Analysis

Category Started Completed Duration Log
FILE 2023-05-25 01:45:21 2023-05-25 01:48:28 187 seconds Show Log
  • Error: cuckoo1: the guest initialization hit the critical timeout, analysis aborted.

    

MalScore

0.0

Benign

Machine

Name Label Manager Started On Shutdown On
cuckoo1 cuckoo1 VirtualBox 2023-05-25 01:45:22 2023-05-25 01:48:28

File Details

File Name autoupdate.exe
File Size 323072 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 790f172c9a87b606029c539e48026371
SHA1 eed983b7c9a7a0c2b1bad0971f0eda3d3905dac6
SHA256 2418e74bfd5b58775d678ac8e7b785ba21c1edc940e715994cd8e8b06c3cb8bc
SHA512 ac7d39199f72a20bd5f0b11db45ab0a1e3d4e2db9b7f143079da829f076eb9fc0032bfd49b034aaab72c37623aea55db5d022d9f52a24f29fbb21eea5f5ffd60
CRC32 6E79199A
Ssdeep 6144:Li5f0+s1m4NeLw9HqnEOStSNmwwcm+9VwMafxu:LYQm4YY8zStUmRcm+9BSxu
ClamAV None matched
Yara None matched

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x00400000
Entry Point 0x004111a2
Reported Checksum 0x00000000
Actual Checksum 0x000514ff
Minimum OS Version 5.0
PDB Path E:\Branch\win\Release\stubs\x86\Updater.pdb
Compile Time 2015-04-02 08:32:16
Icon
Icon Exact Hash b2b1517b47ddde485c1717ce18a57068
Icon Similarity Hash ba8bf52889807ddf4a7ade801697e99d

Version Infos

LegalCopyright Copyright (C) 2023 JBSoftware
InternalName AutoUpdate
FileVersion 5.0.0.26
CompanyName JBSoftware
ProductName Office-n-PDF 5
ProductVersion 5.0.0.26
FileDescription AutoUpdate - \xa9 JBSoftware
OriginalFileName AutoUpdate.exe
Translation 0x0407 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0003928e 0x00039400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.61
.rdata 0x0003b000 0x00006f1a 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.19
.data 0x00042000 0x00004efc 0x00002c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.35
.rsrc 0x00047000 0x0000757c 0x00007600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.11
.reloc 0x0004f000 0x000043b8 0x00004400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.32

