Setup_201[.]exe

Resubmissions

27/11/2023, 07:57

231127-jtg9nsfb94 7

25/09/2022, 19:24

220925-x4gmsafhb5 10

Sharing

Copy URL Twitter E-mail

General

Target

Setup_201.exe
Size

20.0MB
MD5

501c4ad22ec7667700f991772aaf178b
SHA1

1dbff89d4a895c1418f34f0d02263e441a70c6d5
SHA256

a52750603d5d4f3e39e793c336c83572eb83ec05f578970b4862b1bd688db392
SHA512

5277a94deba6c828732539a4c336c6607272161eb6ea4ff8e37d854ceb31d81cbc2d0a4996ae8bf72010b8cdad1d736bf0b883898cd67138ade3649e1cc8256c
SSDEEP

393216:aViWpXkXamamBnf3tTWPWIYumKiJW0XScUxKwbl9fI:aEWhdmf9THIleJW0XSFhO

Score

N/A

Malware Config

Signatures

Files

Setup_201.exe
.exe windows x86

0bc7e551818a852d575c6e2b092d9664

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:52:0b:7e:68:78:27:e7:c8:0c:09:2e:a2:82:b1:02
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/02/2022, 00:00

Not After

09/02/2023, 23:59

Subject

CN=Frequent Technologies ApS,O=Frequent Technologies ApS,ST=Hovedstaden,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:98:41:6d:82:a9:30:d0:a5:b4:dc:bd:61:5f:2b:3f:c7:6a:be:79:97:b4:d5:ba:4f:53:39:34:26:ef:98:da
Signer

Actual PE Digest

80:98:41:6d:82:a9:30:d0:a5:b4:dc:bd:61:5f:2b:3f:c7:6a:be:79:97:b4:d5:ba:4f:53:39:34:26:ef:98:da

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Frequent Technologies ApS,O=Frequent Technologies ApS,ST=Hovedstaden,C=DK

23/09/2022, 11:59
Valid: true

Chain 1

CN=Frequent Technologies ApS,O=Frequent Technologies ApS,ST=Hovedstaden,C=DK

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
TlsSetValue
SleepEx
IsValidCodePage
CreateThread
UnhandledExceptionFilter
ReadConsoleOutputCharacterA
GetFullPathNameW
InitializeSListHead
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ExitProcess
EnterCriticalSection
HeapSize
MultiByteToWideChar
GetVersionExW
SetEndOfFile
FindResourceW
DeleteCriticalSection
GlobalLock
ResumeThread
WriteFile
FreeLibraryAndExitThread
FlushFileBuffers
MulDiv
GetCPInfo
CreateFileW
IsDebuggerPresent
GetFileInformationByHandle
GetCommandLineA
GetTempPathW
Sleep
LocalFree
IsValidLocale
GetFileType
GetTickCount
CreateProcessW
HeapAlloc
FindFirstFileExA
GetFileAttributesExW
GetStartupInfoW
RtlUnwind
GlobalAlloc
CompareStringW
WaitForSingleObjectEx
SetEnvironmentVariableW
GetACP
SystemTimeToTzSpecificLocalTime
GlobalSize
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetModuleHandleW
SizeofResource
WaitForMultipleObjects
ResetEvent
LeaveCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
PeekNamedPipe
CreateMutexW
GetSystemDirectoryW
GetCurrentThread
GetTimeZoneInformation
QueryPerformanceCounter
GetFileSizeEx
GlobalUnlock
LoadResource
GetEnvironmentVariableA
SetLastError
GetProcessHeap
DeleteFileW
GetExitCodeProcess
CreatePipe
WriteConsoleW
FreeLibrary
GetModuleFileNameA
FreeConsole
GetLastError
GetConsoleScreenBufferInfo
GetCurrentProcessId
MoveFileExW
TlsFree
ExpandEnvironmentStringsW
TlsAlloc
GetOEMCP
LoadLibraryExW
QueryPerformanceFrequency
EnumSystemLocalesW
GetStringTypeW
SetThreadPriority
WideCharToMultiByte
OutputDebugStringW
LockResource
GetModuleHandleA
WaitForSingleObject
GetUserDefaultUILanguage
InitializeCriticalSectionEx
GetProcAddress
DecodePointer
SetConsoleCursorPosition
GlobalFree
RaiseException
GetEnvironmentStringsW
CreateEventW
GetLogicalDriveStringsW
FormatMessageW
GetEnvironmentVariableW
GetModuleHandleExW
LoadLibraryW
SetFilePointerEx
TlsGetValue
FillConsoleOutputCharacterW
SetCurrentDirectoryW
GetFileAttributesW
GetUserDefaultLCID
GetStdHandle
WriteConsoleA
AttachConsole
LCMapStringW
GlobalHandle
SetEnvironmentVariableA
SetUnhandledExceptionFilter
VerifyVersionInfoW
HeapFree
SetStdHandle
GetCurrentDirectoryW
GetSystemTimeAsFileTime
ExitThread
VerSetConditionMask
FileTimeToSystemTime
GetTickCount64
GetDriveTypeW
GetTimeFormatW
EncodePointer
TerminateProcess
FindClose
ReadFile
FindNextFileA
SetErrorMode
SetHandleInformation
GetNativeSystemInfo
GetModuleFileNameW
CopyFileW
GetCommandLineW
CloseHandle
GetLocaleInfoW
CreateDirectoryW
GetTempFileNameW
IsProcessorFeaturePresent
GetConsoleCP
FindFirstFileW
GetLongPathNameW
GetDateFormatW
SetNamedPipeHandleState

