SetupFile_798614[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SetupFile_798614.zip
Size

20.1MB
MD5

d7400114fa3122513836c09569a35942
SHA1

d49ba7eec9a7b190e0fa7c6c7acee5ed0561e336
SHA256

312da8bd2add6210bcb79c05996f99b1fecdb607cb1fd1ce1cd91b9ac3086e85
SHA512

206587a0a417a398939df70ebba5efd743055e9dd6a0eee4a95890745f5203c63fe73b0ced91261bf3c45c686e34b8c4e39514b4273ed4fed787ef20cc56cc89
SSDEEP

393216:E1CkBPaEFOp24Xjge6v5CnX3B4TCLjfMVPtSWM33zNQ5i9gtXlY:UNyKygxBCneTC3MVPtSf417Y

Score

N/A

Malware Config

Signatures

Files

SetupFile_798614.zip
.zip
StartSetup_20221.exe
.exe windows x86

7526d007573d06ca5a8177185486e338

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:5b:87:e9:54:1c:b1:01:c5:15:c2:af:5d:88:cb:78
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28/02/2022, 00:00

Not After

28/02/2023, 23:59

Subject

CN=A.C.D.Informatique BV,O=A.C.D.Informatique BV,ST=Brabant wallon,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:7c:a1:72:ec:80:02:9e:50:72:24:e9:39:44:e9:b3:bd:d1:f1:fd:d3:5b:f6:4a:cf:ba:3d:71:d0:25:e5:5c
Signer

Actual PE Digest

31:7c:a1:72:ec:80:02:9e:50:72:24:e9:39:44:e9:b3:bd:d1:f1:fd:d3:5b:f6:4a:cf:ba:3d:71:d0:25:e5:5c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=A.C.D.Informatique BV,O=A.C.D.Informatique BV,ST=Brabant wallon,C=BE

15/12/2022, 14:00
Valid: true

Chain 1

CN=A.C.D.Informatique BV,O=A.C.D.Informatique BV,ST=Brabant wallon,C=BE

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetRegionData
GetStockObject
GetTextMetricsW
CreateCompatibleDC
SetTextColor
GetDIBits
SelectClipRgn
GetFontData
GetBitmapBits
CreateCompatibleBitmap
OffsetRgn
GetTextFaceW
DeleteObject
CreateRectRgn
GdiFlush
CreateBitmap
CreateFontIndirectW
SetGraphicsMode
DeleteDC
RemoveFontResourceExW
GetCharABCWidthsW
BitBlt
CombineRgn
SetBkMode
GetCharABCWidthsI
GetObjectW
AddFontMemResourceEx
GetDeviceCaps
ExtTextOutW
SetWorldTransform
CreateDIBSection
SetTextAlign
CreateDCW
GetTextExtentPoint32W
RemoveFontMemResourceEx
GetGlyphOutlineW
GetOutlineTextMetricsW
SelectObject
AddFontResourceExW
GetCharABCWidthsFloatW
EnumFontFamiliesExW

ole32

OleUninitialize
OleInitialize
CoInitialize
ReleaseStgMedium
OleFlushClipboard
CoCreateGuid
OleGetClipboard
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoLockObjectExternal
OleIsCurrentClipboard
RevokeDragDrop
RegisterDragDrop
CoTaskMemAlloc
StringFromGUID2
CoGetMalloc
DoDragDrop
OleSetClipboard

imm32

ImmReleaseContext
ImmGetVirtualKey
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmGetDefaultIMEWnd
ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionWindow

winmm

PlaySoundW

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocString

shell32

CommandLineToArgvW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW

advapi32

CryptEncrypt
RegFlushKey
CryptReleaseContext
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
CryptImportKey
FreeSid
RegCloseKey
CryptCreateHash
OpenProcessToken
CryptGetHashParam
CryptDestroyKey
RegOpenKeyExW
CryptDestroyHash
CryptHashData
RegQueryValueExW
CryptAcquireContextW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
CopySid
RegCreateKeyExW
GetLengthSid
GetTokenInformation

user32

PeekMessageW
DefWindowProcW
SetForegroundWindow
GetWindowRect
UnregisterClassW
ClientToScreen
GetWindowTextW
SetFocus
MessageBeep
SetWindowTextW
SetMenuItemInfoW
IsIconic
ToUnicode
GetParent
IsWindowVisible
GetWindowPlacement
ShowWindow
GetQueueStatus
SetWindowsHookExW
AdjustWindowRectEx
InvalidateRect
GetKeyboardLayout
SetWindowPlacement
KillTimer
MoveWindow
SystemParametersInfoW
ChangeClipboardChain
wsprintfA
GetFocus
GetCaretBlinkTime
DestroyWindow
GetWindowLongW
EnumDisplayMonitors
GetCursor
IsZoomed
DestroyCursor
GetIconInfo
SetParent
SendMessageW
ReleaseCapture
CharNextExA
RegisterClassW
RegisterClipboardFormatW
GetForegroundWindow
GetClassInfoW
SetCursorPos
GetSystemMetrics
DestroyIcon
ScreenToClient
HideCaret
LoadCursorW
GetMonitorInfoW
RegisterWindowMessageW
CreateIconIndirect
DrawIconEx
GetCapture
GetKeyState
UnhookWindowsHookEx
GetKeyboardState
GetAsyncKeyState
RealGetWindowClassW
EnableMenuItem
EndPaint
GetSystemMenu
LoadImageW
SetTimer
SetClipboardViewer
GetDC
SetCursor
GetWindowThreadProcessId
ChildWindowFromPointEx
GetDoubleClickTime
GetUpdateRect
CreateCursor
CreateWindowExW
ToAscii
SetCaretPos
MessageBoxW
GetSysColor
LoadIconW
GetClientRect
CallNextHookEx
SetWindowLongW
DispatchMessageW
TranslateMessage
DestroyCaret
RegisterClassExW
GetAncestor
GetCursorPos
GetCursorInfo
FlashWindowEx
CreateCaret
GetMenu
MsgWaitForMultipleObjectsEx
GetSysColorBrush
SendMessageA
ReleaseDC
GetKeyboardLayoutList
GetDesktopWindow
GetMessageExtraInfo
EnumWindows
TrackMouseEvent
SetWindowRgn
PostMessageW
MapVirtualKeyW
GetClipboardFormatNameW
TrackPopupMenuEx
SetWindowPos
BeginPaint
SetCapture
NotifyWinEvent
IsChild

