` `GetMenuItemID` `InflateRect` `IntersectRect` `InvalidateRect` `IsChild` `IsClipboardFormatAvailable` `IsDialogMessageA` `IsIconic` `IsRectEmpty` `IsWindow` `IsWindowEnabled` `IsWindowUnicode` `IsWindowVisible` `KillTimer` `LoadBitmapA` `LoadCursorA` `LoadIconA` `LoadImageA` `LoadImageW` `LoadStringA` `LockWindowUpdate` `MapDialogRect` `MapWindowPoints` `MessageBeep` `MessageBoxA` `MessageBoxW` `ModifyMenuA` `ModifyMenuW` `MoveWindow` `MsgWaitForMultipleObjects` `OffsetRect` `PeekMessageA` `PostMessageA` `PostQuitMessage` `PostThreadMessageA` `PtInRect` `RegisterClassA` `RegisterClipboardFormatA` `RegisterWindowMessageA` `ReleaseCapture` `ReleaseDC` `RemoveMenu` `RemovePropA` `ScreenToClient` `SendDlgItemMessageA` `SendMessageA` `SendMessageW` `SetActiveWindow` `SetCapture` `SetClipboardViewer` `SetCursor` `SetCursorPos` `SetDlgItemTextA` `SetDlgItemTextW` `SetFocus` `SetForegroundWindow` `SetMenuItemBitmaps` `SetParent` `SetPropA` `SetRect` `SetRectEmpty` `SetTimer` `SetWindowContextHelpId` `SetWindowLongA` `SetWindowPos` `SetWindowTextA` `SetWindowTextW` `SetWindowsHookExA` `ShowCaret` `ShowWindow` `SystemParametersInfoA` `SystemParametersInfoW` `TabbedTextOutA` `TrackPopupMenu` `TranslateMessage` `UnhookWindowsHookEx` `UnionRect` `UnregisterClassA` `UpdateWindow` `ValidateRect` `WinHelpA` `WindowFromPoint` `wsprintfA` `wsprintfW` `GetMenuItemCount` `GetMenuCheckMarkDimensions` `GetLastActivePopup` `GetKeyState` `GetForegroundWindow` `GetFocus` `GetDlgItemTextA` `GetDlgItem` `GetDlgCtrlID` `GetDCEx` `GetDC` `GetCursorPos` `GetClientRect` `GetClassNameA` `GetClassLongA` `GetClassInfoA` `GetCapture` `GetAsyncKeyState` `GetActiveWindow` `FrameRect` `FindWindowA` `FillRect` `ExitWindowsEx` `ExcludeUpdateRgn` `EqualRect` `EnumWindows` `EndPaint` `EndDialog` `EndDeferWindowPos` `EnableWindow` `EnableMenuItem` `DrawTextW` `DrawTextA` `DrawStateA` `DrawIconEx` `DrawIcon` `DrawFrameControl` `DrawFocusRect` `DispatchMessageA` `DestroyMenu` `DestroyIcon` `DeleteMenu` `DeferWindowPos` `DefWindowProcW` `DefWindowProcA` `DefDlgProcA` `CreateWindowExW` `CreateWindowExA` `CreatePopupMenu` `CreateDialogParamW` `CreateDialogParamA` `CreateDialogIndirectParamA` `CopyRect` `CopyIcon` `CopyAcceleratorTableA` `ClientToScreen` `CheckMenuRadioItem` `CheckMenuItem` `CharUpperA` `CharNextA` `ChangeClipboardChain` `CallWindowProcA` `CallNextHookEx` `BeginPaint` `BeginDeferWindowPos` `AppendMenuW` `AppendMenuA` `AdjustWindowRectEx` `EndMenu` `GetClipboardViewer` `GetDesktopWindow` `PaintDesktop` `GetSystemMetrics` `GetThreadDesktop` `DestroyWindow` `GetMenu` `DrawMenuBar` `OpenIcon` `HideCaret`
GDI32.dll	`GetDCPenColor` `DeleteDC` `BeginPath` `CreateDCW` `CreateFontIndirectW` `CreatePen` `CreateSolidBrush` `DeleteObject` `EngDeletePalette` `EnumICMProfilesW` `EnumObjects` `GdiConvertBitmapV5` `GdiEntry4` `GdiEntry6` `GdiFixUpHandle` `GdiRealizationInfo` `GdiSetPixelFormat` `GdiStartDocEMF` `GdiSwapBuffers` `GetClipRgn` `GetDeviceCaps` `GetGlyphIndicesW` `GetRegionData` `GetStockObject` `GetTextAlign` `GetTextCharacterExtra` `GetTextFaceW` `LineTo` `MoveToEx` `PolyPolyline` `PolyTextOutA` `RectVisible` `Rectangle` `ResetDCA` `STROBJ_dwGetCodePage` `SelectObject` `SetAbortProc` `SetBitmapBits` `SetColorSpace` `SetGraphicsMode` `SetLayout` `SetPixel` `StretchDIBits` `UpdateICMRegKeyW` `XLATEOBJ_piVector` `bInitSystemAndFontsDirectoriesW` `CreatePatternBrush`
ADVAPI32.dll	`RegQueryValueExA` `RegOpenKeyA` `AllocateAndInitializeSid` `CheckTokenMembership` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `CryptAcquireContextW` `CryptCreateHash` `CryptDestroyHash` `CryptGetHashParam` `CryptHashData` `CryptReleaseContext` `DuplicateToken` `FreeSid` `LookupAccountNameW` `OpenThreadToken` `RegCloseKey` `RegCreateKeyExW` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyExW` `RegEnumValueW` `RegNotifyChangeKeyValue` `RegOpenKeyExW` `RegQueryValueExW` `RegSetValueExW` `RegisterServiceCtrlHandlerW` `SetFileSecurityW` `SetServiceStatus` `SetThreadToken` `StartServiceCtrlDispatcherW`

