updater.exe

First submission 2024-02-07 20:41:08

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type: application/x-dosexec
File size: 61101.96 KB (62568403 bytes)
Compile time: 2018-12-15 23:26:14
MD5: 3a3cf3f58f318a144fdf76f8348cbcbd
SHA1: 59047cf1089fbe705cde5f1b74b46c5b0d2c92f0
SHA256: 21ef3448523ef72e2d429bf3fc95e623f732bd58c7207de06ad4f346663c4617
Import Hash : b34f154ec913d2d2c435cbd644e91687
Sections 5 .text .rdata .data .ndata .rsrc
Directories 3 import resource security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1203688630384590870/1204489406241702010/updater.exe VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-02-07 20:41:08

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6627 26624 0e5e99bb884a9fe9f4dee59b6bf9acf9746f3115 7618d4c0cd8bb67ea9595b4266b3a91f
.rdata 0x8000 0x14a2 5632 0a0c2be86d54840b2eaa4abf2412bb3588e032c4 eecac1fed9cc6b447d50940d178404d8
.data 0xa000 0x70ff8 1536 bdd9e7400edf5b4fddcffb66fcb1d3d83c8901da db8f31a08a2242d80c29e1f9500c6527
.ndata 0x7b000 0x90000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x10b000 0x4eb8 20480 d074809f94b840e4d639f2f820bc07cf4cdf6b5b 2da50f9ad2c4d956633925b87eaec7f1

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x10b1d8 17622
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x10f8a8 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x10f908 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x10f920 600
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x10fb78 830

Meta infos 7

LegalCopyright: Copyright \xa9 2024 HEosnziOZnnae
ProductVersion: 1.0.0
CompanyName: HEosnziOZnnae
FileVersion: 1.0.0
FileDescription: HEosnziOZnnae
Translation: 0x0409 0x04e4
ProductName: HEosnziOZnnae

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
4eecd47e895527433debaceb4ecf39ea fdfd331ba207ebf45eac7cd4118c31c132d614d6 10176 62558227

Strings analysis - File found

Executable
oQ{.sO
%y.SO
Autocad
y/.DwG
Database
OKa'.db
Library
%s%s.dll
ADVAPI32.dll
GDI32.dll
SHELL32.dll
USER32.dll
ole32.dll
KERNEL32.dll
COMCTL32.dll

Strings analysis - Possible URLs found 12

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
https://www.microsoft.com
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://www.microsoft.com/pkiops/Docs/Repository.htm0
http://nsis.sf.net/NSIS_Error
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a

Import functions

Name Latest seen MD5
HBZ.exe 2023-06-15 06:59:01 cc0a1c96c14263e48f82965ff47e0521
LUK.exe 2023-06-15 07:41:02 8f488bf3643183b3e0eddfb0ee888083
EYG.exe 2023-06-19 15:43:02 3d4b36f562038a18fc835188470973c7
DamnedInstaller.exe 2023-07-07 09:06:15 c4dd1dbdaf1a8f596f94670846511d31
cosmicdirftsbeta.exe 2023-07-31 13:35:14 296552ede6571789ff56aad76634598f
Nudes-Package.exe 2023-09-15 08:36:31 005b1f4d6729d95ddf2dba7a5e3784f9
wininit.exe 2023-09-22 21:07:02 008dac3978cdbc52876ac57ff9f1011f
GameSetup.exe 2023-09-25 07:42:13 e0eda8313b2bfb7aa886b4170ce2982f
synthgliders_beta_v2.1.7.exe 2023-10-02 17:38:12 2d439f18b7447ed0c8abecb538eb31c2
NudesPackage.exe 2023-10-04 23:14:15 e209681cc7e0767bda3dd77617409667
Legacysurvival.exe 2023-10-23 09:29:10 ad1a360bd80604fb0bde1c21df7e25a3
LewdInstaller64x.exe 2023-11-13 08:25:10 ec18af44a7b1b68e4797e24423af5db1
LustfulSins_Installer.exe 2023-11-14 08:37:10 5f411a87c53e1791a8f2ea9cb26fd3c8
updater4.exe 2023-11-17 08:36:09 130212583151f568e78324bfec90c7b1
bettershit.exe?ex=65522947&is=653fb447&hm=06099ba77446f127ba4ccbc69df64fe0c5659e458e8faedd51dd515910c0f272& 2023-11-17 08:37:11 43327119366e52928b9aed0c1e734389
updater2.exe 2023-11-17 21:41:09 d6ff816b284b38382bcb2ce3fa41d914
UnityGameHandler.exe 2023-11-19 08:36:11 2547fc421a8ce77e333e88f4f87be833
updater3.exe 2023-11-19 08:37:09 47437b8a25c634828593283d0679063a
PythonLIB_1.exe 2023-11-20 08:36:11 7fe07f42471a5e038ec74fb3119ffcc3
UnityGameHandler.exe 2023-11-21 08:19:09 5efff9251a058c2ac38d69fce105fe7f
Tankies_Setup.exe 2023-11-21 08:20:11 8c1516b082b9feb9d98f1e0f4727d942
UnityGameHandler.exe 2023-11-22 10:39:09 258ed5bf7cd9a5236e54f77d719f176c
UnityGameHandler.exe 2023-11-22 20:32:14 5da603c33cd73db990fa27fda3b740ba
RuntimeBroker.exe 2023-11-24 08:39:10 e75e7f84999b17a9ed7f7db200b05752
UnityLibManager.exe 2023-11-26 09:54:08 1cf04f58323fc1139560daee9b3d1831
updater_2.exe 2023-12-01 07:29:10 2ef140966b38a9c3025a123423e36667
UnityLibManager.exe 2023-12-02 17:51:09 b016fd9060a406e4da0dbe1f3732eabf
updater_2.exe 2023-12-04 09:12:09 ed1f1e46c582ebc7a2c8b7a31473b284
updater.exe 2023-12-17 09:14:07 eba1a3fb09c1fc6b8d987d176ab9575e
updater.exe 2024-01-09 14:12:07 e8c8434a3cd4cf970f864c7273810642
updater_4.exe 2024-01-18 07:33:07 5aa243d2b142cf041781f519862d23f6
download.php 2024-01-20 14:05:12 fec246f765aa526990c3645e597fc011
AquaPhobia.exe 2024-01-21 15:23:07 0662fbb81cfbbb132abf4a5976e4ec2c
TankuumSetup.exe 2024-01-24 08:24:08 ef919aec43bb353b706aeb699b7245dd
artProject.exe 2024-01-24 18:41:05 ec0032abc5847a66a66dbdebcb23eaa9
artProject.exe 2024-01-25 08:02:07 3982c7c27ee7fc067e3d2e535f948824
updater.exe 2024-01-28 07:23:08 443cbfda3ae06a42d3d0aaf221321db1
UnityLibraryManager.exe 2024-01-30 17:01:56 bed91de0665582bde78327dae442af84
WindowsBootManager.exe?ex=65c8f005&is=65b67b05&hm=63a1a96e57a9304b5cf69cc7c8deb385bbf0c97d06bf6fb56bd6938e361c12bd& 2024-01-31 18:04:07 a5ab3cb77b199c4fd843cfbf0376e526
Node.js.exe 2024-02-02 08:12:09 9a24522fe0ccf896dc667482a72ad286
VoidOfSpace.exe 2024-02-02 15:42:06 bbf38187c075170e25484426b46e4a6f
Node.js.exe 2024-02-03 13:06:07 f3f11d814102a827d454bc2502a856f0
updater_2.exe 2024-02-04 17:38:07 d2ac685eeda58af6736009306740f2d3
Node.js.exe?ex=65d270f6&is=65bffbf6&hm=6691a2bd38de6eabcaa93be8fa2656a3efd674d6aa9f935b906b7683bdefcda2& 2024-02-05 07:31:10 d8819cc4aaf60d681c0970eadd768721