Windows.Defender.Update.exe

First submission 2024-10-17 17:40:02

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	955.38 KB (978308 bytes)
Compile time:	2024-05-12 12:17:07
MD5:	bde1d37ad1cf05320955681bf6455efa
SHA1:	52feb8bc6c21770eea00d19b1c228ee707228da7
SHA256:	b4596116d3cb69f0dc38413f8469e1f81a99d89ded606bd8da3320c55c9ba12f
Import Hash :	b1c5b1beabd90d9fdabd1df0779ea832
Sections 8	.text .rdata .data .pdata .didat _RDATA .rsrc .reloc
Directories 6	import export resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	32/77 VT report date: 2024-10-16 16:05:41
Malware Type 2	trojan worm
Threat Type 2	nekark gcosm

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://microsoftcomdefenderupdate.vercel.app/Windows.Defender.Update.exe	microsoftcomdefenderupdate.vercel.app	2024-10-17 17:40:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x4676e	288768	278d421b8fcce5071cdb55190b5a29b42bdf8201	f06bb06e02377ae8b223122e53be35c2
.rdata	0x48000	0x128c4	76288	3114d29305d4b88fffea6ad50b3704072be27858	2de06d4a6920a6911e64ff20000ea72f
.data	0x5b000	0xe75c	6656	a1ae38ef93496365ab03cd8e1b3098ca6ac430e0	0dbdb901a7d477980097e42e511a94fb
.pdata	0x6a000	0x306c	12800	e0cde833721b87c288e4dbf07c14d46d8670d708	b0ce0f057741ad2a4ef4717079fa34e9
.didat	0x6e000	0x360	1024	190f8d2fea268d844623189351a02d25e6bedfff	1fcc7b1d7a02443319f8fcc2be4ca936
_RDATA	0x6f000	0x15c	512	8d13993151b09d8343303215408e337388130e61	3f331ec50f09ba861beaf955b33712d5
.rsrc	0x70000	0x1e598	124416	f1e7837596ce2db2f1088ee0a6375c0bf9d18d89	e07587b0f249be0fe027a0deedb0c8f9
.reloc	0x8f000	0x970	2560	b8c49df878d332ebd45f8be315a23f5d1c7402bf	77a9ddfc47a5650d6eebbcc823e39532

