setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

552KB
MD5

4e9463a9cdf58a301e4f846ab25f51e5
SHA1

674cbba6a3a89c3ce815d5709abb43fd294177a7
SHA256

4214c6115e82201802b3dd57c6674ba07c2b33c56096a0f7e07e204a998b3ad8
SHA512

991df8c8563da9e9e71fcefe9bb2da34f9e958c80706d6c7157cfebc89c9ab88c14c6e505eab0d92c0d8aa850f9ea71786ad2434f9bb061b12e2f21af6f331e5
SSDEEP

12288:BulGFBIGR7V2GmnBD9G1mFznLjoGP7v1+E:BuoJV2S1mFznfoOkE

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows x86

e47a8558510945726dcaf5ccc089fa74

Code Sign

6d:75:9f:d8:4a:1c:58:67:c8:77:c1:86:48:9c:f3:74
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/02/2018, 00:00

Not After

24/03/2021, 23:59

Subject

CN=LLC 1C-Soft,OU=LLC 1C-Soft,O=LLC 1C-Soft,L=Moscow,C=ru

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:75:9f:d8:4a:1c:58:67:c8:77:c1:86:48:9c:f3:74
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/02/2018, 00:00

Not After

24/03/2021, 23:59

Subject

CN=LLC 1C-Soft,OU=LLC 1C-Soft,O=LLC 1C-Soft,L=Moscow,C=ru

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:fb:dd:09:b2:e2:9a:6b:ad:f3:de:cd:e2:ef:5e:c8:06:e8:18:ad:df:b1:1a:2c:53:58:de:86:20:ea:32:d0
Signer

Actual PE Digest

c7:fb:dd:09:b2:e2:9a:6b:ad:f3:de:cd:e2:ef:5e:c8:06:e8:18:ad:df:b1:1a:2c:53:58:de:86:20:ea:32:d0

Digest Algorithm

sha256

PE Digest Matches

true

30:ab:41:4e:bb:88:7b:eb:c2:f1:1d:21:b9:da:47:ee:35:ca:ff:b4
Signer

Actual PE Digest

30:ab:41:4e:bb:88:7b:eb:c2:f1:1d:21:b9:da:47:ee:35:ca:ff:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ole32

CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
CoInitializeEx
OleInitialize

kernel32

GetFullPathNameW
GetVolumeInformationW
ReadFile
SetEndOfFile
WriteFile
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
FlushFileBuffers
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetCommandLineA
GetModuleHandleExW
HeapQueryInformation
GetStdHandle
ExitProcess
GetStringTypeW
SetFilePointerEx
GetFileType
GetConsoleMode
ReadConsoleW
LCMapStringW
FileTimeToSystemTime
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetTimeZoneInformation
FindFirstFileExW
lstrcmpA
GetCurrentThread
MulDiv
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
GlobalUnlock
GlobalLock
FindResourceW
FreeResource
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
GetExitCodeProcess
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateProcessW
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
LoadResource
LockResource
SizeofResource
TerminateProcess
GetModuleHandleW
GlobalFree
GlobalAlloc
CloseHandle
GetCurrentProcess
GetUserGeoID
LocalFree
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
DeleteFileW
CreateFileW
OutputDebugStringW
GetLastError
FindNextFileW
FindFirstFileW
FindClose
GetVersionExW
LocalAlloc
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetSystemTimeAsFileTime
WriteConsoleW

user32

GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
ClientToScreen
GetKeyState
IsWindowVisible
EndDeferWindowPos
TranslateMessage
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
GetDlgCtrlID
SetWindowPos
ShowWindow
UnhookWindowsHookEx
GetDesktopWindow
GetWindowLongW
SetActiveWindow
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
IsWindowEnabled
GetActiveWindow
PostQuitMessage
GetCapture
GetMessageW
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetParent
OffsetRect
GetCursorPos
SetCursor
GetWindowThreadProcessId
RealChildWindowFromPoint
DestroyMenu
CharUpperW
InvalidateRect
KillTimer
SetTimer
DeferWindowPos
SetRectEmpty
SendDlgItemMessageA
LoadCursorW
GetSysColorBrush
BeginDeferWindowPos
UnregisterClassW
MessageBoxW
GetKeyboardLayoutList
EnableWindow
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
LoadIconW
ReleaseDC

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
GetStockObject
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetDeviceCaps
GetClipBox
Escape
DeleteObject
CreateBitmap
GetObjectW
SetTextColor
DeleteDC
SetBkColor

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e47a8558510945726dcaf5ccc089fa74

Code Sign

6d:75:9f:d8:4a:1c:58:67:c8:77:c1:86:48:9c:f3:74Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

6d:75:9f:d8:4a:1c:58:67:c8:77:c1:86:48:9c:f3:74Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c7:fb:dd:09:b2:e2:9a:6b:ad:f3:de:cd:e2:ef:5e:c8:06:e8:18:ad:df:b1:1a:2c:53:58:de:86:20:ea:32:d0Signer

30:ab:41:4e:bb:88:7b:eb:c2:f1:1d:21:b9:da:47:ee:35:ca:ff:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

ole32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

oleacc

Sections

.text Size: 287KB - Virtual size: 287KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 163KB - Virtual size: 163KB

6d:75:9f:d8:4a:1c:58:67:c8:77:c1:86:48:9c:f3:74
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

6d:75:9f:d8:4a:1c:58:67:c8:77:c1:86:48:9c:f3:74
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c7:fb:dd:09:b2:e2:9a:6b:ad:f3:de:cd:e2:ef:5e:c8:06:e8:18:ad:df:b1:1a:2c:53:58:de:86:20:ea:32:d0
Signer

30:ab:41:4e:bb:88:7b:eb:c2:f1:1d:21:b9:da:47:ee:35:ca:ff:b4
Signer

.text
Size: 287KB - Virtual size: 287KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 163KB - Virtual size: 163KB