kernel32

GetSystemDirectoryW
GetCPInfo
DeleteFileW
HeapSize
TlsSetValue
FindFirstFileW
lstrlenA
GetFileType
HeapFree
GetFileSizeEx
DeleteCriticalSection
FreeLibraryAndExitThread
GetDateFormatW
ExpandEnvironmentStringsW
CreateSemaphoreW
LoadLibraryA
OutputDebugStringW
TerminateProcess
GetCommandLineA
FindClose
GetFileAttributesW
EncodePointer
GetModuleFileNameA
CreateThread
FindCloseChangeNotification
GetFileAttributesExW
GlobalLock
GetConsoleWindow
SetEnvironmentVariableA
IsDebuggerPresent
GetThreadPriority
SetStdHandle
ExitThread
MapViewOfFile
GlobalAlloc
GetProcAddress
SwitchToThread
GetModuleFileNameW
SetEvent
GetLocalTime
GetModuleHandleExW
UnmapViewOfFile
VerifyVersionInfoW
MoveFileExW
InitializeSListHead
SleepEx
GlobalUnlock
WriteFile
AcquireSRWLockExclusive
ReadConsoleW
GetModuleHandleW
TlsAlloc
GetModuleHandleA
MultiByteToWideChar
FlushFileBuffers
TerminateThread
HeapReAlloc
CreateProcessW
GetTempPathW
RemoveDirectoryW
CreateFileMappingW
WaitForMultipleObjects
lstrcmpW
DeviceIoControl
ExitProcess
GetTimeZoneInformation
WideCharToMultiByte
GetCurrentThread
CheckRemoteDebuggerPresent
CreateMutexW
FreeLibrary
LCMapStringW
SetEndOfFile
RtlUnwind
TlsGetValue
VirtualFree
ResumeThread
FindNextFileA
lstrcatA
SetThreadPriority
SetLastError
GetStartupInfoW
CompareStringW
FindFirstFileExW
FindNextChangeNotification
HeapAlloc
IsValidLanguageGroup
LocalFree
GetLastError
GetUserGeoID
GetEnvironmentStringsW
InitializeCriticalSectionEx
GetCurrencyFormatW
WaitForSingleObjectEx
GetConsoleCP
ReleaseMutex
EnumSystemLocalesW
GetTickCount64
LeaveCriticalSection
CreateEventW
GetUserDefaultLCID
GetDriveTypeW
DecodePointer
GetLogicalDrives
CreateDirectoryW
DuplicateHandle
QueryPerformanceFrequency
CopyFileW
GetACP
GetUserDefaultUILanguage
GetCurrentProcessId
LoadLibraryExW
GetFileSize
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
ReleaseSemaphore
GlobalSize
GetEnvironmentVariableA
ResetEvent
RaiseException
IsProcessorFeaturePresent
FindFirstChangeNotificationW
VirtualQuery
EnterCriticalSection
GetStdHandle
GetGeoInfoW
ReadFile
OpenFileMappingW
GetCommandLineW
GetVolumeInformationW
IsValidCodePage
GetStringTypeW
FreeEnvironmentStringsW
GetCurrentDirectoryW
VirtualAlloc
SetFilePointerEx
IsValidLocale
InitializeCriticalSection
Sleep
TlsFree
GetUserDefaultLangID
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentThreadId
GetLongPathNameW
SetUnhandledExceptionFilter
GetCurrentProcess
GetTickCount
SetErrorMode
PeekNamedPipe
ReleaseSRWLockExclusive
GetTimeFormatW
FileTimeToSystemTime
FindNextFileW
SetFileAttributesW
GetOEMCP
InitializeCriticalSectionAndSpinCount
OpenProcess
GetSystemInfo
GetFileInformationByHandle
CreateFileW
VerSetConditionMask
GetProcessHeap
GetConsoleMode
FindFirstFileExA
GetSystemTime
QueryPerformanceCounter
GetFullPathNameW
FormatMessageW
GetLocaleInfoW
LoadLibraryW
WriteConsoleW
CloseHandle
MoveFileW

bcrypt

BCryptGenRandom

ws2_32

bind
recv
WSAGetLastError
closesocket
WSAIoctl
WSAWaitForMultipleEvents
WSACreateEvent
connect
WSAEventSelect
WSAEnumNetworkEvents
send
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
getpeername
getsockname
getsockopt
ioctlsocket
htons
ntohs
setsockopt
socket
WSASetLastError
WSACloseEvent
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSAResetEvent

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
PFXImportCertStore
CertFindCertificateInStore
CertFindExtension
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetNameStringW
CertCloseStore
CertGetCertificateChain
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryW
CryptQueryObject
CertFreeCertificateChain

wldap32

ord46
ord14
ord216
ord73
ord208
ord41
ord219
ord26
ord27
ord127
ord167
ord142
ord79
ord117
ord145
ord133
ord147
ord301

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7526d007573d06ca5a8177185486e338

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

3a:5b:87:e9:54:1c:b1:01:c5:15:c2:af:5d:88:cb:78Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

31:7c:a1:72:ec:80:02:9e:50:72:24:e9:39:44:e9:b3:bd:d1:f1:fd:d3:5b:f6:4a:cf:ba:3d:71:d0:25:e5:5cSigner

Signature Validations

Verification

15/12/2022, 14:00 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

imm32

winmm

oleaut32

shell32

advapi32

user32

kernel32

bcrypt

ws2_32

crypt32

wldap32

Sections

.text Size: 10.3MB - Virtual size: 10.3MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 54KB - Virtual size: 85KB

.qtmetad Size: 1024B - Virtual size: 588B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 217KB - Virtual size: 216KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

3a:5b:87:e9:54:1c:b1:01:c5:15:c2:af:5d:88:cb:78
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

31:7c:a1:72:ec:80:02:9e:50:72:24:e9:39:44:e9:b3:bd:d1:f1:fd:d3:5b:f6:4a:cf:ba:3d:71:d0:25:e5:5c
Signer

15/12/2022, 14:00
Valid: true

.text
Size: 10.3MB - Virtual size: 10.3MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 54KB - Virtual size: 85KB

.qtmetad
Size: 1024B - Virtual size: 588B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 217KB - Virtual size: 216KB