SETUP[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SETUP.EXE
Size

1.1MB
MD5

84468268dcba3ee138ad0a502f4f4823
SHA1

e0bbe75d0e5237a12e182fafc9a2fd04153eb8c3
SHA256

5a3a1faf2a3f2bdcaa5b5c6e0d6aa017111c6eaead9a3a814e21323bb17b811c
SHA512

43f533cc214e61b81db386e047a70f0f05ea52510b500461db9c7e1b70de92c948d36f31f746daabae9aa3190b8dfbfc90997a4b49b9579d8065ac99292a391d
SSDEEP

24576:AIRtV6lKrPFxmls7Qvj2bYk9sjtI+0WcA35eTzVoMCJKz+amjOS+DzQnzQ/hetSJ:A/4ral0sPeTZFaSD

Score

N/A

Malware Config

Signatures

Files

SETUP.EXE
.exe windows x86

de7df5aa12d8badbf6ec7990246eac35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
closesocket
WSACleanup
getsockname
WSAAsyncSelect
connect
inet_addr
htons
socket
gethostbyname
gethostname
WSACancelAsyncRequest
ntohs
WSAAsyncGetHostByName
shutdown
WSAStartup
bind
listen
accept
send
recv

winspool.drv

DeviceCapabilitiesA

ole32

OleInitialize
CoInitialize
CoCreateInstance
ReleaseStgMedium
OleUninitialize
CoUninitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoCreateGuid
DoDragDrop

rpcrt4

RpcStringFreeA
UuidToStringA

winmm

timeGetTime

comdlg32

PrintDlgA
GetOpenFileNameA
PageSetupDlgA
CommDlgExtendedError
GetSaveFileNameA

kernel32

IsBadReadPtr
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
GetModuleHandleA
GetLocalTime
MulDiv
GetModuleFileNameA
GlobalMemoryStatus
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetCommandLineA
GetStartupInfoA
GlobalAlloc
GlobalSize
GetLocaleInfoA
LocalFileTimeToFileTime
SystemTimeToFileTime
GlobalFree
GlobalReAlloc
GetDriveTypeA
GetDiskFreeSpaceA
CreateDirectoryA
CompareStringW
CompareStringA
GlobalLock
GlobalUnlock
FlushFileBuffers
FindClose
FindFirstFileA
GetTempPathA
SetLastError
SetErrorMode
FindNextFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetOEMCP
GetUserDefaultLCID
lstrcmpA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
SetFileTime
CloseHandle
lstrlenA
GetVersionExA
WinExec
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
IsBadCodePtr
GetVersion
GetFileType
SetHandleCount
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetCurrentProcessId
VirtualAlloc
IsBadWritePtr
IsValidLocale
HeapSize
GetCPInfo
SetUnhandledExceptionFilter
IsValidCodePage
EnumSystemLocalesA
DeleteFileA
SetCurrentDirectoryA
HeapAlloc
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetACP
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetFileAttributesA
SetStdHandle
GetFileAttributesA
MoveFileA
RemoveDirectoryA
HeapFree
TerminateProcess
ExitProcess
GetCurrentProcess
GetCurrentDirectoryA
GetFullPathNameA
RaiseException
GetTimeZoneInformation
RtlUnwind
GetSystemTime

user32

ScreenToClient
CreatePopupMenu
AppendMenuA
TrackPopupMenu
ReleaseDC
GetClipboardFormatNameA
GetClassLongA
SetCursor
SetClassLongA
GetParent
DestroyMenu
GetDC
SystemParametersInfoA
TranslateAcceleratorA
PeekMessageA
SetClipboardData
RegisterClipboardFormatA
EnumClipboardFormats
OpenClipboard
CloseClipboard
FrameRect
FillRect
DrawTextExA
GetForegroundWindow
SetForegroundWindow
DestroyAcceleratorTable
GetSystemMetrics
SetWindowLongA
ShowWindow
GetDlgItem
ShowCursor
GetDesktopWindow
MessageBoxA
GetWindowRect
MoveWindow
UpdateWindow
GetLastActivePopup
GetMessageA
IsIconic
LoadIconA
RegisterClassA
CreateWindowExA
WinHelpA
TranslateMessage
DispatchMessageA
PostQuitMessage
GetAsyncKeyState
GetKeyboardState
GetMessageTime
ReleaseCapture
SetCapture
EndPaint
GetClientRect
BeginPaint
GetClipboardData
EmptyClipboard
SetWindowTextA
FindWindowA
SendMessageA
GetWindowLongA
InvalidateRect
SetWindowPos
LoadCursorA
DefWindowProcA

gdi32

SelectPalette
SelectObject
SetBkColor
DeleteDC
CreateDIBSection
DeleteObject
SetTextColor
SetBkMode
GetTextMetricsA
CreateSolidBrush
CreatePen
BitBlt
LineTo
GetDeviceCaps
GetStockObject
GetSystemPaletteEntries
CreatePalette
CreateFontA
StartDocA
StartPage
CreateDCA
EndDoc
AbortDoc
EndPage
StretchDIBits
SetStretchBltMode
SetAbortProc
MoveToEx
SetDIBColorTable
RealizePalette
CreateCompatibleDC

shell32

DragQueryPoint
DragQueryFileA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteA
DragFinish

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

phpbuild

?PPA_OpenPhoto@@YAHHPBD000H@Z
?PPA_CreateAlbum@@YAHPBDH0H@Z
?PPA_SaveFile@@YAHHPBD0@Z
?PPA_ClosePhoto@@YAXH@Z
?PPA_LaunchViewer@@YAHPBD@Z
?PPA_GetThemeIcon@@YAHPBDPADH@Z
?PPA_CloseAlbum@@YAXH@Z
?PPA_GetThemeInfo@@YAHPBDPAH1PADH@Z
?PPA_SaveAlbumInt@@YAXHHH@Z
?PPA_GetThemeName@@YAXPBDPADH@Z
?PPA_SaveAlbumString@@YAXHHPBD@Z

Sections

.text
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de7df5aa12d8badbf6ec7990246eac35

Headers

File Characteristics

Imports

ws2_32

winspool.drv

ole32

rpcrt4

winmm

comdlg32

kernel32

user32

gdi32

shell32

advapi32

version

phpbuild

Sections

.text Size: 964KB - Virtual size: 963KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 36KB - Virtual size: 74KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 964KB - Virtual size: 963KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 36KB - Virtual size: 74KB

.rsrc
Size: 8KB - Virtual size: 5KB