SetupRST[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SetupRST.exe
Size

17.1MB
MD5

27f2e06b90421ae6091f6285976414a4
SHA1

a032085f8270acc2529322227c76b88f597a993a
SHA256

41b9bd7303fadbe1f9684610387384865889d2a348524376693924c52dcf29a5
SHA512

6db96ddad3c7844b9f2e82161f03573bd55994df82f94644388730200390b0f5daa80643a0e85d20509f82d494417b0d55ca36ac4e73096bd68a61775cffa443
SSDEEP

393216:twMYcDmydyWgXnmZvdWk6CVbMVRfG/LY3uziaymBlnMPLuHDE0QbR6:d7gW96Wg0zYOiajcPWDkt6

Score

1^/10

Malware Config

Signatures

Files

SetupRST.exe
.exe windows x86

ba54ceb3e46d3c8b0ddd776440009945

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-08-2013 20:26

Not After

15-08-2023 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

19-06-2014 18:09

Not After

03-06-2017 18:09

Subject

CN=Intel Corporation - pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08-02-2013 22:21

Not After

08-02-2018 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01-02-2013 00:00

Not After

30-05-2020 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-05-2015 00:00

Not After

31-12-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:a4:e9:0b:62:51:82:83:22:41:5f:ff:1d:ec:c8:51:8e:67:fd:75
Signer

Actual PE Digest

9d:a4:e9:0b:62:51:82:83:22:41:5f:ff:1d:ec:c8:51:8e:67:fd:75

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation - pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

01-06-2015 22:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetTickCount
CreateFileW
SetFilePointer
GetLocalTime
WriteFile
CloseHandle
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
MoveFileW
MoveFileExW
ExpandEnvironmentStringsW
GetFileSize
ReadFile
SizeofResource
GetFileAttributesW
IsWow64Process
GetCurrentProcess
MultiByteToWideChar
CreateProcessW
GetExitCodeProcess
GetCurrentDirectoryW
GetDriveTypeW
GetProcAddress
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
OpenMutexW
ReleaseMutex
CreateMutexW
MulDiv
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetSystemTimeAsFileTime
LoadLibraryExW
QueryPerformanceCounter
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
RaiseException
HeapAlloc
CreateThread
GetCurrentThreadId
ExitThread
HeapFree
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetTempFileNameW
GetTempPathW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetLocaleInfoW
FreeLibrary
EnumResourceLanguagesW
GetSystemPowerStatus
GetVersionExW
GetEnvironmentVariableW
WaitForSingleObject
GetCommandLineW
GetVersion
LoadLibraryW
LoadLibraryA
DeleteFileW
RemoveDirectoryW
GetLastError
CopyFileW
SetFileAttributesW
GetModuleFileNameW
LocalAlloc
lstrlenW
InterlockedDecrement
LocalFree
FormatMessageW
ExitProcess
LockResource
LoadResource
GetModuleHandleW
FindResourceW
GetStringTypeW
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetCurrentProcessId

user32

InflateRect
SetClassLongW
MapDialogRect
OffsetRect
ShowWindow
AdjustWindowRectEx
SetRectEmpty
ExitWindowsEx
LoadCursorW
SetCursor
SetFocus
PostMessageW
CopyRect
MapWindowPoints
GetSystemMetrics
GetClassNameW
ReleaseDC
DrawTextW
GetDC
GetWindowTextLengthW
LoadStringW
MessageBoxW
MoveWindow
wsprintfW
MessageBoxIndirectW
FillRect
SetRect
GetWindowLongW
EnableWindow
LoadImageW
SetDlgItemTextW
InvalidateRect
GetParent
CreateWindowExW
EndDialog
SetWindowTextW
GetWindowTextW
GetWindow
GetDlgItem
GetClientRect
SetWindowPos
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
SetWindowLongW
CreateDialogIndirectParamW
SendMessageW
CallWindowProcW

gdi32

GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
DeleteDC
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
SetBkMode
SetTextColor
GetObjectW
CreateFontW
GetStockObject

advapi32

LookupPrivilegeValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegDeleteKeyW
AdjustTokenPrivileges
RegOpenKeyExW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderLocation

ole32

OleRun
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathGetCharTypeW
PathSkipRootW
PathStripToRootW
PathCombineW
PathIsRelativeW
PathMatchSpecW
PathFileExistsW
PathRemoveArgsW
PathGetArgsW
PathRemoveFileSpecW
PathQuoteSpacesW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathAppendW
PathIsUNCW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupCloseInfFile
SetupFindFirstLineW
SetupFindNextLine
SetupGetStringFieldW
SetupGetLineTextW

cabinet

ord23
ord22
ord20

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba54ceb3e46d3c8b0ddd776440009945

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35Certificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

9d:a4:e9:0b:62:51:82:83:22:41:5f:ff:1d:ec:c8:51:8e:67:fd:75Signer

Signature Validations

Verification

01-06-2015 22:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

cabinet

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 16.7MB - Virtual size: 16.7MB

.reloc Size: 22KB - Virtual size: 21KB

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

9d:a4:e9:0b:62:51:82:83:22:41:5f:ff:1d:ec:c8:51:8e:67:fd:75
Signer

01-06-2015 22:13
Valid: false

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

.reloc
Size: 22KB - Virtual size: 21KB