setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

776KB
MD5

3d81175ddb4a05e7febac167da06c9aa
SHA1

e5159c6568a0213218374fab2a04bed49cb4e5ea
SHA256

62c1b6765272ae7567fab9146afee1e21d10b47df3a638bdffb1a16a84f21706
SHA512

06170e17450708573392373607354d794283765c075e9950fa2d820b467f5784f6a23f15d55686f0b44e5170bcf135bd57c299cbc3bea5e009889f813785f49a
SSDEEP

12288:nfj43aWqvEEasw/UIVXrR+28w3yKt5OER8VXbb+ABFRIlMkQzt8geHbzfJ:nr43aftqUCt+R6R8VHzBoleuf7zh

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows x64

baf209bc3be6389efada6a514b122ca6

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:8e:25:6c:85:b2:82:40:14:95:b7:09:78:55:22:8a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/09/2017, 00:00

Not After

10/09/2020, 23:59

Subject

CN=DOTPDN LLC,O=DOTPDN LLC,POSTALCODE=98661,STREET=3925 NE 72nd Ave Ste 107-1,L=Vancouver,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:20:4b:1b:90:cf:eb:bc:25:e0:7c:5e:68:ea:c8:16:15:44:ab:9c
Signer

Actual PE Digest

45:20:4b:1b:90:cf:eb:bc:25:e0:7c:5e:68:ea:c8:16:15:44:ab:9c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DOTPDN LLC,O=DOTPDN LLC,POSTALCODE=98661,STREET=3925 NE 72nd Ave Ste 107-1,L=Vancouver,ST=WA,C=US

29/05/2020, 19:51
Valid: true

Chain 1

CN=DOTPDN LLC,O=DOTPDN LLC,POSTALCODE=98661,STREET=3925 NE 72nd Ave Ste 107-1,L=Vancouver,ST=WA,C=US

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

DragFinish

mscoree

_CorExeMain

advapi32

RegisterEventSourceW

user32

ScrollDC

kernel32

GetModuleHandleA

Sections

.reloc
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

baf209bc3be6389efada6a514b122ca6

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

a3:8e:25:6c:85:b2:82:40:14:95:b7:09:78:55:22:8aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

45:20:4b:1b:90:cf:eb:bc:25:e0:7c:5e:68:ea:c8:16:15:44:ab:9cSigner

Signature Validations

Verification

29/05/2020, 19:51 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

shell32

mscoree

advapi32

user32

kernel32

Sections

.reloc Size: - Virtual size: 1.1MB

.rsrc Size: 10KB - Virtual size: 19KB

.reloc Size: 102KB - Virtual size: 101KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

a3:8e:25:6c:85:b2:82:40:14:95:b7:09:78:55:22:8a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

45:20:4b:1b:90:cf:eb:bc:25:e0:7c:5e:68:ea:c8:16:15:44:ab:9c
Signer

29/05/2020, 19:51
Valid: true

.reloc
Size: - Virtual size: 1.1MB

.rsrc
Size: 10KB - Virtual size: 19KB

.reloc
Size: 102KB - Virtual size: 101KB