user32

GetParent
GetMessageTime
IsWindowEnabled
DestroyMenu
GetIconInfo
GetCursorPos
MessageBeep
IsZoomed
RegisterClipboardFormatW
CreateIconIndirect
MapVirtualKeyW
DdeCreateStringHandleW
IsMenu
RedrawWindow
CreateDialogIndirectParamW
CreateWindowExW
DestroyWindow
DrawStateW
GetWindow
EnumDisplaySettingsW
CheckMenuRadioItem
GetClientRect
DestroyIcon
DdeInitializeW
DdePostAdvise
MessageBoxW
RegisterClassW
RegisterWindowMessageW
DdeGetLastError
DdeNameService
GetMenuItemInfoW
BeginPaint
DestroyCursor
BringWindowToTop
UnregisterHotKey
WindowFromPoint
InflateRect
DdeUninitialize
LoadIconW
ChangeDisplaySettingsExW
LoadCursorW
MsgWaitForMultipleObjects
GetMenuItemCount
LoadBitmapW
ValidateRgn
DdeDisconnect
KillTimer
InvalidateRect
MoveWindow
UpdateWindow
GetKeyState
GetCaretBlinkTime
GetMenuItemID
PostThreadMessageW
ScrollWindow
IsDialogMessageW
PostMessageW
DeferWindowPos
PtInRect
PeekMessageW
ChildWindowFromPoint
CheckMenuItem
GetSysColor
GetComboBoxInfo
DrawIconEx
CreateAcceleratorTableW
GetUpdateRgn
GetWindowDC
GetWindowTextLengthW
MonitorFromWindow
SetMenuInfo
EnableWindow
DdeFreeDataHandle
GetAsyncKeyState
SystemParametersInfoW
GetProcessDefaultLayout
HideCaret
SetWindowPos
FillRect
EndPaint
DrawEdge
IsIconic
WaitForInputIdle
RemoveMenu
SetTimer
SendMessageW
GetSubMenu
GetClassNameW
ReleaseCapture
PostQuitMessage
GetMessageW
CopyRect
UnionRect
DdeConnect
TrackPopupMenu
OffsetRect
GetSystemMetrics
GetSystemMenu
DestroyAcceleratorTable
SetParent
InsertMenuItemW
ModifyMenuW
UnregisterClassW
LoadImageW
FlashWindowEx
MonitorFromPoint
SetCapture
CreateDialogParamW
DdeCreateDataHandle
SetWindowTextW
BeginDeferWindowPos
SetMenu
ValidateRect
ChildWindowFromPointEx
GetWindowLongW
GetDoubleClickTime
GetWindowPlacement
ShowWindow
ScreenToClient
CreatePopupMenu
SetRect
MapWindowPoints
DdeFreeStringHandle
SetScrollInfo
IsClipboardFormatAvailable
SetCursor
GetMessagePos
TranslateMessage
GetWindowTextW
GetDialogBaseUnits
TranslateAcceleratorW
UnhookWindowsHookEx
GetDesktopWindow
InsertMenuW
DdeQueryStringW
GetDC
EnumDisplayMonitors
IsWindowVisible
RegisterHotKey
AnimateWindow
CallWindowProcW
EnableMenuItem
keybd_event
GetSysColorBrush
IsRectEmpty
AppendMenuW
SetMenuItemInfoW
FindWindowExW
DrawMenuBar
SetLayeredWindowAttributes
EndDeferWindowPos
SetRectEmpty
GetMenuState
SetFocus
DrawTextW
IsWindow
SetWindowsHookExW
DrawFocusRect
CallNextHookEx
GetScrollInfo
GetFocus
DdeClientTransaction
SetWindowLongW
VkKeyScanW
CreateMenu
GetActiveWindow
SetForegroundWindow
DrawFrameControl
SetWindowRgn
DefWindowProcW
GetMonitorInfoW
GetClipboardFormatNameW
SetCursorPos
GetCapture
ReleaseDC
GetWindowRect
ClientToScreen
DispatchMessageW
DdeGetData
EnableScrollBar
GetDlgItem