Resources

Name Offset Size Language Sub-language Entropy File type
RT_ICON 0x00049288 0x00001ca8 LANG_GERMAN SUBLANG_GERMAN 5.27 dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item "\332\332\332\332\332\332\332\332\332\332\332\332\332\332\332\331\332\331\331\332\331\331\332\331\331\332\332\331\332\336\336\336\340\337\337\342\342\341\342\342\341\344\344\343\346\346\345\350\350\347\353\352\352\356\355\354\356\357\356\362\362\360\365"
RT_ICON 0x00049288 0x00001ca8 LANG_GERMAN SUBLANG_GERMAN 5.27 dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item "\332\332\332\332\332\332\332\332\332\332\332\332\332\332\332\331\332\331\331\332\331\331\332\331\331\332\332\331\332\336\336\336\340\337\337\342\342\341\342\342\341\344\344\343\346\346\345\350\350\347\353\352\352\356\355\354\356\357\356\362\362\360\365"
RT_ICON 0x00049288 0x00001ca8 LANG_GERMAN SUBLANG_GERMAN 5.27 dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item "\332\332\332\332\332\332\332\332\332\332\332\332\332\332\332\331\332\331\331\332\331\331\332\331\331\332\332\331\332\336\336\336\340\337\337\342\342\341\342\342\341\344\344\343\346\346\345\350\350\347\353\352\352\356\355\354\356\357\356\362\362\360\365"
RT_ICON 0x00049288 0x00001ca8 LANG_GERMAN SUBLANG_GERMAN 5.27 dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item "\332\332\332\332\332\332\332\332\332\332\332\332\332\332\332\331\332\331\331\332\331\331\332\331\331\332\332\331\332\336\336\336\340\337\337\342\342\341\342\342\341\344\344\343\346\346\345\350\350\347\353\352\352\356\355\354\356\357\356\362\362\360\365"
RT_ICON 0x00049288 0x00001ca8 LANG_GERMAN SUBLANG_GERMAN 5.27 dBase IV DBT of `.DBF, blocks size 48, next free block index 40, 1st item "\332\332\332\332\332\332\332\332\332\332\332\332\332\332\332\331\332\331\331\332\331\331\332\331\331\332\332\331\332\336\336\336\340\337\337\342\342\341\342\342\341\344\344\343\346\346\345\350\350\347\353\352\352\356\355\354\356\357\356\362\362\360\365"
RT_MENU 0x0004af74 0x0000005a LANG_GERMAN SUBLANG_GERMAN 2.66 data
RT_MENU 0x0004af74 0x0000005a LANG_GERMAN SUBLANG_GERMAN 2.66 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_DIALOG 0x0004bd64 0x0000006c LANG_GERMAN SUBLANG_GERMAN 2.82 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_STRING 0x0004d6c8 0x00000478 LANG_GERMAN SUBLANG_GERMAN 3.25 data
RT_GROUP_ICON 0x0004db40 0x0000004c LANG_GERMAN SUBLANG_GERMAN 2.77 MS Windows icon resource - 5 icons, 16x16, 256-colors
RT_VERSION 0x0004db8c 0x000002fc LANG_GERMAN SUBLANG_GERMAN 3.44 data
RT_MANIFEST 0x0004de88 0x000006f4 LANG_GERMAN SUBLANG_GERMAN 5.21 XML document text

