SetUp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SetUp.exe
Size

68KB
MD5

c540689d4b3300eaee741bb8367891e7
SHA1

baf4613d9086afceb68b3729a7ed716516c75a5d
SHA256

1b407a3c676e1f7a6f2f675e11c44f1734ebf63a1188f356fa9e252fac747ec5
SHA512

084f1ea8522627c699babbfd5f9a4cb4008f7594835729c9e62a87ee90c77788b5f32b44e44e18bdcf8eae871d98c90f71b50b1ea451111361c484300e37ef63
SSDEEP

1536:Ndr7OLEeJZ8Fg0RyM5UXBQUWm1CuE3avidYTn/jKJWMJqlj1AG:/r7OAxFyM55UWm1/6julN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/mohan/Software Collections/New Folder (2)/software collection/LASSER CUTTING MACHINE/English(USB)/Install/SetUp.exe

Files

SetUp.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/mohan/Software Collections/New Folder (2)/software collection/LASSER CUTTING MACHINE/English(USB)/Install/SetUp.exe
.exe windows x86

Password: S@ndb0x!2023@@

29e257f0b30d1b01b2bfffb54c27c43f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord616
ord800
ord2514
ord2621
ord823
ord537
ord1134
ord4129
ord5683
ord5710
ord535
ord924
ord858
ord5572
ord2919
ord540
ord2818
ord1168
ord860
ord6883
ord6143
ord801
ord541
ord3663
ord692
ord2764
ord4204
ord6153
ord3790
ord5440
ord6383
ord5450
ord6394
ord922
ord6663
ord6283
ord6282
ord6215
ord1768
ord2086
ord2864
ord1771
ord6366
ord2413
ord2024
ord4219
ord3831
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord567
ord324
ord2302
ord4234
ord6334
ord4710
ord2370
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1146
ord4160
ord2863
ord2379
ord755
ord470
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2581
ord4673
ord1576

msvcrt

_acmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
__getmainargs
fopen
strrchr
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
wcslen
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
fclose
_mbscmp
_access
_mbsicmp
atoi
sprintf
__dllonexit
_onexit
_controlfp

kernel32

FindNextFileA
FindFirstFileA
CreateDirectoryA
GetSystemDirectoryA
GetVersionExA
FindClose
GetWindowsDirectoryA
WaitForSingleObject
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA
CopyFileA
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
InterlockedDecrement
DeleteFileA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
LocalFree
lstrlenA

user32

DrawIcon
GetClientRect
GetSystemMetrics
AppendMenuA
LoadIconA
EnableWindow
GetSystemMenu
SendMessageA
GetDlgItem
GetWindowTextA
SetWindowTextA
LoadStringA
wsprintfA
MessageBoxA
PeekMessageA
PostQuitMessage
IsIconic

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

29e257f0b30d1b01b2bfffb54c27c43f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 80KB - Virtual size: 80KB