| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | 7USP3.exe |
| File Type: | PE32+ executable (GUI) x86-64, for MS Windows |
| SHA1: | f05f137ee24090f0cd45801b1d4aca5a7d804b91 |
| MD5: | e003cb91be593f2e20f6da8da55106ce |
| First Seen Date: | 2025-05-23 23:49:17.799810 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2025-05-23 23:49:17.799810 ( ) |
| Human Expert Analysis Date: | 2025-05-24 19:02:05.732184 ( ) |
| Human Expert Analysis Result: | PUA |
| Property | Value |
|---|---|
| magic literal enum | 4 |
| file type enum | 7 |
| debug artifacts | [] |
| number of sections | 5 |
| trid | [[50.0, u'Generic Win/DOS Executable'], [49.9, u'DOS Executable Generic']] |
| compilation time stamp | 0x50E0DEB7 [Mon Dec 31 00:39:19 2012 UTC] |
| LegalCopyright | Copyright \xa9 2024 Tech Stuff (@teknixstuff) |
| InternalName | VistaUpdateMegafix |
| FileVersion | 1.0.0.0 |
| CompanyName | Tech Stuff (@teknixstuff) |
| PrivateBuild | v1 (12th Aug 2024) |
| ProductName | Unofficial WIndows Vista Service Pack 3 |
| ProductVersion | 1.0.0.0 |
| FileDescription | Unofficial Windows Vista Service Pack 3 |
| OriginalFilename | VistaUSP3.exe |
| Translation | 0x0000 0x04b0 |
| entry point | 0x14001f8d0 (.text) |
| machine type | AMD64 only, not Itaniums, with 0200 - 64 bit |
| file size | 84013345 |
| ssdeep | 1572864:MkJA0pSEA/vBzWmXx26LiXH/96Rc13gvIiTvFeiYZ6TKST+cfODIoDAg:xJ/pSF/v4mXH8fIRc1sVvKw+4noD |
| sha256 | 33c9e8d8541cd9509637df966c94d1cb6ba0c524fdcb7358a820768c65dfe522 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'EXE:PrivateBuild': u'v1 (12th Aug 2024)', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/0/5/f/f05f137ee24090f0cd45801b1d4aca5a7d804b91', u'EXE:OriginalFileName': u'VistaUSP3.exe', u'EXE:ProductName': u'Unofficial WIndows Vista Service Pack 3', u'EXE:InternalName': u'VistaUpdateMegafix', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2025:05:23 23:48:28+00:00', u'EXE:InitializedDataSize': 118272, u'File:FileModifyDate': u'2025:05:23 23:48:11+00:00', u'EXE:FileVersionNumber': u'1.0.0.0', u'EXE:FileVersion': u'1.0.0.0', u'File:FileSize': u'80 MB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': u'1.0.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'Tech Stuff (@teknixstuff)', u'File:FileName': u'f05f137ee24090f0cd45801b1d4aca5a7d804b91', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'2012:12:31 00:39:19+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2024 Tech Stuff (@teknixstuff)', u'EXE:LinkerVersion': 8.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/0/5/f', u'EXE:FileDescription': u'Unofficial Windows Vista Service Pack 3', u'EXE:EntryPoint': u'0x1f8d0', u'EXE:SubsystemVersion': 5.2, u'EXE:CodeSize': 126976, u'File:FileInodeChangeDate': u'2025:05:23 23:48:24+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 08fd62a9d05cc8111782017958ea975d |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x1efae | 0x1f000 | 6.35563921643 | 6afaf2492621789cd6fb21ade3845d96 |
| .rdata | 0x20000 | 0x5b1c | 0x5c00 | 5.18604756129 | cf5a47e92a71d40addce827c8954ed5e |
| .data | 0x26000 | 0x5268 | 0xe00 | 3.58541033666 | 2893ed32149e4a1ba6ea25e4100062ed |
| .pdata | 0x2c000 | 0x1a94 | 0x1c00 | 5.05741179711 | d97bb8a82df9a86a40dc5ee58d4f426a |
| .rsrc | 0x2e000 | 0x1464d | 0x14800 | 7.43474825054 | 8af4f8ee1bb94bb4121729b09528326b |
-
COMCTL32.dll
- None
-
SHELL32.dll
- ShellExecuteW
- SHBrowseForFolderW
- SHGetSpecialFolderPathW
- SHGetPathFromIDListW
- SHGetFileInfoW
- ShellExecuteExW
- SHGetMalloc
-
GDI32.dll
- CreateCompatibleDC
- CreateFontIndirectW
- DeleteObject
- DeleteDC
- GetCurrentObject
- StretchBlt
- GetDeviceCaps
- CreateCompatibleBitmap
- SelectObject
- SetStretchBltMode
- GetObjectW
-
ADVAPI32.dll
- FreeSid
- AllocateAndInitializeSid
- CheckTokenMembership
-
USER32.dll
- wvsprintfW
- CreateWindowExA
- GetSystemMenu
- EnableMenuItem
- IsWindow
- EnableWindow
- MessageBeep
- LoadIconW
- LoadImageW
- SetWindowsHookExW
- PtInRect
- CallNextHookEx
- DefWindowProcW
- CallWindowProcW
- DrawIconEx
- DialogBoxIndirectParamW
- GetWindow
- ClientToScreen
- GetDC
- DrawTextW
- ShowWindow
- SystemParametersInfoW
- GetSystemMetrics
- SetFocus
- UnhookWindowsHookEx
- SetWindowLongPtrW
- GetClientRect
- GetDlgItem
- GetKeyState
- MessageBoxA
- SetWindowTextW
- wsprintfA
- GetSysColor
- GetWindowTextLengthW
- GetWindowTextW
- GetClassNameA
- GetWindowLongW
- GetMenu
- SetWindowPos
- GetWindowDC
- ReleaseDC
- CopyImage
- GetParent
- CharUpperW
- ScreenToClient
- CreateWindowExW
- SetTimer
- GetWindowRect
- DispatchMessageW
- KillTimer
- DestroyWindow
- SendMessageW
- EndDialog
- wsprintfW
- GetWindowLongPtrW
- GetMessageW
-
ole32.dll
- CreateStreamOnHGlobal
- CoInitialize
- CoCreateInstance
-
OLEAUT32.dll
- SysFreeString
- VariantClear
- OleLoadPicture
- SysAllocString
-
KERNEL32.dll
- ReadFile
- SetFileTime
- SetEndOfFile
- SetUnhandledExceptionFilter
- QueryPerformanceCounter
- GetTickCount
- WaitForMultipleObjects
- SetFilePointer
- GetFileSize
- LeaveCriticalSection
- EnterCriticalSection
- DeleteCriticalSection
- FormatMessageW
- lstrcpyW
- LocalFree
- IsBadReadPtr
- GetSystemDirectoryW
- GetCurrentThreadId
- SuspendThread
- TerminateThread
- InitializeCriticalSection
- ResetEvent
- SetEvent
- CreateEventW
- GetVersionExW
- GetModuleFileNameW
- GetCurrentProcess
- SetProcessWorkingSetSize
- SetCurrentDirectoryW
- GetDriveTypeW
- CreateFileW
- GetCommandLineW
- GetStartupInfoW
- CreateProcessW
- CreateJobObjectW
- AssignProcessToJobObject
- CreateIoCompletionPort
- SetInformationJobObject
- ResumeThread
- GetQueuedCompletionStatus
- GetExitCodeProcess
- CloseHandle
- SetEnvironmentVariableW
- GetTempPathW
- GetSystemTimeAsFileTime
- lstrlenW
- CompareFileTime
- SetThreadLocale
- FindFirstFileW
- DeleteFileW
- FindNextFileW
- FindClose
- RemoveDirectoryW
- lstrcmpW
- ExpandEnvironmentStringsW
- WideCharToMultiByte
- VirtualAlloc
- GlobalMemoryStatusEx
- GetEnvironmentVariableW
- lstrcmpiW
- lstrlenA
- GetLocaleInfoW
- MultiByteToWideChar
- GetUserDefaultUILanguage
- GetSystemDefaultUILanguage
- GetSystemDefaultLCID
- lstrcmpiA
- GlobalAlloc
- GlobalFree
- MulDiv
- FindResourceExA
- SizeofResource
- LoadResource
- LockResource
- LoadLibraryA
- GetProcAddress
- ExitProcess
- lstrcatW
- AddVectoredExceptionHandler
- RemoveVectoredExceptionHandler