Imports

Library VERSION.dll:
0x43b400 GetFileVersionInfoW
0x43b404 VerQueryValueW
Library WININET.dll:
0x43b410 InternetCrackUrlW
0x43b414 InternetCloseHandle
0x43b418 InternetOpenW
0x43b41c InternetConnectW
0x43b420 HttpOpenRequestW
0x43b42c InternetErrorDlg
0x43b430 FtpFindFirstFileW
0x43b434 FtpOpenFileW
0x43b438 HttpSendRequestW
0x43b448 HttpQueryInfoW
0x43b44c InternetReadFile
0x43b450 InternetWriteFile
0x43b454 HttpEndRequestW
0x43b458 HttpSendRequestExW
0x43b45c InternetSetOptionW
Library msi.dll:
0x43b464 None
Library KERNEL32.dll:
0x43b044 GetStringTypeW
0x43b048 GetStringTypeA
0x43b050 RtlUnwind
0x43b05c GetStartupInfoA
0x43b060 GetFileType
0x43b064 SetHandleCount
0x43b068 GetCommandLineW
0x43b06c LocalFree
0x43b070 GetLastError
0x43b074 LocalAlloc
0x43b078 LoadLibraryW
0x43b07c GetProcAddress
0x43b080 RaiseException
0x43b084 FreeLibrary
0x43b088 GetVersionExW
0x43b08c SizeofResource
0x43b090 LockResource
0x43b094 LoadResource
0x43b098 FindResourceW
0x43b09c FindResourceExW
0x43b0a0 MultiByteToWideChar
0x43b0a4 WideCharToMultiByte
0x43b0a8 FindClose
0x43b0ac FindFirstFileW
0x43b0b0 SetLastError
0x43b0b4 lstrlenW
0x43b0b8 CreateFileW
0x43b0bc GetFileSize
0x43b0c0 ReadFile
0x43b0c4 SetFilePointer
0x43b0c8 CloseHandle
0x43b0cc lstrcmpiW
0x43b0d0 CompareStringW
0x43b0d4 GetModuleHandleW
0x43b0d8 GetCurrentProcess
0x43b0dc GetTickCount
0x43b0e0 Sleep
0x43b0e4 WaitForSingleObject
0x43b0e8 GetExitCodeThread
0x43b0ec TerminateThread
0x43b0f0 CreateThread
0x43b0f4 DeleteFileW
0x43b0f8 CreateEventW
0x43b0fc SetEvent
0x43b100 MoveFileW
0x43b104 WriteFile
0x43b108 FlushFileBuffers
0x43b10c ResetEvent
0x43b110 GlobalFree
0x43b114 MulDiv
0x43b128 GetCurrentProcessId
0x43b12c GetCurrentThreadId
0x43b130 GetModuleFileNameW
0x43b134 lstrcpynW
0x43b138 CreateProcessW
0x43b13c CompareFileTime
0x43b140 CopyFileW
0x43b150 RemoveDirectoryW
0x43b15c GetSystemTime
0x43b164 GetDateFormatW
0x43b168 GetTimeFormatW
0x43b16c GetFileTime
0x43b170 GetLocaleInfoW
0x43b174 GetExitCodeProcess
0x43b178 GetProcessId
0x43b17c FormatMessageW
0x43b184 GetTempPathW
0x43b188 GetTempFileNameW
0x43b18c CreateDirectoryW
0x43b194 UnmapViewOfFile
0x43b198 ReleaseMutex
0x43b19c CreateFileMappingW
0x43b1a0 MapViewOfFile
0x43b1a4 CreateMutexW
0x43b1a8 OpenFileMappingW
0x43b1ac OpenEventW
0x43b1b0 SetFileAttributesW
0x43b1b4 GetACP
0x43b1b8 LoadLibraryExW
0x43b1c4 OpenProcess
0x43b1c8 GetProcessHeap
0x43b1cc HeapAlloc
0x43b1d0 HeapFree
0x43b1d4 TlsGetValue
0x43b1d8 IsValidCodePage
0x43b1dc GetOEMCP
0x43b1e0 GetCPInfo
0x43b1e4 HeapCreate
0x43b1e8 IsDebuggerPresent
0x43b1f4 TerminateProcess
0x43b1f8 GetStartupInfoW
0x43b1fc TlsSetValue
0x43b200 VirtualAlloc
0x43b204 VirtualFree
0x43b210 HeapSize
0x43b214 HeapReAlloc
0x43b218 HeapDestroy
0x43b21c LoadLibraryA
0x43b220 InterlockedExchange
0x43b224 TlsFree
0x43b228 GetLocaleInfoA
0x43b22c GetConsoleCP
0x43b230 ExitProcess
