Setup[.]malware

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.malware
Size

4.4MB
MD5

994dd38c74432319be37cbf04ef7c755
SHA1

f12b3a616717e260d65dff35a8ea3a46b11914c1
SHA256

2bd3dd9ef56f8d8f47a4bda37c0a380c581249354b959bae59b8ef9115616ef0
SHA512

14e008baff2c3c39bab548fd8cb467263c16f71808b038820a5871bbb1a4d231f77d8875646bc47f6e58236ac1d3f644ceaa63c051d309bcbfc503b027dd58ff
SSDEEP

98304:ffmbDLrFBC6BCoO8l7+MS3IT+V6hn8ZVe6VT/R82cnq:fef/FBCqC5hN3IT+cn8rVT/inq

Score

N/A

Malware Config

Signatures

Files

Setup.malware
.exe windows x86

92abf5ad90fc2838b3b0b9a065cff363

Code Sign

97:2f:ad:a2:bc:13:fa:55:c5:d4:7f:ef:56:ae:e0:f4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/05/2019, 00:00

Not After

23/05/2023, 23:59

Subject

CN=Sublime HQ Pty Ltd,O=Sublime HQ Pty Ltd,POSTALCODE=2028,STREET=377 New South Head Rd+STREET=Suite 102,L=Doubte Bay,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:3b:e2:38:46:e5:34:95:65:d6:20:a9:ce:1b:22:3a:d7:ee:1f:89:6f:7e:b2:6f:16:30:f3:4d:82:db:70:db
Signer

Actual PE Digest

50:3b:e2:38:46:e5:34:95:65:d6:20:a9:ce:1b:22:3a:d7:ee:1f:89:6f:7e:b2:6f:16:30:f3:4d:82:db:70:db

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Sublime HQ Pty Ltd,O=Sublime HQ Pty Ltd,POSTALCODE=2028,STREET=377 New South Head Rd+STREET=Suite 102,L=Doubte Bay,ST=NSW,C=AU

15/12/2022, 13:55
Valid: true

Chain 1

CN=Sublime HQ Pty Ltd,O=Sublime HQ Pty Ltd,POSTALCODE=2028,STREET=377 New South Head Rd+STREET=Suite 102,L=Doubte Bay,ST=NSW,C=AU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowA

Sections

UI3Ft
Size: - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vbXaHEb
Size: - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

E6HYta
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

miHBa
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iVDKoc
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

eN5n1q
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

93Iqta
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WNeR1q
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

k3xaD0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

mbw9>$
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aQlb{T
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92abf5ad90fc2838b3b0b9a065cff363

Code Sign

97:2f:ad:a2:bc:13:fa:55:c5:d4:7f:ef:56:ae:e0:f4Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

50:3b:e2:38:46:e5:34:95:65:d6:20:a9:ce:1b:22:3a:d7:ee:1f:89:6f:7e:b2:6f:16:30:f3:4d:82:db:70:dbSigner

Signature Validations

Verification

15/12/2022, 13:55 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

UI3Ft Size: - Virtual size: 145KB

vbXaHEb Size: - Virtual size: 923KB

E6HYta Size: - Virtual size: 124KB

miHBa Size: - Virtual size: 7KB

iVDKoc Size: - Virtual size: 11KB

eN5n1q Size: - Virtual size: 16KB

93Iqta Size: - Virtual size: 4KB

WNeR1q Size: - Virtual size: 2.0MB

k3xaD0 Size: - Virtual size: 1.6MB

mbw9>$ Size: 512B - Virtual size: 436B

aQlb{T Size: 4.4MB - Virtual size: 4.4MB

97:2f:ad:a2:bc:13:fa:55:c5:d4:7f:ef:56:ae:e0:f4
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

50:3b:e2:38:46:e5:34:95:65:d6:20:a9:ce:1b:22:3a:d7:ee:1f:89:6f:7e:b2:6f:16:30:f3:4d:82:db:70:db
Signer

15/12/2022, 13:55
Valid: true

UI3Ft
Size: - Virtual size: 145KB

vbXaHEb
Size: - Virtual size: 923KB

E6HYta
Size: - Virtual size: 124KB

miHBa
Size: - Virtual size: 7KB

iVDKoc
Size: - Virtual size: 11KB

eN5n1q
Size: - Virtual size: 16KB

93Iqta
Size: - Virtual size: 4KB

WNeR1q
Size: - Virtual size: 2.0MB

k3xaD0
Size: - Virtual size: 1.6MB

mbw9>$
Size: 512B - Virtual size: 436B

aQlb{T
Size: 4.4MB - Virtual size: 4.4MB