[Word]Setup64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

[Word]Setup64.exe
Size

6.9MB
MD5

c1b3db41da3ef667d65f51c0c346f33e
SHA1

f77b3e067a7226a5b1850e66efe1ce96e45d65c4
SHA256

98aecd58f6488ade62a02749b567417525cf6ae93137956fb52eb23f9e7e10c4
SHA512

13096df6255b754da8c06c0a0c0a3c3d2eb91ab17d43f84db6819a358076071c2c062ac24e52774631023fdca5673b27037aa70d0821b7945580c3af58b2c4b6
SSDEEP

49152:13u73TdbCEYC3vX5m+aX+BZzIDQG/OPmeoOBaklSNhbX1coVbL3y3+S7Curk9OvG:IYNi4dU+fuBnOewY2sVq

Score

1^/10

Malware Config

Signatures

Files

[Word]Setup64.exe
.exe windows x64

00f0c67b5d441c1e0cbe9be2dcebe03b

Code Sign

33:00:00:00:c0:de:2c:3d:07:94:e4:49:79:00:00:00:00:00:c0
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:7AB5-2DF2-DA3F,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:00:92:af:d5:91:7a:9e:4f:43:2a:6d:a3:58:1c:ab
Certificate

Issuer

CN=C2RBootStrapperData

Not Before

24/05/2016, 23:39

Not After

31/12/2039, 23:59

Subject

CN=C2RBootStrapperData

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84
Signer

Actual PE Digest

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=C2RBootStrapperData

09/03/2023, 18:52
Valid: false

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84
Signer

Actual PE Digest

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2018, 03:16
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegCreateKeyExW
CryptAcquireContextW
CryptReleaseContext
EventWrite
EventWriteTransfer
EventRegister
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteTreeW
RegGetValueW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CreateWellKnownSid
EqualSid
FreeSid
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
RevertToSelf
LookupAccountNameW
ConvertSidToStringSidW
OpenThreadToken
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatusEx
SetServiceObjectSecurity
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
CheckTokenMembership
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidA
CredWriteW
CreateProcessAsUserW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegNotifyChangeKeyValue
RegDeleteValueA
RegEnumValueA
RegSetKeySecurity

