Setup_Win_08-02-2023_20-12-06[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Setup_Win_08-02-2023_20-12-06.rar
Size

310KB
MD5

632df9c4d8152f2f9cc0273f09e7a07d
SHA1

f78c81b4fa54183832b5348bc642f9820025ecc9
SHA256

c865304f9b8be2b06f88a6efb884cb9d752d7efcae3b32e8c6c15b79da0cf111
SHA512

394e5429df05ca4043127795c0c04da2c33c71eaed1785fc3bef0b2f5080b5001c60b7b945dc2d7a9b6bc5b883eee41e718640fb2ed6fdac9073966ff2b27f47
SSDEEP

6144:4FZB82bygH2E0ridSFxEjKx9HwzdMDHJQSCMrRu/s5LxVi:4F382OfLudSTEOxxwODHJRuSM

Score

1^/10

Malware Config

Signatures

Files

Setup_Win_08-02-2023_20-12-06.rar
.exe windows x64

f435ac23dcdf49a3fd1c9f857034dd85

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:43:cf:38:d5:fd:26:85:88:30:82:66:32:be:9f:da
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

31/10/2022, 16:01

Not After

31/10/2023, 15:58

Subject

SERIALNUMBER=NV20222585426,CN=DIGI CORP MEDIA LLC,O=DIGI CORP MEDIA LLC,L=Henderson,ST=Nevada,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31/05/2017, 18:14

Not After

30/05/2042, 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:73:bd:c7:0c:55:aa:16:91:1c:67:d6:d3:13:06:65:56:8e:fd:28
Signer

Actual PE Digest

d6:73:bd:c7:0c:55:aa:16:91:1c:67:d6:d3:13:06:65:56:8e:fd:28

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=NV20222585426,CN=DIGI CORP MEDIA LLC,O=DIGI CORP MEDIA LLC,L=Henderson,ST=Nevada,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/01/0001, 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ExitProcess
Sleep
HeapReAlloc
RtlPcToFileHeader
RaiseException
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
RtlUnwindEx
RtlLookupFunctionEntry
SetErrorMode
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleW
WritePrivateProfileStringA
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetCurrentProcessId
GetModuleFileNameA
GetProfileIntA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetTickCount
SizeofResource

user32

DestroyMenu
UnregisterClassA
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
GetMessageA
ReleaseCapture
SetCursor
LoadCursorA
SetCapture
GetDCEx
InflateRect
SetRectEmpty
SetRect
GetCursorPos
WindowFromPoint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
DestroyWindow
GetWindowLongPtrA
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextA
GetFocus
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
CopyRect
SetWindowRgn
GetWindowRect
GetClientRect
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetSysColor
EndPaint
SetWindowLongPtrA
InvalidateRect
GetParent
EnableWindow
GetWindowLongA
SendMessageA
IsWindow
LoadImageA
SetActiveWindow
MessageBoxW
MessageBoxA
DrawIcon
IsIconic
UpdateWindow
LoadIconA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetSystemMetrics
LoadBitmapA
BeginPaint
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetMessageTime

gdi32

ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
SetViewportExtEx
CreatePen
PatBlt
CreateRectRgnIndirect
SetRectRgn
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
SelectClipRgn
GetObjectA
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetDIBitsToDevice
StretchDIBits
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDIBColorTable
BitBlt
DPtoLP
RealizePalette
GetDeviceCaps
CreateEllipticRgn
CreateHalftonePalette
CreatePalette
CreateCompatibleBitmap
CombineRgn
GetPixel
StretchBlt
CreateCompatibleDC
CreateRectRgn

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f435ac23dcdf49a3fd1c9f857034dd85

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

51:43:cf:38:d5:fd:26:85:88:30:82:66:32:be:9f:daCertificate

Extended Key Usages

Key Usages

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

d6:73:bd:c7:0c:55:aa:16:91:1c:67:d6:d3:13:06:65:56:8e:fd:28Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 11KB - Virtual size: 98KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 35KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

51:43:cf:38:d5:fd:26:85:88:30:82:66:32:be:9f:da
Certificate

56:b6:29:cd:34:bc:78:f6
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

d6:73:bd:c7:0c:55:aa:16:91:1c:67:d6:d3:13:06:65:56:8e:fd:28
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 11KB - Virtual size: 98KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 35KB