Delayed Imports

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8331`
MD5	`4a9c4456dc437191604bf3953ad7ab55`
SHA1	`3cc1b800a28a1699ebf619bf4ff47179d6ee294b`
SHA256	`15e4c217673f6e1807adcb5f784e60ae1425731c708df1db8122c78c6c35380b`
SHA3	`d32392b9e18ec36fe549e95d64727ffcff4e46dcef679e4d1eb0c641e285f5c6`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53777`
MD5	`f4bdb0f66915550364954d1b82bd2984`
SHA1	`5b103116befef0e11ac1844e533e0045352146ab`
SHA256	`1296057865454021fec85c4c99ae20ba2c8553cece1d947a20167312ad782c38`
SHA3	`c0e7af901f9ebcf0eb088bda1469a18584d0e577e2f22ef2636bc247a34d0b6a`

1 (#3)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0699`
MD5	`1119ea8ccf13471c5cb7981c00112bd1`
SHA1	`5311a1759e6269a3cb555795379241550dc70baf`
SHA256	`689e072bec88a4f92eeadc6ada816cbcbedc4de9e76b27c38183f820bcc11e04`
SHA3	`2829f8159ff036d9f6a40b9fad5416e1c3458ad61e83e0139a92c36620b75e99`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15864`
MD5	`46db957427f76e2faed509fa0f083815`
SHA1	`9f062ff76b99cdbbdbc040adca1ec94fd7e0ebf8`
SHA256	`3032bc8ec0d2b10c731ce65338958a69401a6ea5c13bf43236be1cadfaaa796f`
SHA3	`d64af304edb5ed919be1e617b3194ad9d40d97f07942bc10ffe3529713358797`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50949`
MD5	`77c3fdd8ab3a5023f948ef9dc0a75588`
SHA1	`3c10786225e3af4724ad179081ab67b7bdddb002`
SHA256	`472af970994f80d1368af62de093894cdef4e2ea76f661eabc49e4f7e41a5860`
SHA3	`c7ef5cf31e71ee1211fe1b9ec1aab03e0cc3d9c88d358837f2bf4982d8e83469`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.56662`
MD5	`9291ba83d585b4e27b489e5e6c0b9e6d`
SHA1	`6a1823c83ba0ee8a9088c2d96c951ff7b0aad0ed`
SHA256	`828bf50bd62a7fca6f0ee8d03970215d1550d31a4f9382b1608b76742ef8aa95`
SHA3	`2201c2224048249b39ff38a95ea21061ad85214a9912fb00474b96082ce81112`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94251`
MD5	`dd6416457884b08fb3b97e48cd8b296d`
SHA1	`460407ba589b388b7095dac3cba861d07d0bc32d`
SHA256	`5a2bcb6347493ac6873330f55603ae586a8b21ab1a7137f7b326b6e682827892`
SHA3	`ff855ab2a14ba17cb2d90b6bdaee4e2257ee959788fa22e7a62a25a86fe401ec`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37828`
MD5	`ff4b77125d8d6dd0bb13557a6e043d70`
SHA1	`4f401d2b2fdd25337757c115b0c3d16850ee90df`
SHA256	`4429f0eabd35418cb2022378e73ee2e766841d35aca4a8b7369359d1341304fe`
SHA3	`915504672b75c8aa786fa9065ade3aaccb2a03a46fe59b92c0f65e502ae43196`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd9d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98515`
Detected Filetype	PNG graphic file
MD5	`d58effc60f9809303be37c9da12ec938`
SHA1	`5f5d1459f715b6d7ac0c9f5e6c86112d02c611a8`
SHA256	`f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71`
SHA3	`927f706c7c34a5b18477f72fb37fca3487c206f65f015b40463be7083a461c7b`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33023`