- GetDiskFreeSpaceExW
- SetFileAttributesW
- SetLastError
- Sleep
- GetExitCodeThread
- WaitForSingleObject
- CreateThread
- GetLastError
- SystemTimeToFileTime
- GetLocalTime
- GetFileAttributesW
- CreateDirectoryW
- WriteFile
- GetStdHandle
- VirtualFree
- GetModuleHandleW
- GetCurrentProcessId
-
msvcrt.dll
- __CxxFrameHandler
- _purecall
- ??3@YAXPEAX@Z
- ??2@YAPEAX_K@Z
- memcmp
- free
- memcpy
- _wtol
- memmove
- malloc
- wcsncmp
- strncmp
- _wcsnicmp
- memset
- ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
- _beginthreadex
- _CxxThrowException
- __C_specific_handler
- _unlock
- __dllonexit
- _lock
- _onexit
- ??1type_info@@UEAA@XZ
- __getmainargs
- _XcptFilter
- _exit
- _ismbblead
- _cexit
- exit
- _acmdln
- _initterm
- _amsg_exit
- __setusermatherr
- _commode
- _fmode
- __set_app_type
- ?terminate@@YAXXZ
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 189152, u'sha256': u'689e072bec88a4f92eeadc6ada816cbcbedc4de9e76b27c38183f820bcc11e04', u'type': u'data', u'size': 1640}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 190792, u'sha256': u'3032bc8ec0d2b10c731ce65338958a69401a6ea5c13bf43236be1cadfaaa796f', u'type': u'dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2291109880, next used block 28872', u'size': 744}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 191536, u'sha256': u'472af970994f80d1368af62de093894cdef4e2ea76f661eabc49e4f7e41a5860', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 191832, u'sha256': u'828bf50bd62a7fca6f0ee8d03970215d1550d31a4f9382b1608b76742ef8aa95', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 195584, u'sha256': u'5a2bcb6347493ac6873330f55603ae586a8b21ab1a7137f7b326b6e682827892', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15066613, next used block 15000828', u'size': 2216}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 197800, u'sha256': u'4429f0eabd35418cb2022378e73ee2e766841d35aca4a8b7369359d1341304fe', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 199184, u'sha256': u'f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 55762}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 254948, u'sha256': u'ebfd8bce706bc334ada961a2489fb266101c8960e05bd20fbf2e8ee66af64060', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 264588, u'sha256': u'fa6b2f5422746f7377a3ed24f2b108f04f963caa0cc096c51cb49ac74266b107', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_ICON', u'offset': 268852, u'sha256': u'8561da4d70ae051d1f146859ba0b50467258730daae8af73726e0700c034b737', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_GROUP_ICON', u'offset': 269980, u'sha256': u'28aa9f2195be7d7f57389bb80bc732e820a52b6bd44426c2b6f54c29e6ddf08a', u'type': u'MS Windows icon resource - 10 icons, 48x48, 16 colors', u'size': 146}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 270128, u'sha256': u'ca99cfb78ffae3043abcdbe6a65bc4596b1c787d3e97431573765758f479cc61', u'type': u'data', u'size': 972}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 271100, u'sha256': u'53f090c7af09fe3d7a57debb22dbc670c50da7503773007d45351444fea4ca1b', u'type': u'ASCII text, with CRLF line terminators', u'size': 849}