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_Add
ImageList_Create
ImageList_Replace
ImageList_Draw
ord17
ord16
ImageList_SetBkColor
ImageList_GetImageInfo

oleacc

LresultFromObject

uxtheme

GetThemeInt
GetThemeMargins
OpenThemeData
DrawThemeParentBackground
IsThemeActive
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeSysColor
CloseThemeData
DrawThemeBackground
GetThemeFont
GetThemeBackgroundExtent
GetThemeColor
IsAppThemed
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeSysFont

shlwapi

SHAutoComplete

msimg32

AlphaBlend
GradientFill

gdi32

DeleteEnhMetaFile
SetGraphicsMode
GetCharABCWidthsW
GetGraphicsMode
StartPage
SetStretchBltMode
ExtSelectClipRgn
SetDIBColorTable
GetWorldTransform
GetEnhMetaFileHeader
CreateDIBSection
GetLayout
GetEnhMetaFileW
Polygon
ModifyWorldTransform
SetPolyFillMode
SetWindowOrgEx
Pie
CreateCompatibleDC
CreateEnhMetaFileW
Polyline
StretchDIBits
ExtTextOutW
GetObjectType
GetRgnBox
GetSystemPaletteEntries
SetViewportExtEx
CreateDIBitmap
OffsetRgn
CreateHatchBrush
CreateFontIndirectW
StartDocW
CreateICW
GetObjectW
LPtoDP
RealizePalette
MaskBlt
SetBrushOrgEx
ExtFloodFill
SetBkMode
Rectangle
GetDeviceCaps
SetBkColor
CreatePatternBrush
CreateDCW
GetTextMetricsW
SetPixel
BitBlt
GetTextExtentExPointW
CreateBitmapIndirect
GetOutlineTextMetricsW
CloseEnhMetaFile
GetPixel
SelectClipRgn
SetAbortProc
GdiFlush
GetDIBits
EqualRgn
SetWorldTransform
CreatePen
SetViewportOrgEx
CreateRectRgnIndirect
RectInRegion
Ellipse
GetWindowExtEx
SetTextColor
SetROP2
GetBkColor
CreateCompatibleBitmap
GetViewportExtEx
GetClipBox
CreateSolidBrush
SetWindowExtEx
GetNearestPaletteIndex
EnumFontFamiliesExW
CreateBitmap
SetMapMode
Arc
DeleteObject
PlayEnhMetaFile
EndPage
StretchBlt
GetPaletteEntries
ExtCreateRegion
MoveToEx
ExcludeClipRect
GetRegionData
DeleteDC
SelectPalette
ExtCreatePen
EndDoc
PtInRegion
CreatePalette
RoundRect
DPtoLP
SetLayout
PolyPolygon
GetDIBColorTable
CreateRectRgn
GetStockObject
SelectObject
CombineRgn
GetTextExtentPoint32W
LineTo
PolyBezier

