ocsetup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ocsetup.exe
Size

611KB
MD5

b10a9d6349b8268ba1dd2d4a5f59bf9a
SHA1

4c88e77801c2a4e934c03e81aac828061022412c
SHA256

8cf63e585240e6a26a8710efdd6d72c5034d1dc93dbd1011aa8915ea14a4c27c
SHA512

83afab6c4d12d6d77b9971b8f7324e12c8bd3f8ed033fde4e2fec78bf2db41447b30e347238bc8efcb5af995f69d60da75bf4cbb1997b7048f1ccb275f40ba8c
SSDEEP

12288:+XGY0BicO169GTE6d6S+RPm5eJ0S9SX76DqGA+Nn:+XGficONTV3+lm0J0Su6DJA+x

Score

N/A

Malware Config

Signatures

Files

ocsetup.exe
.exe windows x64

7f31864c7bc38b2a1c908b76d18d8874

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
DuplicateTokenEx
GetLengthSid
IsValidSid
SetTokenInformation
CreateProcessWithTokenW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ConvertStringSidToSidW
RegQueryValueExW
GetUserNameW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW

uxtheme

BufferedPaintUnInit
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
BufferedPaintInit
IsAppThemed

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled
DwmGetColorizationColor

shlwapi

PathIsUNCW
PathFindExtensionW
SHDeleteKeyW
StrCatW
PathStripToRootW
PathIsDirectoryW
PathFindFileNameW
PathIsDirectoryEmptyW
PathGetArgsW
PathFileExistsW
PathRemoveFileSpecW
StrCmpIW
PathAppendW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shfolder

SHGetFolderPathW

kernel32

LoadLibraryExW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToSystemTime
GetTimeZoneInformation
FreeEnvironmentStringsW
GetWindowsDirectoryW
SetEvent
ResetEvent
CreateEventW
GetACP
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GetCurrentProcessId
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetModuleHandleW
EncodePointer
GetCurrentThreadId
FreeResource
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExW
lstrcmpA
GetPrivateProfileIntW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
SetErrorMode
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetFileAttributesW
FileTimeToLocalFileTime
DeleteFileW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
FindClose
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
MoveFileExW
FormatMessageW
SetLastError
GetLastError
GetDriveTypeW
FindNextFileW
FindFirstFileW
VerifyVersionInfoW
CopyFileW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
OpenProcess
GetCurrentProcess
Sleep
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetTempPathW
GetLongPathNameW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
VerSetConditionMask
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetSystemDirectoryW
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
SetStdHandle
GetFileType
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapQueryInformation
GetStdHandle
ExitProcess
GetCPInfo
GetStringTypeW
IsValidCodePage
GetOEMCP
LCMapStringW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
GetEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
ReadFile

user32

GetWindow
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetFocus
UnhookWindowsHookEx
CharUpperW
GetLastActivePopup
MessageBoxW
IsWindowEnabled
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMenuItemCount
GetMenuItemID
GetSubMenu
OffsetRect
SetRectEmpty
SendDlgItemMessageA
LoadCursorW
GetParent
GetSysColorBrush
SetCursor
DrawIcon
PostThreadMessageW
PeekMessageW
MapWindowPoints
GetClassNameW
SetForegroundWindow
GetDC
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
CopyRect
AnimateWindow
ReleaseCapture
SetCapture
SystemParametersInfoW
GetSysColor
GetForegroundWindow
GetKeyState
GetDoubleClickTime
SetWindowRgn
UnregisterClassW
InvalidateRect
UpdateWindow
PostQuitMessage
GetWindowThreadProcessId
GetShellWindow
FindWindowW
GetDesktopWindow
PostMessageW
GetClientRect
SetTimer
LoadImageW
DestroyIcon
SetRect
GetCursorPos
GetWindowRect
GetSystemMetrics
LoadIconW
GetWindowLongW
EnableWindow
SendMessageW
AdjustWindowRectEx
KillTimer
RealChildWindowFromPoint
DestroyMenu
TranslateMessage
GetMessageW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
SetActiveWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsChild
GetFocus
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
DispatchMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
RegisterWindowMessageW
CheckMenuItem
IsMenu

gdi32

DeleteDC
DeleteObject
GetStockObject
GetTextExtentPoint32W
GetObjectW
GetDeviceCaps
SetBkMode
CreatePen
CreateBitmap
Escape
GetClipBox
LineTo
PtVisible
CreateFontIndirectW
CreateCompatibleDC
CreateRectRgn
SelectObject
RectVisible
RestoreDC
SaveDC
SetBkColor
SetMapMode
SetTextColor
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
BitBlt

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetSpecialFolderPathW
ord155

comctl32

ord17

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f31864c7bc38b2a1c908b76d18d8874

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

uxtheme

dwmapi

shlwapi

version

shfolder

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

ole32

oleaut32

oleacc

Sections

.text Size: 338KB - Virtual size: 337KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 10KB - Virtual size: 50KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 338KB - Virtual size: 337KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 10KB - Virtual size: 50KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 9KB - Virtual size: 8KB