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
PNG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x7118c	5545	PE Resource: PNG - Data PNG IHDR\)gAMAa cHRMz&u0`:pQ< pHYs~bKGDC IDATxs}]K (oRNP_IUqRQl,(o,%)b8.%7.@bg{[}eX$R! \.C@p!\."Bp!\.DBp)\.! PH\ D1Bp!b.Ye@C@p!\."Bp!U\ D1Bp!b.e``u#6;_~ov`Td?1s^RBm@]jAV5;,P4^ \6HYM?\^ Q+A[_L!:_Z?ardO/\f zSPPIJd"m\ y_^K.p\p<YpK .y e7g6[? O+. .[+h5?:+%j.\UDR+;.pK5[\tj.p\.p\2[\tj.p\.p\2[\tj.p\.p\2[\tj.p\.p\[\tj.p\B"p"$s2\\enz.>Z'\|.j\d"U.EE=.pQNe.3EE'5}si?\>.{\|%.T.pQP\qqI-[jE>y,H%\/K'y[.-M..'{-\<1SmO+\|?pIZQmE.\.\w\\|?\6QyE>Aw:qkr&F=($l#qc$AA%(qc$GJ2Psuv t]l.s]=@l~+pG%#Cd[G9xT28FXKT#~&f?+sF#~7o6\?P]oK22fYQ2[cH59k y/orzDF=)gHL"e.wQRc:%=U.Ev,RrzGG}\$te$1jpQ\Q8\G\Q\AJ^p\$r[&1vpQMG\(\)1\|pQ#JGvEG \]D+0IrQs\!.s=zNj`Q H52Qd(P%H#\E\I\h%Hy.MR}kjEG1j)\Tz@ r=1E5 aKwbX(\@jp1pQM\&.\\qYp[`\|YX"ih!rE.@/2yF.MeI0p {Pj ..O40p <^%<ap%@k,.R.]Fv:\T3pQn%H}lx^7E=9q\%eEhwrF.y^&. zG&.W;V4s(7xK^.3d4%@lxQ6pQm'3e2d%@J^t.AKL \lxoe2+pQm%H5&.401pQm /\e1^J~ \KL\$o1CpQm0E99Bb 9Bb!1Ip P'wptLoBFdI6TEqjrGlE5f fM\&UL+ \;L\;j .595\TPyCoceIJ.3j/N/\|?J+[6_La\N/X3Qsh)tF^a#"L<{"F1sr<c"RSv.09+7+WsEr r3#,0sX#;3z.g-]`=ie2\/Q \,]`Y`tpXPI 1yZ\`n2XY`%_e^"&k9`jrFP-oL]uryNFHf]\|nJ',\`2E&Xi{5Xs.0XqK%`pXN[E-Sm EzzF-Q m\ ;q[`yS7sqcE:3g3,0H-y{7om\^\p-0rk"y7%aEnwgR9tDU.qk^gq}9(mL'L}_!vIUk,0q]y/-Z`)^UpvT"j+MTC.A9Htr.,0zHs^y/@.Uk<MgV<v.//Y`nh"p`QXq{VShBrqeW\$fX_11~\$1L1Y`.c\T;+j6/2. Pn-YCT\358swX` r}cmpI\rIo!\'r%\|^^(k;cS\rX$wNN4/0?'HOI+pw;&tw7X`"/e5$$5eX`yi!Sc10d/0qK^X`Yn @.s\eK59w0\;1e%\$E;(\4b\|2fxuQb$i}\_vd6s;5=#F.0OAtn2K\wWbhmcmbz.d}+p13ni\,1r;V9(G\lbsc-xf;4lXM?kNb\u1I;Kp1Ev'1;j&F^l=a&2\NN#\ c61SYc61rqEbMHbxgA3ONM:uf,0r,;s"p6yvg9.scXi~1u$XI'KX.Vt8g&UXS[FX.l{\|z}%tv],kbSu_Agr,z"ULe\.[$Oj#/58OLwAEK-0.vuLKe^ScpieD&K6pvO{4}hse.ujBRW{gM;sZVbehQkkr$^vG KoHr.vf/D-2\lS-.i\^mGwWbqF {kv{}.w~3nNc7J\|fJLd}_7pqGyk-7oe:TrS kFI^p=93 y.1HNpCx6noA\\)jg+a/00: _e6y3&T.G9Hq4Q,F~G.i/R4+pM&qX%o5)\b /41S?4h:5&UA\+{L:YtO!=/\bsc"&=2\b3{^&OK \|{p.ZK<#Cse.Pc. icLbZyL8M}ybd' siwvPU]L)enxF\7jeblVb%+K9sSE262$j%spBL[epIBVt=2 C$g2;#G2W`NL &@.QMqs$Gv&F~2.QM~2^~.QMy.V-&c:NJ1u?aca9%Bu$$:1K6\5$0$FKuO><F3 yW &\o2T9O+net<D%vq%NJbxrNJMfrKp1{T\^ywm'Bq@vbklpl'F~MIml}IbRD_"\(@GizG2+2p!vu^)'/<4t;-5r@bgr\(@p!\.\.C\(bp!\.\.BBp!Bp!\.Dp!\.\.b%["R.Bp!Bp!\Bp!\."\..flIENDB`
RT_ICON	LANG_NEUTRAL	SUBLANG_DEFAULT	0x8ac40	4745	PE Resource: RT_ICON - Data PNG IHDR\rfPIDATx}\W}7VdbT!(B3 &$A""(kEivtm9- @ 4 ,IqM#r]g&{cb/3#_<w=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD+:0M`{0f_a~epWp3f8{PdHlostNg l5w~+nSzw'(< 6BH)@ uO&Yc7Q_#F&F"];5@3;@" @ t,pI_06sL .s%mM0j99L .p\|-O#,vVdbT Rpl59>P6j5H~u9?&g31}Ywb~02B+rJ{Wc5/Ba` #k}s4&@ wli?\|szgt;\|Z.j3<84ozg\|}J)(<?C I`gA>;}ZW?f0y733$h'P'X4w8t< .i}V3B9>Qp_8\|lD+6^&?HO;w\:LVib?436Rp/+bA?i%9^:xF1cP4{ -@<gq]:DF=:Hk}gJ[R?@l3\1wO0iFa9g3).QG` `.l 2veF"'8t 9Xd+a`aw }9tSw\|/5,6N q:OeF0l-3Bn?w~pCg)'0N1'}{\@@ tPrXc)s}0t rQo9OF'0Vl0xsV:Te.o;0<tO3Q>FJ%3K.r;)<pos?o WRwa~wC+:A {F=rFc?mf2E9h#P08s PnfwH5Ps\|l}:4;1z=5P9&^gz+:F9}3oz+].&gL;v5CI/ox+"s\2Kiow0sE @$T"91HDrL cS @$T"91HDrL cS @$T"91HDrL cS @$T"91HDrL cS @$T"91HDrL cS @$T"91Hy+oV$5} I3gC7Hy+ qX"i< @dbkK$[o\|%fY <Ic+f}Isw<Hx#`D&x"i\|zO$UZf9Hy#^^tW}zV9^2bC)/{sc!3"i`!-DE/9{\~tze#;}c[Gd`l0lm qqE(A `,]EF4cgC}'<Dj [{2I7jl$1GJi;}IW`_~8 .nE2v-hVqh>Q~!d+U A$<nH w!@C/ D@8J^[5tHHp_qkcxa<d`f_EwJ5@S@j<%;1p=YUQ CMD A=(qWJO[BiMj9q A3tId}BijCL"BgiCg8@W<:Q:$[njnY`kB5D?3`z M:$>^:$).f!#-Cd\hnmOGQ_i~E3x1tJMX9DN9RU~n Cdnm<s tHUk TENjsLT U3nF5BCI[7,C FgM9E@NH(tHoq_i?;i;T@W\|9$w$rH}.^%^-;VeX}0pp8tFlgMU6 7!g,zgg\|1t(=Jxzs9I;Y+y[l:dsp7^3"7huj?L@W v#HH`QZ:GdJi9$V6=N.hkCY[?;Bh"n=r\jIw~_4g :$+1e\@G0n k``WydrSQ0B)W^0CZbkT?-trWq_kbnl$\@Wz@s5qn sH(FkSJRwiz!B}Dg/!]qT'oCzgyI#}.ti/h. Jvta\|QN8R2'Xdn;VPBT)r1ly2tRFT)qX(bnW:{3};&M3_~0tSCT)&1GBI8}8:R kBI}`WCg]Q/o$MTUJ/CgQfC'I$}xfBg+e= jT."7Z`M,eiF?UBGI+TT.`k\|^?O.SBiK6e"fN6x-jT~b/ZHWZkUhv:UhRb c5m]Z~LOxj!@WSuFw{B@;\|0S[^o8E: f[7_}87tII`\|} 3x!tyMSxDq7CgIoR(\Q'WEn}8;tH!J#<+q4&J Q#_ q=1~C#- @.+=x1t;RMT .E% p(/4jUm:H-W;y<NPL++d^[i'V 6mq\|vA3+7unRi`Q_qE@>9l+}k2p8tq8\|gwN)RX o5[{`_ Ehk3F_w&hR[.p8; kNt}yS(6=:b:HR\+025O+),\|=\234=BWi 2$FvV OZ-ZdTas;gw4E@sZU"@l9NyXpxlqZ'~ 0oL>?;MuO;+p K;aa>R}PIENDB`
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x8c7e4	594
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x8db98	592	PE Resource: RT_STRING - Data WarningThis archive requires more than %u GB memory to unpack, which exceeds the amount of installed memory and can result in extremely slow extraction or even unresponsive system.PIt is recommended to cancel extraction. Do you wish to try extracting it anyway?Extraction cancelled
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_DEFAULT	0x8dde8	90
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x8de44	1875	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="" name="WinRAR SFX" type="win32"/> <description>WinRAR SFX module</description> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="" publicKeyToken="6595b64144ccf1df" language="*"/> </dependentAssembly> </dependency> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!--The ID below indicates application support for Windows Vista --> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <!--The ID below indicates application support for Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <!--The ID below indicates application support for Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <!--The ID below indicates application support for Windows 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> <!--The ID below indicates application support for Windows 10 --> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> </application> </compatibility> <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> <dpiAware>true</dpiAware> </asmv3:windowsSettings> </asmv3:application> </assembly>

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
winrarsfxmappingfile.tmp
Text
YA.NO.LO.PUEDES.RECUPERAR.txt
Library
Crypt32.dll
peerdist.dll
msasn1.dll
profapi.dll
api-ms-win-core-synch-l1-2-0.dll
RpcRtRemote.dll
sfc_os.dll
XmlLite.dll
USERENV.dll
ntmarta.dll
rasadhlp.dll
mscoree.dll
mlang.dll
cryptsp.dll
linkinfo.dll
UxTheme.dll
imageres.dll
VERSION.dll
cscapi.dll
usp10.dll
wkscli.dll
devrtl.dll
secur32.dll
wintrust.dll
atl.dll
WINNSI.DLL
rsaenh.dll
riched20.dll
cryptui.dll
ntshrui.dll
slc.dll
oleaccrc.dll
PSAPI.DLL
propsys.dll
KERNEL32.dll
NETAPI32.dll
aclui.dll
dhcpcsvc6.dll
cryptbase.dll
ws2help.dll
SHELL32.dll
samlib.dll
shdocvw.dll
dwmapi.dll
cabinet.dll
MPR.dll
WS2_32.dll
WindowsCodecs.dll
dnsapi.dll
SSPICLI.DLL
samcli.dll
apphelp.dll
dfscli.dll
dsrole.dll
ieframe.dll
lpk.dll
comres.dll
netutils.dll
clbcatq.dll
dhcpcsvc.dll
IPHLPAPI.DLL
srvcli.dll
DXGIDebug.dll
browcli.dll
SETUPAPI.dll
ADVAPI32.dll
SHLWAPI.dll
OLEAUT32.dll
COMCTL32.dll
Fole32.dll
USER32.dll
gdiplus.dll
GDI32.dll
COMDLG32.dll