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

CommDlgExtendedError
PrintDlgW
PageSetupDlgW
ChooseFontW

advapi32

RegQueryValueExW
CryptDestroyHash
CryptGetHashParam
RegDeleteKeyW
CryptGenRandom
CryptHashData
RegSetValueExW
CryptReleaseContext
RegDeleteValueW
CryptEncrypt
GetUserNameW
RegEnumValueW
RegCloseKey
CryptCreateHash
CryptImportKey
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
CryptDestroyKey
CryptAcquireContextW

shell32

SHGetFolderPathW
DragFinish
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
ord6
DragQueryPoint
ExtractIconW
DragQueryFileW
DragAcceptFiles

ole32

RegisterDragDrop
ReleaseStgMedium
OleUninitialize
CoCreateInstance
CoTaskMemFree
RevokeDragDrop
OleIsCurrentClipboard
CoLockObjectExternal
OleSetClipboard
OleInitialize
OleGetClipboard
OleFlushClipboard
CoTaskMemAlloc

wsock32

inet_ntoa
gethostname
sendto
recvfrom
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
send

crypt32

CertCloseStore
CryptDecodeObjectEx
CryptStringToBinaryW
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFindCertificateInStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFindExtension
CertOpenStore
CertAddCertificateContextToStore
CertGetNameStringW
CertCreateCertificateChainEngine
PFXImportCertStore
CryptQueryObject
CertGetCertificateChain

wldap32

ord127
ord27
ord26
ord117
ord301
ord167
ord73
ord216
ord14
ord46
ord219
ord145
ord142
ord79
ord208
ord147
ord41
ord133

ws2_32

WSAResetEvent
getaddrinfo
freeaddrinfo
WSAIoctl
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent
WSACreateEvent

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0bc7e551818a852d575c6e2b092d9664

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

f7:52:0b:7e:68:78:27:e7:c8:0c:09:2e:a2:82:b1:02Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

80:98:41:6d:82:a9:30:d0:a5:b4:dc:bd:61:5f:2b:3f:c7:6a:be:79:97:b4:d5:ba:4f:53:39:34:26:ef:98:daSigner

Signature Validations

Verification

23/09/2022, 11:59 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

oleacc

uxtheme

shlwapi

msimg32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

wsock32

crypt32

wldap32

ws2_32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 586KB - Virtual size: 586KB

.data Size: 185KB - Virtual size: 241KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 1024B - Virtual size: 636B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 158KB - Virtual size: 157KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

f7:52:0b:7e:68:78:27:e7:c8:0c:09:2e:a2:82:b1:02
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

80:98:41:6d:82:a9:30:d0:a5:b4:dc:bd:61:5f:2b:3f:c7:6a:be:79:97:b4:d5:ba:4f:53:39:34:26:ef:98:da
Signer

23/09/2022, 11:59
Valid: true

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 586KB - Virtual size: 586KB

.data
Size: 185KB - Virtual size: 241KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 1024B - Virtual size: 636B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 158KB - Virtual size: 157KB