Windows Analysis Report
Updater.exe

Overview

General Information

Sample name:	Updater.exe
Analysis ID:	1591997
MD5:	8f3972f98564fc9d1e3e5a3840a0da85
SHA1:	90e87af2bdfdf33e49eea353480cb8da362c450e
SHA256:	cbdfe04b8f754e5e6150936ee604f0a478b79c6d0466ee155775ead575adea90
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Updater.exe

Virustotal: Detection: 15%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.9% probability

Source: Updater.exe

Static PE information: certificate valid

Source: unknown

HTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: Updater.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Configuration.pdb source: Updater.exe, 00000000.00000002.2155680672.000002A8C5419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: b.pdb source: Updater.exe, 00000000.00000002.2155680672.000002A8C5419000.00000004.00000020.00020000.00000000.sdmp

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 1520Expect: 100-continueConnection: Keep-Alive

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: can.thisilient.com

Source: unknown

HTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 1520Expect: 100-continueConnection: Keep-Alive

Source: Updater.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Updater.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Updater.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Updater.exe, 00000000.00000002.2156338821.000002A8C7003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://can.thisilient.com
Source: Updater.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Updater.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
Source: Updater.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Updater.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Updater.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Updater.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Updater.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: Updater.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Updater.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Updater.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Updater.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Updater.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: Updater.exe, 00000000.00000002.2156338821.000002A8C6F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Updater.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Updater.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: Updater.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: Updater.exe, 00000000.00000002.2156338821.000002A8C6FDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://can.thisilient.com
Source: Updater.exe	String found in binary or memory: https://can.thisilient.com/r
Source: Updater.exe	String found in binary or memory: https://www.globalsign.com/repository/0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443

Source: unknown

HTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.6:49711 version: TLS 1.2

Detected potential crypto function

Source: C:\Users\user\Desktop\Updater.exe

Code function: 0_2_00007FFD348C3D5E

0_2_00007FFD348C3D5E

PE file does not import any functions

Source: Updater.exe

Static PE information: No import functions for PE file found

Source: classification engine

Classification label: mal52.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\Updater.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Updater.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Updater.exe

Mutant created: NULL

Source: Updater.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Updater.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\Updater.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Updater.exe

Virustotal: Detection: 15%

Source: C:\Users\user\Desktop\Updater.exe

File read: C:\Users\user\Desktop\Updater.exe

Jump to behavior

Source: C:\Users\user\Desktop\Updater.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\Updater.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: Updater.exe

Static PE information: certificate valid

Source: Updater.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Updater.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Updater.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Updater.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: System.Configuration.pdb source: Updater.exe, 00000000.00000002.2155680672.000002A8C5419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: b.pdb source: Updater.exe, 00000000.00000002.2155680672.000002A8C5419000.00000004.00000020.00020000.00000000.sdmp

Binary contains a suspicious time stamp

Source: Updater.exe

Static PE information: 0x886E3A6B [Mon Jul 14 04:34:51 2042 UTC]

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Updater.exe	Code function: 0_2_00007FFD348C785E push eax; iretd	0_2_00007FFD348C786D
Source: C:\Users\user\Desktop\Updater.exe	Code function: 0_2_00007FFD348C7C5E push eax; retf	0_2_00007FFD348C7C6D
Source: C:\Users\user\Desktop\Updater.exe	Code function: 0_2_00007FFD348C021D push E95D5C98h; ret	0_2_00007FFD348C0259
Source: C:\Users\user\Desktop\Updater.exe	Code function: 0_2_00007FFD348C782E pushad ; iretd	0_2_00007FFD348C785D
Source: C:\Users\user\Desktop\Updater.exe	Code function: 0_2_00007FFD348C7C2E pushad ; retf	0_2_00007FFD348C7C5D

Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Updater.exe	Memory allocated: 2A8C5640000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Memory allocated: 2A8DEF30000 memory reserve \| memory write watch			Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Updater.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Updater.exe	Window / User API: threadDelayed 672			Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Window / User API: threadDelayed 2377			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Updater.exe TID: 1936	Thread sleep time: -8301034833169293s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe TID: 2752	Thread sleep count: 672 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe TID: 2752	Thread sleep count: 2377 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe TID: 2536	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe TID: 4148	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Updater.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: Updater.exe, 00000000.00000002.2157611329.000002A8DF766000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Enables debug privileges

Source: C:\Users\user\Desktop\Updater.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Updater.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Updater.exe	Queries volume information: C:\Users\user\Desktop\Updater.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Updater.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Updater.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.33.84.9	can.thisilient.com	United States		63949	LINODE-APLinodeLLCUS	false

Contacted Domains

Name	IP	Active
can.thisilient.com	45.33.84.9	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://can.thisilient.com/r	false		high

ID:	1591997
Product:	CloudBasic
Start time:	16:25:52
Start date:	15.01.2025
Sample:	Updater.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	8f3972f98564fc9d1e3e5a3840a0da85
SHA1:	90e87af2bdfdf33e49eea353480cb8da362c450e
SHA256:	cbdfe04b8f754e5e6150936ee604f0a478b79c6d0466ee155775ead575adea90
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Windows Analysis Report
Updater.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report Updater.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Updater.exe