General

Malware Config

Signatures

Files

• Setup.exe

  .exe windows x86

  b5a3fed1fa478a521df07472d5a7b200

  
  

  Code Sign

  33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-05-2022 20:46

  Not After

  11-05-2023 20:46

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  86:bf:e3:6e:8f:0d:74:e0:6c:d2:ae:d3:96:7b:3d:65:57:f6:85:b0:d7:06:9e:c5:8f:fa:1c:2e:12:d8:b6:bf

  Signer

  Actual PE Digest

  86:bf:e3:6e:8f:0d:74:e0:6c:d2:ae:d3:96:7b:3d:65:57:f6:85:b0:d7:06:9e:c5:8f:fa:1c:2e:12:d8:b6:bf

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  20-02-2023 17:39

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  GetModuleHandleA

  AddAtomW

  FreeConsole

  HeapSize

  GetLocaleInfoA

  GetStringTypeW

  GetStringTypeA

  GetCommandLineA

  SetUnhandledExceptionFilter

  GetModuleHandleW

  Sleep

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetLastError

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  DeleteCriticalSection

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  HeapCreate

  VirtualFree

  HeapFree

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  LeaveCriticalSection

  EnterCriticalSection

  LoadLibraryA

  InitializeCriticalSectionAndSpinCount

  HeapAlloc

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  LCMapStringA

  MultiByteToWideChar

  LCMapStringW

  user32

  GetDlgItemTextA

  SendMessageA

  GetCursorPos

  TrackPopupMenu

  ClientToScreen

  DestroyMenu

  CreatePopupMenu

  AppendMenuA

  SendDlgItemMessageA

  GetDlgItem

  SetParent

  SetActiveWindow

  Sections

  .text

  Size: 60KB - Virtual size: 59KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 372KB - Virtual size: 375KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