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions

KERNEL32.dll 147 gdiplus.dll 8 OLEAUT32.dll 3

Function	Address	Souspicious	Anti Debug
LocalFree	0x140048000
GetLastError	0x140048008
SetLastError	0x140048010
FormatMessageW	0x140048018
GetCurrentProcess	0x140048020
DeviceIoControl	0x140048028
SetFileTime	0x140048030
CloseHandle	0x140048038
RemoveDirectoryW	0x140048040
CreateFileW	0x140048048
DeleteFileW	0x140048050
CreateHardLinkW	0x140048058
GetShortPathNameW	0x140048060
GetLongPathNameW	0x140048068
MoveFileW	0x140048070
GetFileType	0x140048078
GetStdHandle	0x140048080
WriteFile	0x140048088
ReadFile	0x140048090
FlushFileBuffers	0x140048098
SetEndOfFile	0x1400480a0
SetFilePointer	0x1400480a8
GetCurrentProcessId	0x1400480b0
CreateDirectoryW	0x1400480b8
SetFileAttributesW	0x1400480c0
GetFileAttributesW	0x1400480c8
FindClose	0x1400480d0
FindFirstFileW	0x1400480d8
FindNextFileW	0x1400480e0
GetVersionExW	0x1400480e8
GetModuleFileNameW	0x1400480f0
SetCurrentDirectoryW	0x1400480f8
GetCurrentDirectoryW	0x140048100
GetFullPathNameW	0x140048108
FoldStringW	0x140048110
GetModuleHandleW	0x140048118
FindResourceW	0x140048120
FreeLibrary	0x140048128
GetProcAddress	0x140048130
ExpandEnvironmentStringsW	0x140048138
ExitProcess	0x140048140
SetThreadExecutionState	0x140048148
Sleep	0x140048150
LoadLibraryW	0x140048158
GetSystemDirectoryW	0x140048160
CompareStringW	0x140048168
AllocConsole	0x140048170
FreeConsole	0x140048178
AttachConsole	0x140048180
WriteConsoleW	0x140048188
GetProcessAffinityMask	0x140048190
CreateThread	0x140048198
SetThreadPriority	0x1400481a0
InitializeCriticalSection	0x1400481a8
EnterCriticalSection	0x1400481b0
LeaveCriticalSection	0x1400481b8
DeleteCriticalSection	0x1400481c0
SetEvent	0x1400481c8
ResetEvent	0x1400481d0
ReleaseSemaphore	0x1400481d8
WaitForSingleObject	0x1400481e0
CreateEventW	0x1400481e8
CreateSemaphoreW	0x1400481f0
GetSystemTime	0x1400481f8
SystemTimeToTzSpecificLocalTime	0x140048200
TzSpecificLocalTimeToSystemTime	0x140048208
SystemTimeToFileTime	0x140048210
FileTimeToLocalFileTime	0x140048218
LocalFileTimeToFileTime	0x140048220
FileTimeToSystemTime	0x140048228
GetCPInfo	0x140048230
IsDBCSLeadByte	0x140048238
MultiByteToWideChar	0x140048240
WideCharToMultiByte	0x140048248
GlobalAlloc	0x140048250
LockResource	0x140048258
GlobalLock	0x140048260
GlobalUnlock	0x140048268
GlobalFree	0x140048270
GlobalMemoryStatusEx	0x140048278
LoadResource	0x140048280
SizeofResource	0x140048288
GetTimeFormatW	0x140048290
GetDateFormatW	0x140048298
GetExitCodeProcess	0x1400482a0
GetLocalTime	0x1400482a8
GetTickCount	0x1400482b0
MapViewOfFile	0x1400482b8
UnmapViewOfFile	0x1400482c0
CreateFileMappingW	0x1400482c8
OpenFileMappingW	0x1400482d0
GetCommandLineW	0x1400482d8
SetEnvironmentVariableW	0x1400482e0
GetTempPathW	0x1400482e8
MoveFileExW	0x1400482f0
GetLocaleInfoW	0x1400482f8
GetNumberFormatW	0x140048300
SetFilePointerEx	0x140048308
GetConsoleMode	0x140048310
GetConsoleCP	0x140048318
HeapSize	0x140048320
SetStdHandle	0x140048328
GetProcessHeap	0x140048330
FreeEnvironmentStringsW	0x140048338
GetEnvironmentStringsW	0x140048340
GetCommandLineA	0x140048348
GetOEMCP	0x140048350
IsValidCodePage	0x140048358
FindNextFileA	0x140048360
RaiseException	0x140048368
GetSystemInfo	0x140048370
VirtualProtect	0x140048378
VirtualQuery	0x140048380
LoadLibraryExA	0x140048388
RtlCaptureContext	0x140048390
RtlLookupFunctionEntry	0x140048398
RtlVirtualUnwind	0x1400483a0
UnhandledExceptionFilter	0x1400483a8
SetUnhandledExceptionFilter	0x1400483b0
TerminateProcess	0x1400483b8
IsProcessorFeaturePresent	0x1400483c0
InitializeCriticalSectionAndSpinCount	0x1400483c8
WaitForSingleObjectEx	0x1400483d0
IsDebuggerPresent	0x1400483d8
GetStartupInfoW	0x1400483e0
QueryPerformanceCounter	0x1400483e8
GetCurrentThreadId	0x1400483f0
GetSystemTimeAsFileTime	0x1400483f8
InitializeSListHead	0x140048400
RtlPcToFileHeader	0x140048408
RtlUnwindEx	0x140048410
EncodePointer	0x140048418
TlsAlloc	0x140048420
TlsGetValue	0x140048428
TlsSetValue	0x140048430
TlsFree	0x140048438
LoadLibraryExW	0x140048440
QueryPerformanceFrequency	0x140048448
GetModuleHandleExW	0x140048450
GetModuleFileNameA	0x140048458
GetACP	0x140048460
HeapFree	0x140048468
HeapAlloc	0x140048470
GetStringTypeW	0x140048478
HeapReAlloc	0x140048480
LCMapStringW	0x140048488
FindFirstFileExA	0x140048490

