setup_wm[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

setup_wm.exe
Size

1.8MB
MD5

1cc0416605e4c934b3c52554ff3620a0
SHA1

481d926ca9bd70b135684447ee0881e8b79cf557
SHA256

593f5d2dfb14d2236e8007ffccc231542a91561f0dc1ef4660eb739c4ba8a0a3
SHA512

4d89d8c56fc0b6770fa00cc19b2644052e972ad92dd2d56be0d041cb4932d7074f5968b769d0f882d3b3f0fb8290aeb2c79ba5658ce838fea4d025b7db5f60d2
SSDEEP

12288:A2gGoDE9pPejrzXfI0CyguKGNL06gnHnkxGiSMhYQqLWNc0qpb0qD0xc:FlPeXzXbguvzgnHnkx7SMhYJLQq2qDF

Score

N/A

Malware Config

Signatures

Files

setup_wm.exe
.exe windows x64

4fc86763f6afef8ed1aae2fad7cd67d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegEnumValueW
RegDeleteValueW
EventUnregister
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExA
GetTokenInformation
RegOpenKeyExA
FreeSid
OpenProcessToken
ConvertStringSidToSidW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
EqualSid
InitiateShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
QueryServiceConfigW
StartServiceW
EnumDependentServicesW
ControlService
DeleteService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
GetSecurityInfo
LookupAccountSidW
GetLengthSid
AddAccessAllowedAceEx
SetSecurityInfo
InitializeAcl
AddAce
GetAce
GetAclInformation
RegEnumKeyW
TraceMessage

kernel32

LockResource
LoadResource
FindResourceW
GetModuleHandleExW
DebugBreak
GetModuleHandleA
GetUserDefaultLangID
GlobalLock
GlobalAlloc
ReadFile
DeleteFileA
lstrlenW
GetLongPathNameW
WritePrivateProfileStringW
GetComputerNameW
CompareStringW
Sleep
GetUserGeoID
GetUserDefaultLCID
GetTickCount
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetExitCodeProcess
GetFileTime
GetTempPath2W
WideCharToMultiByte
CopyFileW
CreateProcessW
MoveFileExW
SetCurrentDirectoryW
GetNumberFormatW
GetDiskFreeSpaceExW
FileTimeToSystemTime
GetFileAttributesA
GetTimeZoneInformation
SetFileAttributesW
GetVersionExW
GetFileAttributesW
GetLocaleInfoW
WaitForMultipleObjects
RemoveDirectoryW
GetShortPathNameW
ExpandEnvironmentStringsW
FindNextFileW
SetLastError
CreateDirectoryW
GetFileSize
GetLocalTime
GetWindowsDirectoryA
CreateFileA
GetTempPath2A
GetSystemDefaultLangID
SetFilePointer
WriteFile
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenA
TlsSetValue
OpenEventW
DeleteCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
LocalFree
GetProcAddress
LoadLibraryW
LocalAlloc
RegisterApplicationRestart
MoveFileW
MulDiv
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
HeapSetInformation
CreateThread
GetSystemInfo
CloseHandle
GlobalFree
DeleteFileW
GetLastError
GetSystemDirectoryW
ReleaseMutex
CreateFileW
FindClose
CreateMutexW
GetModuleFileNameW
GetCommandLineW
FindFirstFileW
GlobalUnlock

gdi32

GetTextFaceA
CreateCompatibleDC
PatBlt
ExtTextOutW
SelectObject
GetTextMetricsW
CreateFontA
CreateFontIndirectW
SetMapMode
CreateSolidBrush
DeleteObject
SetBkColor
GetObjectW
CreatePen
SetBkMode
SetTextColor
GetStockObject
DeleteDC

user32

SendDlgItemMessageW
DrawFocusRect
MapWindowPoints
IsDialogMessageW
SetTimer
DispatchMessageW
RegisterWindowMessageA
IsWindow
ShowWindow
LoadStringW
SetWindowTextW
GetSystemMetrics
SendMessageW
CreateWindowExW
LockSetForegroundWindow
SetWindowLongPtrW
CheckRadioButton
GetDpiForWindow
MessageBoxW
IsDlgButtonChecked
GetDC
GetSysColor
GetWindowRect
FindWindowExW
PostMessageW
GetSystemMenu
DefWindowProcW
CreateDialogParamW
GetMessageW
GetWindowLongW
ScrollWindow
GetActiveWindow
GetScrollInfo
SetScrollInfo
SetCursor
LoadCursorW
DestroyCursor
GetWindowLongPtrW
CallWindowProcW
PostThreadMessageW
PeekMessageW
SetFocus
TranslateMessage
SetThreadDpiAwarenessContext
MoveWindow
DestroyWindow
LoadIconW
FindWindowW
SetWindowLongW
GetClientRect
GetDlgItem
DrawTextW
KillTimer
PostQuitMessage
EnableMenuItem
SystemParametersInfoW
GetParent
UpdateWindow
CharNextW
LoadStringA
GetDesktopWindow
SetForegroundWindow
LoadImageW
InvalidateRect
ReleaseDC
BeginPaint
SetWindowPos
EnableWindow
EndPaint

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__itow
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__strlwr
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
_o__wtoi
_o__wtol
_o_calloc
_o_ceil
_o_exit
_o_free
_o_iswalnum
_o_malloc
_o_memcpy_s
_o_qsort
_o_strncpy_s
_o_terminate
_o_wcstok
_o_wcstol
__current_exception
__current_exception_context
_o__crt_atexit
_o__get_narrow_winmain_command_line
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
__C_specific_handler
wcsrchr
wcsstr
wcschr
memcpy
_o__exit
_o__endthread
_o__initialize_onexit_table
strrchr
strstr
_o__initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

wcspbrk
memset
strnlen

atl

ord32

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhCollectQueryData

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
SystemTimeToVariantTime
VariantInit
VariantTimeToSystemTime

comctl32

InitCommonControlsEx

shell32

SHGetMalloc
SHChangeNotify
CommandLineToArgvW
SetCurrentProcessExplicitAppUserModelID
SHGetSpecialFolderLocation
SHGetFolderLocation
ShellExecuteExW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteW

gdiplus

GdipCreateBitmapFromFile
GdipFree
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipImageRotateFlip
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

wininet

InternetCrackUrlW

setupapi

SetupFindNextLine
SetupCloseInfFile
SetupGetStringFieldW
SetupGetBinaryField
SetupGetLineTextW
SetupIterateCabinetA
SetupGetLineCountW
SetupFindFirstLineW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathAddBackslashW
PathAddBackslashA
PathFindExtensionW

crypt32

CertVerifyCertificateChainPolicy

userenv

LoadUserProfileW
UnloadUserProfile
ExpandEnvironmentStringsForUserW

secur32

GetUserNameExW

mfplat

MFGetSystemTime

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fc86763f6afef8ed1aae2fad7cd67d2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

atl

ntdll

pdh

ole32

oleaut32

comctl32

shell32

gdiplus

wininet

setupapi

wintrust

urlmon

shlwapi

crypt32

userenv

secur32

mfplat

version

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 4KB - Virtual size: 368B

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 4KB - Virtual size: 368B