setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

623KB
MD5

64d4f1d0103f15b01a2cd2b25f49e31d
SHA1

2ca6b33d9a2c9749e8a74c37eafa96091880991b
SHA256

c8b7f3add72e8b3b6a89bacd763d81c769e15ed0bc25eaf48776f286ad95d5f0
SHA512

42f30541dad981fbf00258e68dc1d4cfa0d94dfb9b755c63141f53d34a6fb2646ebd079f784850fa67fa69d59aa03e0fdf258611de6b89ce2f34f2f517d3aa1f
SSDEEP

12288:JkfDFBkJRztrme1FwTZSca0mMKQGhLqHAkieg1JdlgUw6hd:JkbFURztrmesTZjceg1J7gi

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows x64

5699f004adf4128cce37ba72f33cc874

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a0:9d:76:46:36:07:60:64:0b:b7:27:a1:65:df:d6:fa:ec:35:eb:41:3d:4d:84:8d:c7:6c:e3:85:89:24:a5
Signer

Actual PE Digest

70:a0:9d:76:46:36:07:60:64:0b:b7:27:a1:65:df:d6:fa:ec:35:eb:41:3d:4d:84:8d:c7:6c:e3:85:89:24:a5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

24/12/2021, 10:42
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalReAlloc
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
VirtualProtect
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GlobalHandle
GetStartupInfoW
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
SetEnvironmentVariableW
GetCurrentThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
lstrcmpA
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetStdHandle
ExitProcess
LCMapStringW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetDriveTypeW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
LoadLibraryExW
GetCurrentThreadId
EncodePointer
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
LocalAlloc
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
GetUserDefaultUILanguage
GetPrivateProfileStringW
lstrlenW
lstrcmpW
GetModuleFileNameW
GetVersionExW
GetSystemInfo
GetCurrentProcess
GetTempFileNameW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
ExpandEnvironmentStringsW
GetTempPathW
CopyFileW
GetSystemDirectoryW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
SetLastError
GetLastError
CloseHandle
CreateFileW
GetCurrentDirectoryW
GetUserDefaultLangID
LoadLibraryW
FreeLibrary
ResumeThread
Sleep
FormatMessageW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
SetDllDirectoryW
GetProcAddress
GetModuleHandleW
GetSystemWindowsDirectoryW
SetCurrentDirectoryW
GetStringTypeW
WriteConsoleW
IsDebuggerPresent

user32

InvalidateRect
DestroyMenu
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RealChildWindowFromPoint
ClientToScreen
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetWindowThreadProcessId
SetCursor
PostQuitMessage
GetSystemMetrics
CharUpperW
GetCursorPos
TranslateMessage
GetMessageW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
OffsetRect
SetRectEmpty
GetClientRect
SendDlgItemMessageA
UnregisterClassW
EndDialog
PostMessageW
EnableWindow
KillTimer
SetTimer
SendMessageW
GetMonitorInfoW

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
ExtTextOutW
TextOutW
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetObjectW
DeleteObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetKnownFolderPath
ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5699f004adf4128cce37ba72f33cc874

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

70:a0:9d:76:46:36:07:60:64:0b:b7:27:a1:65:df:d6:fa:ec:35:eb:41:3d:4d:84:8d:c7:6c:e3:85:89:24:a5Signer

Signature Validations

Verification

24/12/2021, 10:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 9KB - Virtual size: 29KB

.pdata Size: 19KB - Virtual size: 18KB

.didat Size: 512B - Virtual size: 208B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 117KB - Virtual size: 116KB

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

70:a0:9d:76:46:36:07:60:64:0b:b7:27:a1:65:df:d6:fa:ec:35:eb:41:3d:4d:84:8d:c7:6c:e3:85:89:24:a5
Signer

24/12/2021, 10:42
Valid: true

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 9KB - Virtual size: 29KB

.pdata
Size: 19KB - Virtual size: 18KB

.didat
Size: 512B - Virtual size: 208B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 117KB - Virtual size: 116KB