Function	Address	Souspicious	Anti Debug
GdipCloneImage	0x1400484c0
GdipFree	0x1400484c8
GdipDisposeImage	0x1400484d0
GdipCreateBitmapFromStream	0x1400484d8
GdipCreateHBITMAPFromBitmap	0x1400484e0
GdiplusStartup	0x1400484e8
GdiplusShutdown	0x1400484f0
GdipAlloc	0x1400484f8

Function	Address	Souspicious	Anti Debug
SysAllocString	0x1400484a0
SysFreeString	0x1400484a8
VariantClear	0x1400484b0

Name	Latest seen	MD5
a.exe	2024-05-26 01:26:02	5c95d5493dda877b228a6485a6d40d9c
csrss.exe	2024-05-30 10:24:06	1eaae465bda927c1893a5744301cde9b
lrthijawd.exe	2024-06-14 16:06:02	1b1ecd323162c054864b63ada693cd71
kfiwarhg.exe	2024-06-14 16:30:14	7d44a8a6757c2b7287c4a7b761f4e326
4x.exe	2024-06-07 14:16:02	c8432b773d48e5e0a9f2d1ecb7c557f8
motruhjgmawes.exe	2024-06-14 16:49:08	57a6a83482ce2897e8cdec17accbd662
potkmdaw.exe	2024-07-12 12:39:02	cefc3739d099bae51eb2a9d3887ac12c
live3.exe	2024-07-20 05:58:04	9fe68af3f2db3c8428035cabfccafd04
live.exe	2024-07-20 07:37:04	deb7f0871db1a1ad70b0ec844efc51d1
gawdth.exe	2024-09-02 00:31:29	c02798b26bdaf8e27c1c48ef5de4b2c3
jsawdtyjde.exe	2024-08-25 14:04:02	4c3049f8e220c2264692cb192b741a30
66b2871b47a8b_uhigdbf.exe	2024-10-09 18:58:05	eeecdefa939b534bc8f774a15e05ab0f
66e30a27e0efe_tmpD.exe	2024-09-28 05:39:01	af91873c641aab500eba3a3ad6f17b74
66e1a49ce28da_wtyhjkosefktyh.exe	2024-09-28 04:07:03	68821531a37ba7822fd5d67019733b6b
Meeting-https.exe	2024-10-07 21:45:02	4b61a3d79a892267bf6e76a54e188cc0
setup2.exe	2024-10-13 13:56:08	2ffafb44b3efdc58f229ffbce7b12796
rbx.exe?ex=670cc4cc&is=670b734c&hm=3c647bebfcf01e0dd93e67e212054aa02bc3b2b54a7738168d98490d5192ee3c&	2024-10-13 17:14:02	abfe9c702641bda679c3947a9bbde15f
xbyxsv3.94.exe	2024-10-15 18:34:32	2fe7543228c4b5807227ae21f3fdce4d

Windows.Defender.Update.exe

File details

File features detected

OSINT Enrichments

URLs, FQDN and IP indicators 1

PE Sections 0 suspicious

PE Resources 6

Packers detected 1

Anti debug functions 6

Strings analysis - File found

Strings analysis - Possible URLs found 1

Import functions

Related files by ImpHash 18 b1c5b1beabd90d9fdabd1df0779ea832