Setup[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.zip
Size

2.0MB
MD5

c749d5207f6260859a802d81c07c0ea3
SHA1

79bae666760e0c9d70be2cd4d1a7963a7e4f1e4e
SHA256

5ce5dc05b5ea0402a0470dceb53ebb4ff0a99d5b8f279c798ef4de8b5192b272
SHA512

326b5abeb554467a1dbe2ca316c0b20edd9c29ba31054309c53843350657f21cb20dfa692a8eec8993b8b6e3d565059a10d87ed8329b697413bb8b316219fe4a
SSDEEP

24576:Y7rupD78hbUW9OVzZCwq3rPQpqTNQnouf86Sovdn0wsBL71G9FlV57UeNIJS31sV:ZLzZLqb4tou0Twd0wUsaKES3SvDtVRX

Score

N/A

Malware Config

Signatures

Files

Setup.zip
.zip

Password: infected
Setup.exe
.exe windows x64

Password: infected

Code Sign

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3
Certificate

Issuer

CN=Logitech ZC-9015 USA State of Washington

Not Before

24/12/2022, 20:59

Not After

25/12/2032, 20:59

Subject

CN=Logitech ZC-9015 USA State of Washington

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:a1:24:e1:6f:a3:a1:e5:ab:b1:99:c9:fd:eb:9a:64:33:9e:e4:54:f2:11:fa:d7:bb:bd:1a:4a:4d:5c:91:87
Signer

Actual PE Digest

29:a1:24:e1:6f:a3:a1:e5:ab:b1:99:c9:fd:eb:9a:64:33:9e:e4:54:f2:11:fa:d7:bb:bd:1a:4a:4d:5c:91:87

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Logitech ZC-9015 USA State of Washington

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

29:a1:24:e1:6f:a3:a1:e5:ab:b1:99:c9:fd:eb:9a:64:33:9e:e4:54:f2:11:fa:d7:bb:bd:1a:4a:4d:5c:91:87Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 145KB - Virtual size: 144KB

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

29:a1:24:e1:6f:a3:a1:e5:ab:b1:99:c9:fd:eb:9a:64:33:9e:e4:54:f2:11:fa:d7:bb:bd:1a:4a:4d:5c:91:87
Signer

15/12/2022, 13:55
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 145KB - Virtual size: 144KB