Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

374.4MB
MD5

d2aec64fb25809ca1e7ecee3bb7cb549
SHA1

6c5cb79e520152149b4fd7d394a23a6acab8a7d4
SHA256

6ac72f64e420c9abdc2892950225eab60cd1f053237adab4c91113f8126fd5d6
SHA512

032ba8a59d3f97a23c00ce20363b2b311ca63ec92822dda6b88009b2bd06f95f319ce1ba0af2f32435729abebcc9629dadce3f28927ac9db54656bd3a9cb9d9a
SSDEEP

196608:+nL00WLSBnr3pv6RtMxp8S6LF/nrUOhyv+2:+LiGlZv67MeS6VrUHv+

Score

N/A

Malware Config

Signatures

Files

Setup.exe
.exe windows x86

d94db63cb1c770dd5bc2d9e990bfacb4

Code Sign

3a:79:94:72:4e:ec:0e:ad:4b:cf:9a:3d:32:2f:4a:bc
Certificate

Issuer

CN=👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ

Not Before

20/09/2022, 20:50

Not After

21/09/2032, 20:50

Subject

CN=👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:d7:2b:ab:27:b1:b5:16:80:41:4c:e4:46:56:85:9d:6c:cf:ee:48:f0:c4:e8:a0:69:8f:64:7c:2b:96:d1:26
Signer

Actual PE Digest

5d:d7:2b:ab:27:b1:b5:16:80:41:4c:e4:46:56:85:9d:6c:cf:ee:48:f0:c4:e8:a0:69:8f:64:7c:2b:96:d1:26

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ👩‍🌾💂🦘🧭ჩ ც ძ წ ჭ ხ ჴ ჯ ჰ ჵ

29/09/2022, 18:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ữựЏ
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ữựЏ
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d94db63cb1c770dd5bc2d9e990bfacb4

Code Sign

3a:79:94:72:4e:ec:0e:ad:4b:cf:9a:3d:32:2f:4a:bcCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5d:d7:2b:ab:27:b1:b5:16:80:41:4c:e4:46:56:85:9d:6c:cf:ee:48:f0:c4:e8:a0:69:8f:64:7c:2b:96:d1:26Signer

Signature Validations

Verification

29/09/2022, 18:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

wtsapi32

user32

Sections

.text Size: - Virtual size: 44KB

.rdata Size: - Virtual size: 8KB

.data Size: - Virtual size: 1KB

.CRT Size: - Virtual size: 4B

ữựЏ Size: - Virtual size: 4.1MB

ữựЏ Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

3a:79:94:72:4e:ec:0e:ad:4b:cf:9a:3d:32:2f:4a:bc
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5d:d7:2b:ab:27:b1:b5:16:80:41:4c:e4:46:56:85:9d:6c:cf:ee:48:f0:c4:e8:a0:69:8f:64:7c:2b:96:d1:26
Signer

29/09/2022, 18:53
Valid: false

.text
Size: - Virtual size: 44KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 1KB

.CRT
Size: - Virtual size: 4B

ữựЏ
Size: - Virtual size: 4.1MB

ữựЏ
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB