setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

260KB
MD5

204e0114ecd8ad75a76babebb48237ae
SHA1

6f20dd6153be613447fda6023da0ed1f6a938ec6
SHA256

fe945465646ab9a5c7f92eaea487c9cf508b772cf0ea3185d4d126a46d8f0b77
SHA512

30424e8829827f8e8f78a2f7789d0e1fb1dfd0cf6551c296c0638318a4b1892bf041f63023bd0a383488d3e7d331f11cf8dc43f954bfa8e9fb52ac43b4afaf50
SSDEEP

6144:uzoamizNP+npEPYwh4IDaOGiJ95ZPa/ya:Soam4NPWEPYeRFa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows x64

67530098c1e6513f93d846bb4e559638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

Sleep
GetComputerNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetOverlappedResult
GetFileType
GetFileSize
SetErrorMode
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
GetCurrentThreadId
GetPrivateProfileStringW
GetCommandLineW
GetProcAddress
FreeLibrary
LoadLibraryW
DebugBreak
GetExitCodeProcess
ExpandEnvironmentStringsW
GetLocaleInfoW
VirtualAlloc
VirtualFree
GetModuleFileNameW
GetEnvironmentVariableW
ResetEvent
SetEnvironmentVariableW
SetCurrentDirectoryW
GetPrivateProfileIntW
VirtualProtect
RtlCompareMemory
SetEvent
WaitForMultipleObjects
OpenEventW
CreateEventW
CreateThread
LockResource
GetFileAttributesW
LocalAlloc
ReleaseMutex
DefineDosDeviceW
WaitForSingleObjectEx
MapViewOfFileEx
GetPrivateProfileSectionW
WritePrivateProfileStringW
IsValidCodePage
IsValidLocale
GetSystemDirectoryW
GetUserDefaultUILanguage
LoadResource
FindResourceExW
GetSystemDefaultUILanguage
SearchPathW
CreateDirectoryW
GetWindowsDirectoryW
DeleteFileW
DuplicateHandle
SetEndOfFile
SetFileTime
GetVolumeInformationW
WaitForSingleObject
TerminateProcess
ExitProcess
OpenProcess
CreateProcessA
CreateProcessW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
RemoveDirectoryW
GetShortPathNameW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
SetFileAttributesW
LoadLibraryExW
CreateMutexW
IsDebuggerPresent
OutputDebugStringW
GetExitCodeThread
MulDiv
GetSystemDefaultLangID
QueryDosDeviceW
VerifyVersionInfoW
GetCurrentThread
VerSetConditionMask
OpenThread
LocalFree
lstrlenW
FormatMessageW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
CompareStringW
DeviceIoControl
FlushFileBuffers
CopyFileExW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
SetFilePointer
WriteFile
ReadFile
GetDriveTypeW
GetLogicalDrives
GetLogicalDriveStringsW
CloseHandle
CreateFileW
MoveFileExW
MoveFileW
CopyFileW
GlobalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
HeapWalk
HeapValidate
HeapCompact
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
GetCurrentProcess
GlobalMemoryStatus
GetSystemInfo
GetVersionExW
GetVersionExA
SetLastError
FindResourceW
GetStartupInfoW
OutputDebugStringA

user32

SetTimer
MessageBoxA
PostMessageW
LoadIconW
MessageBoxW
EndDialog
DialogBoxParamW
CharNextW
SetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
GetWindowLongPtrW
EndPaint
DestroyWindow
SetCursor
RemovePropW
PostQuitMessage
LoadImageW
GetClientRect
SetFocus
BeginPaint
SetPropW
GetDC
RegisterClassExW
InvalidateRect
GetWindowTextW
ReleaseDC
GetSysColor
SetWindowPos
ShowWindow
SetThreadDesktop
FindWindowExW
CreateWindowExW
GetSystemMetrics
MapWindowPoints
UpdateWindow
SetWindowTextW
GetPropW
DefWindowProcW
DispatchMessageW
GetMessageW
PostThreadMessageW
UnregisterHotKey
RegisterHotKey
CharPrevW
LoadStringW
SendMessageW

msvcrt

_onexit
_lock
memcpy
memset
?terminate@@YAXXZ
free
calloc
isdigit
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_iob
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
??3@YAXPEAX@Z
realloc
__badioinfo
__pioinfo
_local_unwind
_read
_fileno
_lseeki64
_write
_isatty
ungetc
wcschr
_wcsnicmp
wcsrchr
_wtoi
_vsnwprintf
_wcsicmp
_vscwprintf
_vsnprintf
towupper
??2@YAPEAX_K@Z
bsearch
wcsncmp
wcsstr
__CxxFrameHandler
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_wcslwr
_errno

ntdll

RtlAllocateHeap
RtlFreeHeap
NtOpenDirectoryObject
NtClose
NtQueryDirectoryObject
RtlInitUnicodeString
RtlNtStatusToDosError
NtSetInformationFile
RtlVirtualUnwind
NtQuerySystemInformation
NtQueryObject
NtOpenFile
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtOpenKey
NtDeviceIoControlFile
NtWaitForSingleObject
NtCreateEvent
NtQueryValueKey
NtResetEvent

advapi32

RegOpenKeyExW
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenProcessToken
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
RegSetValueExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
OpenThreadToken
SetThreadToken
DuplicateTokenEx

gdi32

CreateSolidBrush
SetStretchBltMode
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetBkColor
SetBrushOrgEx
StretchBlt
GetDeviceCaps
CreateFontIndirectW
DeleteDC
SetTextColor
GetTextExtentPoint32W
BitBlt
AddFontResourceExW
EnumFontFamiliesExW
CreateDCW
TranslateCharsetInfo
GetStockObject

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67530098c1e6513f93d846bb4e559638

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

ntdll

advapi32

gdi32

Sections

.text Size: 156KB - Virtual size: 155KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 156KB - Virtual size: 155KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 2KB - Virtual size: 2KB