0x43b234 GetStdHandle
0x43b238 GetModuleFileNameA
0x43b23c LCMapStringA
0x43b240 LCMapStringW
0x43b24c GetConsoleMode
0x43b250 SetStdHandle
0x43b254 WriteConsoleA
0x43b258 GetConsoleOutputCP
0x43b25c WriteConsoleW
0x43b260 CreateFileA
0x43b264 TlsAlloc
0x43b26c GetModuleHandleA
Library USER32.dll:
0x43b294 LoadImageW
0x43b298 LockWindowUpdate
0x43b29c DestroyMenu
0x43b2a0 EnableMenuItem
0x43b2a4 TrackPopupMenu
0x43b2a8 ModifyMenuW
0x43b2ac RegisterClassExW
0x43b2b0 GetClassInfoExW
0x43b2b4 LoadMenuW
0x43b2b8 GetSubMenu
0x43b2bc SetPropW
0x43b2c0 RemovePropW
0x43b2c4 GetMessagePos
0x43b2c8 SetCursorPos
0x43b2cc GetWindowDC
0x43b2d0 DrawEdge
0x43b2d4 GetActiveWindow
0x43b2d8 DialogBoxParamW
0x43b2dc MoveWindow
0x43b2e0 GetSystemMenu
0x43b2e4 DrawMenuBar
0x43b2e8 PostThreadMessageW
0x43b2f0 GetDesktopWindow
0x43b2f4 PostQuitMessage
0x43b2f8 SetMenuDefaultItem
0x43b2fc GetMenuItemID
0x43b300 MonitorFromPoint
0x43b304 GetPropW
0x43b30c EnumWindows
0x43b310 SetForegroundWindow
0x43b314 MessageBoxW
0x43b318 FillRect
0x43b31c GetDlgCtrlID
0x43b320 OffsetRect
0x43b324 ReleaseDC
0x43b328 GetDC
0x43b32c CharNextW
0x43b330 ScreenToClient
0x43b334 GetSystemMetrics
0x43b338 PostMessageW
0x43b33c ShowWindow
0x43b340 EndDialog
0x43b344 GetWindow
0x43b348 MonitorFromWindow
0x43b34c GetMonitorInfoW
0x43b350 GetWindowRect
0x43b354 GetCursorPos
0x43b358 ReleaseCapture
0x43b35c GetCapture
0x43b360 SetCapture
0x43b364 SetFocus
0x43b368 UpdateWindow
0x43b36c SetCursor
0x43b370 MapWindowPoints
0x43b374 EnableWindow
0x43b378 GetDlgItem
0x43b37c GetMessageW
0x43b380 IsWindowVisible
0x43b384 PtInRect
0x43b388 InvalidateRect
0x43b38c EndPaint
0x43b390 BeginPaint
0x43b394 DestroyWindow
0x43b398 IsWindow
0x43b39c GetClientRect
0x43b3a0 GetWindowTextW
0x43b3a8 CreateWindowExW
0x43b3b0 LoadCursorW
0x43b3b4 GetClassNameW
0x43b3b8 SetRectEmpty
0x43b3bc DrawFocusRect
0x43b3c0 GetFocus
0x43b3c4 DrawTextW
0x43b3c8 IsWindowEnabled
0x43b3cc RedrawWindow
0x43b3d0 SetWindowPos
0x43b3d4 CallWindowProcW
0x43b3d8 DefWindowProcW
0x43b3dc GetWindowLongW
0x43b3e0 SetWindowLongW
0x43b3e4 LoadStringW
0x43b3e8 GetParent
0x43b3ec SetWindowTextW
0x43b3f0 SendMessageW
0x43b3f4 UnregisterClassA
0x43b3f8 GetSysColor
Library GDI32.dll:
0x43b018 GetObjectW
0x43b01c PatBlt
0x43b020 GetStockObject
0x43b024 CreatePatternBrush
0x43b028 DeleteObject
0x43b02c CreateFontIndirectW
0x43b030 SelectObject
0x43b034 SetTextColor
0x43b038 CreateBitmap
0x43b03c SetBkMode
Library SHELL32.dll:
0x43b27c Shell_NotifyIconW
0x43b280 SHBrowseForFolderW
0x43b284 ShellExecuteExW
0x43b288 ShellExecuteW
Library ole32.dll:
0x43b46c CoTaskMemFree
0x43b470 CoCreateInstance
0x43b474 CoTaskMemRealloc
0x43b478 CoTaskMemAlloc
0x43b47c CoUninitialize
0x43b480 CoInitializeEx
Library OLEAUT32.dll:
0x43b274 None
Library COMCTL32.dll:
0x43b004 PropertySheetW
0x43b00c _TrackMouseEvent
Library urlmon.dll:
0x43b488 FindMimeFromData

.text
`.rdata
@.data
.rsrc
@.reloc
VWj0^Vj
C PhXFD
;5<LD
;5<LD
PQRVj
QRPh$
QRPhD
YQPVh
35D D
to= +D
;5(+D
v$;5D+D
SVWUj
PhxXD
PhxXD
F Ph8ED
t>Qh#
SVWh?
$SVWh
PhPXD
PSAPI.DLL
WINTRUST.dll
ADVAPI32.dll
InterlockedPopEntrySList
InterlockedPushEntrySList
kernel32.dll
MSIMG32.dll
bad allocation
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
Unknown exception
(null)
`h````
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
CONOUT$
ConvertStringSidToSidW
"; filename="
---ASA--gc0p4Jq0M2Yt08jU534c0p--ASA---
IsWow64Process
-_.~!*'();:@&=+$,/?#[]
FtpCommandW
FtpGetFileSize
DllGetVersion
LoadIconMetric
\u%d?
Segoe UI
Tahoma
Segoe UI Semibold
{\rtf1\ansi\ansicpg%u\deff0{\fonttbl{\f0\fswiss\fcharset1 %s;}{\f1\fnil\fcharset2 Symbol;}{\f2\fnil\fcharset3 %s;}}{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\li144\lang%u\f0\fs20
\pard\li144\b\f2\par %s\par\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-180\li400\b0\f0
{\pntext\f1\'B7\tab}
RegDeleteKeyExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ZwQuerySystemInformation
QueryFullProcessImageNameW
MsiGetFileSignatureInformationW
CertFreeCertificateContext
EnableThemeDialogTexture
IsAppThemed
e+000
GAIsProcessorFeaturePresent
KERNEL32
1#QNAN
1#INF
1#IND
1#SNAN
E:\Branch\win\Release\stubs\x86\Updater.pdb
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
WinVerifyTrust
GetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
LookupAccountSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W
DeleteService
QueryServiceObjectSecurity
SetServiceObjectSecurity
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
StartServiceW
OpenServiceW
QueryServiceStatusEx
IsTextUnicode
RegDeleteKeyW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptDecrypt
CryptGetProvParam
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
GradientFill
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
InternetCrackUrlW
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetReadFile
HttpQueryInfoW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
HttpSendRequestW
FtpOpenFileW
FtpFindFirstFileW
InternetErrorDlg
WININET.dll
msi.dll
LocalFree
GetLastError
LocalAlloc
LoadLibraryW
GetProcAddress
RaiseException
FreeLibrary
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileW
SetLastError
lstrlenW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
CloseHandle
lstrcmpiW
CompareStringW
GetModuleHandleW
GetCurrentProcess
GetTickCount
Sleep
WaitForSingleObject
GetExitCodeThread
TerminateThread
CreateThread
DeleteFileW
CreateEventW
SetEvent
MoveFileW
WriteFile
FlushFileBuffers
ResetEvent
GlobalFree
MulDiv
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
lstrcpynW
CreateProcessW
CompareFileTime
CopyFileW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemDefaultLangID
RemoveDirectoryW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetSystemTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
GetFileTime
GetLocaleInfoW
GetExitCodeProcess
GetProcessId
FormatMessageW
FlushInstructionCache
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetEnvironmentVariableW
UnmapViewOfFile
ReleaseMutex
CreateFileMappingW
MapViewOfFile
CreateMutexW
OpenFileMappingW
OpenEventW
SetFileAttributesW
GetACP
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
KERNEL32.dll
SendMessageW
SetWindowTextW
GetParent
LoadStringW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
SetWindowPos
RedrawWindow
IsWindowEnabled
GetSysColor
DrawTextW
GetFocus
DrawFocusRect
SetRectEmpty
GetClassNameW
LoadCursorW
SystemParametersInfoW
CreateWindowExW
GetWindowTextLengthW
GetWindowTextW
GetClientRect
IsWindow
DestroyWindow
BeginPaint
EndPaint