kernel32

GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
CloseHandle
DeviceIoControl
GetWindowsDirectoryW
GetModuleHandleA
GetProcAddress
CopyFileW
MoveFileExW
AreFileApisANSI
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Sleep
FreeLibrary
GetStringTypeExW
LCMapStringW
GetUserDefaultLCID
LocalFree
FormatMessageA
GetCurrentThreadId
FlsGetValue
FlsSetValue
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount64
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatusEx
K32GetProcessMemoryInfo
RaiseException
GetModuleHandleW
GetStringTypeW
VerSetConditionMask
LoadLibraryExW
VerifyVersionInfoW
GetVersionExW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TerminateProcess
CreateProcessW
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
LoadResource
SizeofResource
FindResourceW
GetCurrentProcessId
OpenProcess
SetLastError
IsValidCodePage
GetUserDefaultLocaleName
GetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetCPInfoExW
SetErrorMode
GetComputerNameW
GetSystemDirectoryW
GetLogicalProcessorInformation
GetNativeSystemInfo
MulDiv
FormatMessageW
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjectsEx
CreateEventExW
OutputDebugStringA
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
ReleaseSemaphore
WaitForSingleObjectEx
GetDiskFreeSpaceExW
TryEnterCriticalSection
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetTempPathW
GetLongPathNameW
ReleaseMutex
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
CompareFileTime
GetCommandLineW
ExpandEnvironmentStringsW
GlobalFree
ProcessIdToSessionId
WaitForMultipleObjects
GetExitCodeThread
SignalObjectAndWait
GetProcessAffinityMask
SetWaitableTimerEx
CancelWaitableTimer
CreateWaitableTimerW
GetFileSizeEx
GetTempFileNameW
ReadFile
HeapFree
GetProcessHeap
GetTickCount
FindNextFileW
FindFirstFileExW
lstrcmpW
GetFileType
WriteFile
GetOverlappedResult
SetFileInformationByHandle
GetFileInformationByHandleEx
GetDriveTypeW
CreateMutexW
CreateMutexA
CreateEventA
OpenEventA
OpenMutexA
CreateSemaphoreA
OpenSemaphoreA
OpenFileMappingA
GlobalAlloc
HeapAlloc
LocalAlloc
DeleteFileA
GetTempPathA
GetExitCodeProcess
GetPriorityClass
GetTimeZoneInformation
IsValidLocale
ResetEvent
GetSystemInfo
VirtualProtectEx
LockResource
FlushFileBuffers
CancelIoEx
GetLocaleInfoEx
LCIDToLocaleName
LocaleNameToLCID
LCMapStringEx
GetSystemDefaultLCID
ResolveLocaleName
GetSystemDefaultLocaleName
EnumSystemLocalesEx
GetDateFormatEx
GetCalendarInfoEx
GetThreadUILanguage
QueryFullProcessImageNameW
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
IsProcessorFeaturePresent
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetThreadIOPendingFlag
RtlCaptureStackBackTrace
IsDebuggerPresent
CreateMemoryResourceNotification
QueryUnbiasedInterruptTime
IsSystemResumeAutomatic
GetSystemPowerStatus
OutputDebugStringW
RtlCaptureContext
VirtualAlloc
VirtualFree
GetLocaleInfoW
GetACP
GetUserPreferredUILanguages
GetUserGeoID
GetProductInfo
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetThreadTimes
GetCurrentThread
GetProcessTimes
GetSystemTimeAsFileTime
LoadLibraryExA
VirtualQuery
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
SetStdHandle
EnumSystemLocalesW
ExitProcess
HeapReAlloc
HeapSize
GetConsoleCP
ReadConsoleW
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GetModuleFileNameW
CompareStringEx
SetThreadPriority
SwitchToThread
CreateTimerQueue
InterlockedFlushSList
RtlUnwindEx
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlPcToFileHeader
DuplicateHandle
GetFileAttributesExW
GetFileAttributesW
IsWow64Process
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
FlsFree
FlsAlloc
GetThreadLocale
GetLastError
GetSystemPreferredUILanguages
GetTimeFormatW
GetDateFormatW
OpenThread
lstrcmpA
WriteConsoleW
AttachConsole
FreeConsole
AllocConsole
GetStdHandle
DecodePointer
QueryDepthSList
GetLocalTime

ole32

CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
CoTaskMemAlloc
IIDFromString
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear

cabinet

ord13
ord14
ord10

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

setupapi

SetupIterateCabinetW

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSAStartup

iphlpapi

FreeMibTable
CreateSortedAddressPairs

gdi32

DeleteObject
GetDeviceCaps
CreateSolidBrush
GetStockObject
SetBkColor
SetTextColor
CreateFontW
CreatePen
Rectangle
SelectObject
SetDCPenColor
GetTextMetricsW
GetTextExtentPoint32W
SetDCBrushColor

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipFree
GdipAlloc
GdiplusStartup
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageGraphicsContext

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 559KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00f0c67b5d441c1e0cbe9be2dcebe03b

Code Sign

33:00:00:00:c0:de:2c:3d:07:94:e4:49:79:00:00:00:00:00:c0Certificate

Extended Key Usages

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

32:00:92:af:d5:91:7a:9e:4f:43:2a:6d:a3:58:1c:abCertificate

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84Signer

Signature Validations

Verification

09/03/2023, 18:52 Valid: false

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84Signer

Signature Validations

Verification

27/02/2018, 03:16 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

cabinet

wintrust

setupapi

ws2_32

iphlpapi

gdi32

gdiplus

rpcrt4

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 129KB - Virtual size: 349KB

.pdata Size: 190KB - Virtual size: 190KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 559KB - Virtual size: 560KB

.reloc Size: 218KB - Virtual size: 218KB

33:00:00:00:c0:de:2c:3d:07:94:e4:49:79:00:00:00:00:00:c0
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

32:00:92:af:d5:91:7a:9e:4f:43:2a:6d:a3:58:1c:ab
Certificate

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84
Signer

09/03/2023, 18:52
Valid: false

4e:23:b2:dc:f1:d7:d2:0b:83:1b:71:fb:8c:fb:5d:75:02:cf:7c:84
Signer

27/02/2018, 03:16
Valid: false

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 129KB - Virtual size: 349KB

.pdata
Size: 190KB - Virtual size: 190KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 559KB - Virtual size: 560KB

.reloc
Size: 218KB - Virtual size: 218KB