Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

428.8MB
MD5

3aeb3773701911b9a1d98e39e020da7c
SHA1

4e498accac4b577ff610482194db8f152878646b
SHA256

7095e19481e8a3132ab2235b121b4ca2138d661f722ec431ecfc675a4bfc8214
SHA512

bc530b38daaf85ab62490d1a8e144e7d7bfec89174ea161aa7e071e615c06e37dcd9c0ef6ddd7f22735d9dcdea50cad80ce2f1fb61261f9201ab176d7d2387d2
SSDEEP

196608:ddtg8WIzmftb9eZMS8QBrfMOmXX2S70og1:dPgDrBeaShBrfMOmH2SFg1

Score

N/A

Malware Config

Signatures

Files

Setup.exe
.exe windows x86

7a4eaeda5ddff0d1cd8a6ce950f0f8c8

Code Sign

73:46:e0:b4:94:45:c7:87:44:be:a5:1a:da:6d:d7:d7
Certificate

Issuer

CN=⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩

Not Before

08/09/2022, 20:06

Not After

09/09/2032, 20:06

Subject

CN=⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:4b:74:f6:c3:af:32:cd:e3:be:51:58:61:c2:77:6f:08:62:4d:8e:2a:d5:f4:bf:b2:15:85:cc:0a:5c:20:17
Signer

Actual PE Digest

2e:4b:74:f6:c3:af:32:cd:e3:be:51:58:61:c2:77:6f:08:62:4d:8e:2a:d5:f4:bf:b2:15:85:cc:0a:5c:20:17

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩⤧ ⤨ ⤩

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Æƒ†�
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Æƒ†�
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Æƒ†�
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a4eaeda5ddff0d1cd8a6ce950f0f8c8

Code Sign

73:46:e0:b4:94:45:c7:87:44:be:a5:1a:da:6d:d7:d7Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

2e:4b:74:f6:c3:af:32:cd:e3:be:51:58:61:c2:77:6f:08:62:4d:8e:2a:d5:f4:bf:b2:15:85:cc:0a:5c:20:17Signer

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Sections

.text Size: - Virtual size: 202KB

.rdata Size: - Virtual size: 56KB

.data Size: - Virtual size: 84KB

Æƒ†� Size: - Virtual size: 1KB

Æƒ†� Size: - Virtual size: 4.3MB

Æƒ†� Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

73:46:e0:b4:94:45:c7:87:44:be:a5:1a:da:6d:d7:d7
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

2e:4b:74:f6:c3:af:32:cd:e3:be:51:58:61:c2:77:6f:08:62:4d:8e:2a:d5:f4:bf:b2:15:85:cc:0a:5c:20:17
Signer

15/09/2022, 14:52
Valid: false

.text
Size: - Virtual size: 202KB

.rdata
Size: - Virtual size: 56KB

.data
Size: - Virtual size: 84KB

Æƒ†�
Size: - Virtual size: 1KB

Æƒ†�
Size: - Virtual size: 4.3MB

Æƒ†�
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB