SETUP64[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SETUP64.EXE
Size

1.2MB
MD5

b86e7f08ecec95b1a330961bea085e84
SHA1

f1bd8d78645b8263f1ce2a237fb112249daf11c7
SHA256

11dc74cd872a3c89dc3992fcec3082070c279a9b077b6fc80007dda9542d3d88
SHA512

ec68b0405593b16a845e7785245653bcd1fda96721878c67aa40248c361839ef29b5cd8a89cef47bf038dd6c5236acbb91d45e681b5769ebb6e2cbea6b3e3f05
SSDEEP

12288:WzJT4XIgGNO60e2Yr8B77nvVeH1Po7fyYJ2AXk2Uht0yHR4MGbIAg3S+2YX1SuQ:3Yv0UcX81Po7K3ai0SR4MfA6S1/uQ

Score

1^/10

Malware Config

Signatures

Files

SETUP64.EXE
.exe windows x64

e2ebe5e608a0de9bde979437f8bdaa76

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/07/2012, 00:00

Not After

05/07/2013, 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:a8:6e:a7:0b:36:b7:5f:2b:d2:4f:35:16:7b:39:6b:53:69:ca:53
Signer

Actual PE Digest

f0:a8:6e:a7:0b:36:b7:5f:2b:d2:4f:35:16:7b:39:6b:53:69:ca:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetDriverInfoDetailW
SetupDiCreateDeviceInfoList
SetupDiClassGuidsFromNameW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetINFClassW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupGetFileCompressionInfoW
SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupOpenFileQueue
SetupQueueCopyW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupDecompressOrCopyFileW
SetupDefaultQueueCallbackW
SetupDiSetDeviceInstallParamsW

wintrust

CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash

mscms

GetColorDirectoryW
InstallColorProfileW
AssociateColorProfileWithDeviceW
UninstallColorProfileW
EnumColorProfilesW
DisassociateColorProfileFromDeviceW

avifil32

AVIFileInit
AVIFileExit
AVIFileRelease
AVIFileOpenW
AVIFileInfoW

lz32

LZCopy
LZClose
LZOpenFileW
GetExpandedNameW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

kernel32

DeleteAtom
TerminateThread
AddAtomW
CreateThread
lstrlenW
GetTickCount
HeapSize
GlobalLock
GlobalUnlock
GetCommandLineW
CreateMutexW
ReleaseMutex
FileTimeToSystemTime
MulDiv
VirtualProtect
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
SetThreadPriority
SuspendThread
GetModuleHandleA
GetCurrentProcessId
lstrcmpA
lstrlenA
GlobalGetAtomNameW
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
GetAtomNameW
GetCurrentThread
TlsGetValue
TlsAlloc
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsFree
FindResourceExW
GlobalFlags
GetThreadLocale
GetFullPathNameW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
WritePrivateProfileStringW
GetFileSizeEx
SetErrorMode
GetStartupInfoW
HeapReAlloc
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
HeapQueryInformation
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenMutexW
ResumeThread
GetUserDefaultLangID
GetLocalTime
FormatMessageW
ExitThread
GetCurrentThreadId
LocalAlloc
GetModuleHandleW
SetLastError
SetEvent
OutputDebugStringW
ResetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
LocalFileTimeToFileTime
LocalFree
GlobalHandle
SetFileAttributesA
GetCurrentDirectoryW
GetFileAttributesA
WriteFile
GetCompressedFileSizeW
SetFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
DeleteFileW
GlobalFree
ReadFile
GlobalAlloc
CompareFileTime
WaitForSingleObject
CreateProcessW
GetProcAddress
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetCurrentProcess
FreeLibrary
LoadLibraryW
HeapFree
HeapAlloc
CreateDirectoryW
GetFileSize
FileTimeToLocalFileTime
GetFileTime
CopyFileW
Sleep
CloseHandle
CreateFileW
MoveFileExW
GetLastError
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
HeapDestroy
HeapCreate
GetVersionExW
SetCurrentDirectoryW
GetModuleFileNameW
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
GetDiskFreeSpaceExW
GetDriveTypeW
ConvertDefaultLocale

user32

CopyAcceleratorTableW
SetRect
InvalidateRgn
SetWindowContextHelpId
CharUpperW
RegisterClipboardFormatW
GetNextDlgGroupItem
MessageBeep
MoveWindow
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongPtrW
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadMenuW
SetPropW
GetCapture
GetActiveWindow
MapDialogRect
UnregisterClassW
GetPropW
RemovePropW
GetAsyncKeyState
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadStringW
SetProcessDefaultLayout
GetSysColor
SetWindowTextW
GetWindow
GetMessageW
PostThreadMessageW
CharNextA
UpdateWindow
GetDesktopWindow
DispatchMessageW
TranslateMessage
PeekMessageW
LoadCursorW
SetCursor
IsWindow
DeleteMenu
EnableMenuItem
GetSystemMenu
LoadIconW
GetDialogBaseUnits
CopyRect
DestroyIcon
GetClassNameW
GetWindowRect
CharNextW
CharPrevW
KillTimer
SetTimer
SetForegroundWindow
SystemParametersInfoW
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
ReleaseDC
GetDC
SetWindowPos
GetWindowLongW
MessageBoxW
SetActiveWindow
GetProcessDefaultLayout
PostMessageW
GetSystemMetrics
GetClientRect
GetParent
EnableWindow
SendMessageW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRect
DrawFocusRect
FillRect
GetCursorPos
ValidateRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
ReleaseCapture
SetCapture
SetWindowRgn
DrawIcon
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
ShowWindow
InflateRect
SetWindowLongW
GetMenuState

gdi32

RestoreDC
SaveDC
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
CreateBitmap
SetBkMode
SetMapMode
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
GetClipBox
DeleteDC
CreatePatternBrush
CreateSolidBrush
OffsetViewportOrgEx
CreateRectRgnIndirect
CreateEllipticRgn
LPtoDP
Ellipse
CreateCompatibleBitmap
EnumFontFamiliesExW
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
SetTextColor
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
GetObjectW
GetStockObject
CreateFontIndirectW
GetTextExtentPoint32W
ExtSelectClipRgn
GetTextMetricsW
SetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryW
OpenPrinterW
SetPrinterDataW
ClosePrinter
GetPrinterDataW
DeletePrinterDataW
ord204
ord203
EnumJobsW
SetJobW
GetPrinterW
SetPrinterW
DeletePrinterConnectionW
DeletePrinter
EnumPrintProcessorsW
GetPrinterDriverW
AddPortExW
EnumPrintersW
EnumMonitorsW
EnumPrinterDriversW
EnumPortsW
DocumentPropertiesW

advapi32

OpenServiceW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
FreeSid
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
EqualSid
AllocateAndInitializeSid
OpenProcessToken
OpenSCManagerW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
ExtractIconExW
SHInvokePrinterCommandW
SHGetMalloc
DragFinish

shlwapi

SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
SHDeleteEmptyKeyW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoWaitForMultipleHandles
CoUninitialize

oleaut32

SafeArrayUnaccessData
SysStringLen
VariantInit
VariantChangeType
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElemsize
SysAllocString
SafeArrayGetDim
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SysFreeString
OleCreateFontIndirect

Sections

.text
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2ebe5e608a0de9bde979437f8bdaa76

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f0:a8:6e:a7:0b:36:b7:5f:2b:d2:4f:35:16:7b:39:6b:53:69:ca:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

setupapi

wintrust

mscms

avifil32

lz32

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 830KB - Virtual size: 829KB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 16KB - Virtual size: 48KB

.pdata Size: 48KB - Virtual size: 48KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 19KB - Virtual size: 18KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f0:a8:6e:a7:0b:36:b7:5f:2b:d2:4f:35:16:7b:39:6b:53:69:ca:53
Signer

.text
Size: 830KB - Virtual size: 829KB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 16KB - Virtual size: 48KB

.pdata
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 19KB - Virtual size: 18KB