Set-up[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Set-up.exe
Size

2.1MB
MD5

ac99addb4f8dd81182c6aa5f3226ed54
SHA1

f56b81689412188beac84fe43043f2e506c58dfd
SHA256

c2802a86bfbb37288f00d03425a60e0efd60db9ed113ff39c4e6df0efba66a5d
SHA512

61d9db7607513fa1c6f1b54eaf681da4f577fd86dc70eb1e8f9678911dace20aeabd2f52b1f21e18c314ba1d51aa5a91edaaa9d0bda9cb754b2150a386200a48
SSDEEP

49152:20GyGomcECfXEcJXgwRuFqWVmEPX9lcuqsI9Z7nhj5ofF2FF7:gyGgECfXEiRqqWVmEPX9lcf9xnhj5ofQ

Score

1^/10

Malware Config

Signatures

Files

Set-up.exe
.exe windows x86

cef7fe1891403cea86feb76a7a9d9664

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-12-2010 00:00

Not After

14-12-2012 23:59

Subject

CN=Adobe Systems Incorporated,OU=Information Systems+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:38:42:64:fa:80:9a:f1:c5:ef:12:a9:63:70:9b:3a:27:63:a8:96
Signer

Actual PE Digest

65:38:42:64:fa:80:9a:f1:c5:ef:12:a9:63:70:9b:3a:27:63:a8:96

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adobe Systems Incorporated,OU=Information Systems+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

04-04-2012 00:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ord17

kernel32

HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStringTypeW
LCMapStringW
VirtualQuery
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
CreateMutexW
WaitForSingleObject
IsDBCSLeadByteEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetUnhandledExceptionFilter
FreeConsole
Sleep
ReleaseSemaphore
GetLastError
GetSystemInfo
VirtualAlloc
CreateSemaphoreW
LocalAlloc
OpenSemaphoreW
HeapSize
HeapQueryInformation
ExitThread
ExitProcess
RaiseException
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleFileNameW
HeapFree
GetFileType
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
GetStartupInfoW
HeapSetInformation
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
SetErrorMode
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
lstrcmpiW
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetThreadLocale
lstrlenA
GlobalGetAtomNameW
GlobalFlags
InitializeCriticalSection
ReleaseActCtx
CreateActCtxW
GetTickCount
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpW
GlobalSize
GlobalAlloc
FormatMessageW
lstrlenW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
ActivateActCtx
DeactivateActCtx
FindNextFileW
FindClose
SetLastError
FlushFileBuffers
ReadFile
FindFirstFileW
GetFileSize
GetLocalTime
CreateFileW
GetTimeFormatW
WriteFile
CreateDirectoryW
SetFilePointer
GetDateFormatW
GetUserDefaultUILanguage
GetTempPathW
GetExitCodeProcess
GetVersionExW
GetUserDefaultLangID
CreateProcessW
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
CreateThread
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
SetCurrentDirectoryW
CreateEventW
ResetEvent
GetProcAddress
GetStdHandle
GetLocaleInfoA
ReleaseMutex
CloseHandle
GetCurrentProcessId
LocalFree
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
FreeLibrary
SetEvent
GetModuleHandleW
LoadLibraryW
CopyFileW

user32

GetKeyNameTextW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
wsprintfW
EnableWindow
SendMessageW
GetWindow
GetSystemMetrics
SetWindowLongW
EnableMenuItem
GetWindowLongW
LoadIconW
GetClientRect
DrawIcon
KillTimer
PostMessageW
LoadImageW
IsIconic
GetWindowRect
SetTimer
GetSystemMenu
GetDesktopWindow
IsRectEmpty
DestroyIcon
IsWindowVisible
IsWindow
ReleaseDC
InvalidateRect
InflateRect
GetDC
GetIconInfo
SetRectEmpty
LoadCursorW
GetParent
GetFocus
DrawIconEx
FillRect
SetCursor
CheckMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
OpenClipboard
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetSysColor
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
PtInRect
CopyRect
SetWindowPos
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
SetClassLongW
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
MapVirtualKeyW
CreatePopupMenu
GetMenuDefaultItem
UnregisterClassW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
CopyAcceleratorTableW
OffsetRect
CharNextW
CharUpperW
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
IntersectRect
GetWindowRgn
DestroyCursor
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
GetUpdateRect
FrameRect
ScreenToClient
IsClipboardFormatAvailable
GetSysColorBrush
RealChildWindowFromPoint
LoadMenuW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
RegisterClipboardFormatW
GetMessageW
TranslateMessage
GetCursorPos
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
BringWindowToTop

advapi32

InitializeSecurityDescriptor
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
IsAccelerator
OleInitialize
OleUninitialize
CLSIDFromString
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleLockRunning
DoDragDrop
CoCreateInstance
OleRun
CoTaskMemFree
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateGuid
StringFromGUID2
CoInitializeEx
CLSIDFromProgID
CoFreeUnusedLibraries
CoUninitialize

shell32

SHAppBarMessage
ord680
CommandLineToArgvW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW

oleaut32

VariantChangeType
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysStringLen
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
GetErrorInfo

shlwapi

PathRemoveFileSpecW
StrRChrW
PathFileExistsW
PathRemoveBackslashW
PathGetDriveNumberW
PathIsRootW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

gdi32

CreateSolidBrush
CreateRoundRectRgn
Rectangle
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
CreateBitmap
CreateFontIndirectW
DeleteDC
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectW
GetDeviceCaps
CreatePen
CreateHatchBrush
CopyMetaFileW
CreateDCW
GetTextExtentPoint32W
GetTextMetricsW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
OffsetRgn
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
GetObjectType
GetStockObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCloneImage
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cef7fe1891403cea86feb76a7a9d9664

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

65:38:42:64:fa:80:9a:f1:c5:ef:12:a9:63:70:9b:3a:27:63:a8:96Signer

Signature Validations

Verification

04-04-2012 00:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

msimg32

comdlg32

winspool.drv

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 325KB - Virtual size: 324KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 310KB - Virtual size: 309KB

.reloc Size: 177KB - Virtual size: 176KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

65:38:42:64:fa:80:9a:f1:c5:ef:12:a9:63:70:9b:3a:27:63:a8:96
Signer

04-04-2012 00:55
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 325KB - Virtual size: 324KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 310KB - Virtual size: 309KB

.reloc
Size: 177KB - Virtual size: 176KB