InvalidateRect
PtInRect
SetCursor
UpdateWindow
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
CharNextW
GetDC
ReleaseDC
OffsetRect
GetDlgCtrlID
FillRect
MessageBoxW
SetForegroundWindow
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetDlgItem
EnableWindow
MapWindowPoints
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
EndDialog
ShowWindow
PostMessageW
GetSystemMetrics
LoadImageW
LockWindowUpdate
DestroyMenu
EnableMenuItem
TrackPopupMenu
ModifyMenuW
RegisterClassExW
GetClassInfoExW
LoadMenuW
GetSubMenu
SetPropW
RemovePropW
GetMessagePos
SetCursorPos
GetWindowDC
DrawEdge
GetActiveWindow
DialogBoxParamW
MoveWindow
GetSystemMenu
DrawMenuBar
PostThreadMessageW
RegisterWindowMessageW
GetMessageW
GetDesktopWindow
PostQuitMessage
SetMenuDefaultItem
GetMenuItemID
MonitorFromPoint
GetPropW
USER32.dll
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectW
DeleteObject
GetStockObject
GetObjectW
PatBlt
CreateBitmap
CreatePatternBrush
GDI32.dll
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHELL32.dll
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
ole32.dll
OLEAUT32.dll
_TrackMouseEvent
DestroyPropertySheetPage
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
COMCTL32.dll
FindMimeFromData
urlmon.dll
InterlockedExchange
LoadLibraryA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetCPInfo
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
UnregisterClassA
GetModuleHandleA
.?AVbad_alloc@std@@
.?AVexception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
>8?h?}?
?#?'?+?/?3?7?
:#<S<x<X>
?&?v?
>3>9>P>-?p?
=4=8=
= =$=
7@8D8H8L8P8T8X8\8`8d8h8l8
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;\;d;h;l;t;
KERNEL32.DLL
mscoree.dll
(null)
BS-1-5-18
S-1-1-0
Advapi32.dll
Content-Disposition: form-data; name="
charset=
application/x-www-form-urlencoded
boundary=
multipart/form-data
Connection: Keep-Alive
Accept: */*
Content-Type:
Cutf-8
@application/octet-stream
@open
static
Software\Microsoft\Internet Explorer\Settings
Anchor Color
Anchor Color Visited
tooltips_class32
kernel32
Bfile://
.part
NoRedetect
SingleUpdate
ReqLicenseRenewal
IsPatch
NotSelected
Advertises
Os32Only
NoCache
Sys64
SilentInstall
Major
Critical
VerifyDigitalSignature
ShowConfigOptionsButton
PerMachine
VertSplitter
NoDisableAutoCheck
AdvancedInstaller
wininet.dll
FTP Server
HTTP/1.0
REST %u
realm
SCROLLBAR
AutoCloseApplication
NoRestart
AlwaysRestart
"%s" %s
LastModified
licenseid
languageid
version
ClientConfigPath
ServerConfigPath
JustDownloadUpdates
StartMinimized
restartapp
restartappcmd
startappfirst
NoGUI
ReducedGUI
checknow
silent
silentall
silentcritical
/install
BGeneral
Flags
ApplicationMainBinary
AppDir
DownloadsFolder
CheckFrequency
ApplicationName
ApplicationVersion
CompanyName
DefaultCommandLine
SupportServiceName
RetryAttempts
APPDIR
LicenseIdCheckURL
ExpirationDate
Caphyon
@Shlwapi.dll
Shell32.dll
%d.%d.%d.%d
Software\Microsoft\Internet Explorer
Version
%d %s
%d.0%d %s
%d.%d %s
%s, %.2u %s %.4u %.2u:%.2u:%.2u GMT
HKEY_CURRENT_CONFIG
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
ComCtl32.dll
WTL_SplitterWindow
Advanced Updater
RichEdit20W
IsExterior
BATL:%p
SysListView32
<>:"/\|?*
AutoUpdatePolicy
&amp;
color
Global\srv_
Global\evt_
Global\evt2_
Global\evt3_
UserDetailsU
_pass
pass_ev
Software\Caphyon\Advanced Updater\%s\Settings
Software\Caphyon\Advanced Updater\%s\Updates
Software\Caphyon\Advanced Updater\%s\Updates\Locks
Software\Caphyon\Advanced Updater\%s
Software\Caphyon\Advanced Updater
CRemoving: %s
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
Delete
NoRemove
ForceRemove
CLSID
AppID
RealUpdaterPath
UninstallFilePath
del "%s" | cls
/exenoui
State
UpdatedApplicationVersions
UpdatedApplications
DescriptionHtml
Description
FeatureHtml
Feature
BugFixHtml
BugFix
EnhancementHtml
Enhancement
Category
ServerFileName
ReleaseDate
CommandLine
NoGUICommandLineSwitch
aiemptyfield
FilePath
FileSize
RegistryKey
CustomDetection
CustomDetectionParams
%.2u/%.2u/%.4u
%s %s
Depends
Replaces
install
\?"|><:/*
<b>%s</b>
<b><font color = "#B84401">%s</font></b>
retryattempts
rememberpassword
Software\Caphyon\Advanced Updater\Settings
ConfigFilePath
NoAutoUpdateCheck
NextUpdateCheck
configure
clean
/checknow
/silent
/silentall
/silentcritical
-nofreqcheck
-minuseractions
-licensecheckurl
-licenseid
-justdownload
-startminimized
-restartapp
-restartappcmd
-nogui
-reducedgui
-showaitdlg
-startappfirst
/configure
/clean
/justcheck
-dumpdetected
-critical
-installready
/runservice
/debugservice
/installservice
/configservice
-name
/uninstallservice
/runserver
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
RICHED20.DLL
Classes
Module
Module_Raw
REGISTRY
APPID
windir
system32
msiexec.exe
"%s" /i "%s" /qn
"%s" /p "%s" /qn
A%s support service
A0x%X
psapi.dll
AdvancedUpdater
kernel32.dll
ntdll.dll
Kernel32.dll
Msi.dll
WCrypt32.dll
UxTheme.dll
dWM_TRAYICON
;aiu;
ConfigFileVersion
0123456789
0.0.0.0
Installieren
berspringen
Advanced Updater anzeigen
Beenden
Suche nach Aktualisierungen
MS Shell Dlg
Abbrechen
Bitte warten...
MS Shell Dlg
Jetzt herunterladen und installieren.
Erinnere mich morgen.
fung deaktivieren.
Konfigurieren
Warten
Update Options
MS Shell Dlg
Do not check for updates automatically.
Check and prompt me to download and install updates.
Check and automatically download and install:
Cancel
Downloads folder:
Check frequency:
Static
days.
updates.
Property Page
MS Shell Dlg
Download and install now
Remind me tomorrow
Disable the automatic updates check
Configure Options
Entferne Dateien
MS Shell Dlg
Abbrechen
msctls_progress32
Wartet
Dialog
MS Shell Dlg
Meine Anmeldeinformationen speichern
Abbrechen
Benutzername:
Kennwort:
MS Shell Dlg
SysListView32
msctls_progress32
Pause...
Updates automatisch nach dem Herunterladen installieren.
Warten
MS Shell Dlg
SysListView32
MS Shell Dlg
Warten
r %s9Der Server %s auf %s fordert Benutzernamen und Kennwort.
Download beendet
Aktualisierungen herunterladen
OK*Ihre Software ist auf dem aktuellen Stand.
SicherheitswarnungsUm auf das erforderliche Update zuzugreifen, ist eine Authentifizierung mit Benutzername und Passwort erforderlich.
tzungsdienst ist ein Fehler aufgetreten.uUpdate installation was blocked, digital signature mismatch or untrusted publisher. Please contact technical support.
VS_VERSION_INFO
StringFileInfo
040704b0
CompanyName
JBSoftware
ProductVersion
5.0.0.26
FileVersion
5.0.0.26
ProductName
Office-n-PDF 5
LegalCopyright
Copyright (C) 2023 JBSoftware
InternalName
AutoUpdate
OriginalFileName
AutoUpdate.exe
FileDescription
JBSoftware
VarFileInfo
Translation
No antivirus signatures available.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
Sorry! No dropped files.
JSON Report Download

Comments



No comments posted

Processing ( 0.96 seconds )

  • 0.424 Static
  • 0.341 VirusTotal
  • 0.147 peid
  • 0.02 Strings
  • 0.011 NetworkAnalysis
  • 0.008 AnalysisInfo
  • 0.008 TargetInfo
  • 0.001 Debug

Signatures ( 0.023 seconds )

  • 0.005 antiav_detectreg
  • 0.002 persistence_autorun
  • 0.002 antiav_detectfile
  • 0.002 infostealer_ftp
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 ransomware_extensions
  • 0.001 ransomware_files

Reporting ( 0.008 seconds )

  • 0.008 JsonDump
Task ID 1752
Mongo ID 646f04c12694ed0be09631fd
Cuckoo release 1.3-NG