Setup[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe.7z
Size

3.3MB
MD5

b74aa8cf93a39f85acbfa6e3094102e9
SHA1

465b1447ce3588340d324f531cc7b837e6ceb5fa
SHA256

73c70ca3b480c917d45cd202fea01978e3e2141ef0b3bc864e5988a777d901f9
SHA512

392cf15ae54a6d1d0de182678fdcd8cb88ada5a7922adcae467a09ce8a439e001298e6b7dd79d9610c4366f5f441ddbd37fb96f0e22afab750d820baf3a52b7a
SSDEEP

98304:v4tsiBqb4QCtcEszAkEHrwP8P6t/fBsYcp+:vIsiBqbbEkEE0P4fBJ+

Score

N/A

Malware Config

Signatures

Files

Setup.exe.7z
.7z

Password: infected
Setup.exe
.exe windows x86

Password: infected

9a8be3c04e85261295d480d4c6631e13

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05/12/2017, 11:59

Not After

05/12/2020, 11:59

Subject

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05/12/2017, 11:59

Not After

05/12/2020, 11:59

Subject

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:86:87:38:57:bf:8f:8c:2c:bd:d4:33:7c:0e:ea:61:7e:7b:e9:64:04:4a:e5:47:0d:d0:d9:8b:c1:a6:ec:89
Signer

Actual PE Digest

14:86:87:38:57:bf:8f:8c:2c:bd:d4:33:7c:0e:ea:61:7e:7b:e9:64:04:4a:e5:47:0d:d0:d9:8b:c1:a6:ec:89

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

09/03/2020, 05:40
Valid: true

Chain 1

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

d1:7b:11:62:94:8f:fe:72:51:d8:52:26:9d:7b:d1:56:22:dc:87:5f
Signer

Actual PE Digest

d1:7b:11:62:94:8f:fe:72:51:d8:52:26:9d:7b:d1:56:22:dc:87:5f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

09/03/2020, 05:40
Valid: true

Chain 1

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

GetDesktopWindow

advapi32

GetUserNameA

shell32

SHGetIconOverlayIndexA

gdiplus

GdiplusStartup

crypt32

CryptUnprotectData

comctl32

DPA_Create

shlwapi

PathMatchSpecA

Sections

.data
Size: - Virtual size: 6.5MB

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2.4MB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9a8be3c04e85261295d480d4c6631e13

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25Certificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

14:86:87:38:57:bf:8f:8c:2c:bd:d4:33:7c:0e:ea:61:7e:7b:e9:64:04:4a:e5:47:0d:d0:d9:8b:c1:a6:ec:89Signer

Signature Validations

Verification

09/03/2020, 05:40 Valid: true

Chain 1

d1:7b:11:62:94:8f:fe:72:51:d8:52:26:9d:7b:d1:56:22:dc:87:5fSigner

Signature Validations

Verification

09/03/2020, 05:40 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

gdiplus

crypt32

comctl32

shlwapi

Sections

.data Size: - Virtual size: 6.5MB

.reloc Size: 1024B - Virtual size: 4KB

.rsrc Size: 832KB - Virtual size: 3.9MB

.gfids Size: 94KB - Virtual size: 96KB

BSS Size: 2.4MB - Virtual size:

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

14:86:87:38:57:bf:8f:8c:2c:bd:d4:33:7c:0e:ea:61:7e:7b:e9:64:04:4a:e5:47:0d:d0:d9:8b:c1:a6:ec:89
Signer

09/03/2020, 05:40
Valid: true

d1:7b:11:62:94:8f:fe:72:51:d8:52:26:9d:7b:d1:56:22:dc:87:5f
Signer

09/03/2020, 05:40
Valid: true

.data
Size: - Virtual size: 6.5MB

.reloc
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 832KB - Virtual size: 3.9MB

.gfids
Size: 94KB - Virtual size: 96KB

BSS
Size: 2.4MB - Virtual size: