SetupOffice2010Starter[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SetupOffice2010Starter.exe
Size

1.5MB
MD5

66069e4a636671ca319591bd58563a18
SHA1

16c0fe922f36385178e0747963c3f06a7b404294
SHA256

1209a085deab384290d0adfe0f66e4992b603ff95bd53ec4ac30caa91702f1f5
SHA512

257b1f382a01dce3cb2bc40cb758c389a9b89308a06c5171d7d4f21c0aa22d6d555c0ad83c35bc00ae76ff4c71f7af05db333a1b3301d1d47f7cdc868fc1d3d5
SSDEEP

49152:bxWr2pO1x0hiuY1mEFWChd8ixLHkJEi7mKj7/bW:ppSei71mEFWe9DunHW

Score

1^/10

Malware Config

Signatures

Files

SetupOffice2010Starter.exe
.exe windows x86

d00e73cc81e1c68c3336b91a1c35b77d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:6d:d4:fc:10:6c:f4:c3:4a:f8:95:bd:6c:c2:74:c4:51:1e:b6:47
Signer

Actual PE Digest

a7:6d:d4:fc:10:6c:f4:c3:4a:f8:95:bd:6c:c2:74:c4:51:1e:b6:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
CoDisconnectObject
CoTaskMemAlloc
CoCreateInstance
StringFromIID
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocString
VariantClear

user32

GetSysColor
GetKeyboardLayout
SetWindowPos
ShowWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
GetWindowLongW
SendMessageW
IsWindowUnicode
DefWindowProcW
IntersectRect
GetWindowDC
GetWindowRect
GetWindowLongA
SetWindowLongA
GetSystemMetrics
SystemParametersInfoA
GetMonitorInfoA
EnumDisplayMonitors
ReleaseDC
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetWindowTextW
PostMessageW
LoadStringW
LoadImageW
SystemParametersInfoW
CharUpperW
CharUpperA
GetKeyState
ClientToScreen
IsWinEventHookInstalled
NotifyWinEvent
RedrawWindow
InvalidateRect
UpdateWindow
GrayStringW
DrawStateW
EndPaint
BeginPaint
GetDCEx
LoadBitmapW
GetSysColorBrush
InvertRect
FrameRect
FillRect
WindowFromDC
SetCapture
ReleaseCapture
SetForegroundWindow
GetForegroundWindow
GetFocus
AttachThreadInput
SetMenuDefaultItem
EnableMenuItem
DeleteMenu
MessageBoxA
MessageBoxW
PostMessageA
TrackPopupMenuEx
GetSystemMenu
GetDC
MonitorFromRect
SetWindowRgn
OffsetRect
SetRect
IsRectEmpty
GetMenuCheckMarkDimensions
LoadCursorA
GetKeyboardLayoutList
IsIconic
MonitorFromWindow
DestroyWindow
DrawTextW
DrawTextExW
GetTabbedTextExtentW
TabbedTextOutW
DrawCaption
DrawEdge
DrawFocusRect
DrawFrameControl
ExcludeUpdateRgn
GetUpdateRgn
GetWindowRgn
InvalidateRgn
PaintDesktop
ValidateRgn

advapi32

CryptHashData
CryptVerifySignatureA
CryptSetHashParam
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextW
CryptGetHashParam
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceEvent
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegisterTraceGuidsA
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenProcessToken
GetTokenInformation
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
CreateProcessAsUserW
OpenThreadToken
RegEnumKeyW
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
CopySid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
CheckTokenMembership
IsValidSid
ConvertSidToStringSidA
CryptGetUserKey
CryptImportKey
CredWriteW
CryptCreateHash
CryptSignHashA

kernel32

FileTimeToLocalFileTime
GetOverlappedResult
ResetEvent
SetFileTime
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
LoadLibraryExA
GetProcAddress
GetTempPathA
WaitForMultipleObjectsEx
GetSystemDefaultLangID
lstrcmpiA
WriteProcessMemory
VirtualProtect
SetWaitableTimer
CreateWaitableTimerW
CreateEventW
DeleteFileA
GetStringTypeExW
GetUserDefaultUILanguage
GetCalendarInfoW
GetDateFormatW
EnumSystemLocalesW
EnumUILanguagesW
IsDBCSLeadByte
CreateDirectoryW
InitializeCriticalSection
GetUserDefaultLangID
LocalAlloc
MulDiv
UnmapViewOfFile
SetEvent
GetSystemInfo
IsWow64Process
TryEnterCriticalSection
GlobalAlloc
GetShortPathNameA
CreateFileMappingA
CreateSemaphoreA
OpenMutexA
CreateMutexA
CreateEventA
GetProcessTimes
HeapLock
HeapUnlock
HeapSetInformation
FindResourceA
GetLocalTime
ReleaseMutex
GetSystemDefaultLCID
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetModuleHandleW
LCMapStringA
GetConsoleMode
GetConsoleCP
VirtualAlloc
LoadLibraryA
InterlockedExchange
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetExitCodeThread
GetPriorityClass
CreateProcessW
GetExitCodeProcess
SetErrorMode
LoadLibraryExW
OutputDebugStringA
SetLastError
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetCurrentThread
RaiseException
SetFilePointer
CopyFileExW
DeleteFileW
GetFileTime
SetFileAttributesW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
GetFileSizeEx
lstrlenA
FindResourceW
LoadResource
LockResource
SizeofResource
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
LocalFree
GetLogicalDrives
GetVersionExW
GetDiskFreeSpaceExW
GetCurrentProcess
IsValidLocale
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteCriticalSection
GlobalFree
ExpandEnvironmentStringsW
GetCommandLineW
CompareStringA
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetVersion
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileAttributesW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
CloseHandle
CreateFileW
CreateNamedPipeW
ReadFile
WriteFile
ConnectNamedPipe
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetTickCount
lstrlenW
GetLastError
GetUserDefaultLCID
GetCurrentThreadId
LoadLibraryW
FreeLibrary
RtlCaptureStackBackTrace
GetModuleHandleExW
GetModuleFileNameW
GetVersionExA
MapViewOfFile

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathGetArgsW
PathGetDriveNumberW
PathIsUNCW

wintrust

WinVerifyTrust

wininet

InternetCrackUrlW

secur32

GetUserNameExW

dbghelp

SymGetLineFromAddr64
SymGetSymFromAddr64
SymCleanup
SymInitialize

msi

ord17
ord125
ord121
ord190
ord111
ord88
ord90
ord195
ord70
ord137
ord45
ord205
ord141
ord116
ord8
ord89

gdi32

OffsetClipRgn
IntersectClipRect
GetRandomRgn
GetMetaRgn
GetClipRgn
ExtSelectClipRgn
ExcludeClipRect
SetROP2
SetBoundsRect
SetBkMode
SetBkColor
GetROP2
GetBoundsRect
GetBkMode
GetBkColor
SetLayout
SetDCPenColor
SetDCBrushColor
GetLayout
GetDCPenColor
GetDCOrgEx
GetDCBrushColor
EnumObjects
DrawEscape
CancelDC
TextOutW
SetTextJustification
SetTextColor
SetTextCharacterExtra
SetTextAlign
SetMapperFlags
PolyTextOutW
GetTextExtentPointI
GetTextExtentExPointI
GetTextExtentPoint32A
GetTextExtentExPointA
GetTextExtentExPointW
GetTextColor
GetTextCharacterExtra
GetKerningPairsW
GetGlyphOutlineW
GetGlyphIndicesW
GetFontUnicodeRanges
GetFontLanguageInfo
GetFontData
GetCharWidthI
GetCharWidthFloatW
GetCharWidth32W
GetCharacterPlacementW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetAspectRatioFilterEx
ExtTextOutA
ExtTextOutW
EnumFontFamiliesExW
GetObjectType
GetCurrentObject
GetObjectW
GetTextExtentPoint32W
PtVisible
CreateSolidBrush
CreateDCA
CreateFontIndirectW
GetTextMetricsW
GetTextFaceW
GetTextAlign
GetOutlineTextMetricsW
GetClipBox
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
SetWindowOrgEx
GetDeviceCaps
CreateDIBSection
DeleteObject
CreateBitmap
SetDIBits
CreateDIBitmap
StartDocW
StartPage
RectVisible
SelectClipPath
GetBrushOrgEx
PatBlt
SetBrushOrgEx
ExtFloodFill
GetBitmapDimensionEx
GetDIBColorTable
GetDIBits
GetPixel
GetStretchBltMode
MaskBlt
PlgBlt
SetBitmapDimensionEx
SetDIBColorTable
SetDIBitsToDevice
SetPixel
SetStretchBltMode
StretchBlt
StretchDIBits
AnimatePalette
GetColorAdjustment
GetNearestColor
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
GetSystemPaletteUse
RealizePalette
ResizePalette
SetColorAdjustment
SetPaletteEntries
SetSystemPaletteUse
UnrealizeObject
UpdateColors
CheckColorsInGamut
ColorCorrectPalette
ColorMatchToTarget
EnumICMProfilesW
GetICMProfileW
GetLogColorSpaceW
SetICMMode
SetICMProfileW
GetDeviceGammaRamp
SetDeviceGammaRamp
EqualRgn
FillRgn
FrameRgn
GetPolyFillMode
GetRegionData
GetRgnBox
InvertRgn
OffsetRgn
PaintRgn
PtInRegion
RectInRegion
SetPolyFillMode
SetRectRgn
GetMapMode
GetViewportExtEx
GetWindowExtEx
GetWindowOrgEx
SetMapMode
SetWorldTransform
GetTextCharset
GetTextCharsetInfo
MoveToEx
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
GdiComment
SelectPalette
SetColorSpace
GetStockObject
CreateDCW
CreateICW
CreatePen
CreatePenIndirect
ExtCreatePen
CreateBrushIndirect
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePatternBrush
CreateBitmapIndirect
CreatePalette
CreateHalftonePalette
CreateColorSpaceW
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateRectRgn
CreateRectRgnIndirect
ExtEscape
CreateRoundRectRgn
ExtCreateRegion
DeleteColorSpace
SaveDC
RestoreDC
ResetDCW
CombineRgn
SetAbortProc
SelectClipRgn
SetMetaRgn
AbortDoc
EndDoc
EndPage
Escape
TranslateCharsetInfo
GdiFlush

rpcrt4

UuidCreate

winhttp

WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpConnect

credui

CredUIPromptForCredentialsW

setupapi

SetupIterateCabinetW

oleacc

AccessibleObjectFromWindow
LresultFromObject

Exports

Exports

??0PaintContext@@QAE@PAUHDC__@@@Z
??0PaintContext@@QAE@PAUHDC__@@PAUtagRGBQUAD@@HH@Z
??0PaintContext@@QAE@PAVScene@NetUI@@@Z
??0PaintContext@@QAE@XZ
?Create@DibBitmap@NetUI@@SG?AU12@PAUHBITMAP__@@HHPBUtagRGBQUAD@@_N@Z
?FastAlphaBlend@NetUI@@YGHABVPaintContext@@HHHHABUDibBitmap@1@HHHHU_BLENDFUNCTION@@@Z
?FastBitBlt@NetUI@@YGHABVPaintContext@@HHHHABUDibBitmap@1@HHK@Z
?FastFillRect@NetUI@@YGHABVPaintContext@@PBUtagRECT@@K@Z
?FastLinearGradient@NetUI@@YGXABVPaintContext@@ABUtagRECT@@PBKPBHH_N@Z
?FastSimpleGradient@NetUI@@YGXABVPaintContext@@ABUtagRECT@@KK_N@Z
?FastStretchBlt@NetUI@@YGHABVPaintContext@@HHHHABUDibBitmap@1@HHHHK@Z
?FastTransparentBlt@NetUI@@YGXABVPaintContext@@HHHHABUDibBitmap@1@HHHHK@Z
?FromHBitmap@DibBitmap@NetUI@@SG?AU12@PAUHBITMAP__@@_N@Z
?GetDPI@NetUI@@YGHXZ
?ScaleFontSizeWithSystem@NetUI@@YGHH@Z
?ScalePixelsForSystemSettings@NetUI@@YGHH_N@Z
?SmoothAlphaBlend@NetUI@@YG_NABVPaintContext@@HHHHABUDibBitmap@1@HHHHU_BLENDFUNCTION@@@Z
?SmoothStretchBlt@NetUI@@YG_NABVPaintContext@@HHHHABUDibBitmap@1@HHHH@Z
_GetAllocCounters@0

Sections

.text
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 215KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 493KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00e73cc81e1c68c3336b91a1c35b77d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

a7:6d:d4:fc:10:6c:f4:c3:4a:f8:95:bd:6c:c2:74:c4:51:1e:b6:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

user32

advapi32

kernel32

shell32

version

shlwapi

wintrust

wininet

secur32

dbghelp

msi

gdi32

rpcrt4

winhttp

credui

setupapi

oleacc

Exports

Exports

Sections

.text Size: 831KB - Virtual size: 830KB

.data Size: 215KB - Virtual size: 253KB

.rsrc Size: 493KB - Virtual size: 496KB

.reloc Size: 34KB - Virtual size: 33KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

a7:6d:d4:fc:10:6c:f4:c3:4a:f8:95:bd:6c:c2:74:c4:51:1e:b6:47
Signer

.text
Size: 831KB - Virtual size: 830KB

.data
Size: 215KB - Virtual size: 253KB

.rsrc
Size: 493KB - Virtual size: 496KB

.reloc
Size: 34KB - Virtual size: 33KB