MD5	`6f18b3932aca200c19eda2c0a8389fe2`
SHA1	`454e38e44e9570502d4134818f983e6b3514c595`
SHA256	`ebfd8bce706bc334ada961a2489fb266101c8960e05bd20fbf2e8ee66af64060`
SHA3	`2f401e2395d28434ceed9c91f17de1595dcfd794e537304dd0c8867ea9c4be60`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.61313`
MD5	`56e519ddae3afada70d9d5afc3e20414`
SHA1	`584a6b17a1a2174921a185cc123bb8e609f0f0ba`
SHA256	`fa6b2f5422746f7377a3ed24f2b108f04f963caa0cc096c51cb49ac74266b107`
SHA3	`1896fe210c328289e0e771e497715e6c92d6e2545625858358002ceb5d1c7ee9`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85349`
MD5	`6948b3a73688c3ea8fbd7f533a579e25`
SHA1	`931d017e52aa63fec9f1401436e07e3df2573e1b`
SHA256	`8561da4d70ae051d1f146859ba0b50467258730daae8af73726e0700c034b737`
SHA3	`2e6fc86970dfb7e8d036900a05d4c89591b3ab0a597a5074ea56489aa68d3414`

1 (#4)

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x58d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70759`
MD5	`24c9127d4f33eb1aa6fbfeb77983c967`
SHA1	`f88ea29f09374a83d41a68d183ba7076bc1d2180`
SHA256	`aed29bf2d25c97e6b5459f1a75f070f8867f851b9cafb77599d04134ae62485b`
SHA3	`e291e48f774e3f8d2f5036fdc0d3e93e5d931c4b4a811d93c409a8181db8df06`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92982`
Detected Filetype	Icon file
MD5	`25bc0cdcb0545c3e16a71ece5b3b2fa9`
SHA1	`86a8c777e6da5933710ede5d9529e2bf6abd7186`
SHA256	`66e323bae1b94a5dd27f9133ada7de40cb5780c7e46728a402cda862ae803c64`
SHA3	`f99962e81e19bcd2260902f6458aa4b108f93b65b73e441cf0a3d10fea5ce8de`

1 (#5)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52985`
MD5	`dc6fbb8c37675a2b4cc369f3316989df`
SHA1	`d94e6d13c6cd52f9a709763c3485c4fce3bc0bc3`
SHA256	`6128740ae470f4b9b0ab62d5bf26fc3f2c309963c27e6d44143c966481c18d72`
SHA3	`175b19598be2de0e4476ccc91d5192cc9dc8facca980e9e4d6a3dc3611e9a7d3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.1.7601.17514
ProductVersion	6.1.7601.17514
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows ipdate Standalone ikstaller
FileVersion (#2)	6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName	wusa.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	wusa.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.1.7601.17514

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x84681311`
Unmarked objects	`0`
ASM objects (VS2008 build 21022)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`9`
Total imports	`324`
C objects (VS2008 build 21022)	`1`
Unmarked objects (#2)	`2`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

611dc5874a6eed36c4ab8ee80042fcc3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

1 (#2)

1 (#3)

2

3

4

5

6

7

8

9

10

1 (#4)

101

1 (#5)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors