ksetup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ksetup.exe
Size

37KB
MD5

65ddbddc57faf9c526e467c6039bf3b4
SHA1

8496259e36433acee25363e52668b3f8ba2c39b9
SHA256

19373acc55f4daa9810341a2b164f0b7346a1e2ee5d18a6c75d20e7b0394fb08
SHA512

dfa79e5e0fbf90d97cd5029cd085d6aad0f463635f921abc7e1385439f970ec244161211926f7ef96f47804311ec8dbe69d1956e3ce413b653b811cefb719d4f
SSDEEP

768:1jyqze1MrTpG0Zl4YBxpc/2BUF+XfQl3ObeefFw6oDOprI4IdHG1gd:HvlGFIXlafef/QO1ING1g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ksetup.exe

Files

ksetup.exe
.exe windows x64

1f57addb730d5e4437682feaf1f27c0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegEnumValueW
LsaQueryInformationPolicy
RegOpenKeyExW
RegEnumKeyExW
LsaFreeMemory
RegCloseKey
LsaSetInformationPolicy
RegCreateKeyExW
RegDeleteKeyW
LsaClose
RegDeleteValueW
RegSetValueExW
LsaStorePrivateData
RegQueryValueExW
LsaOpenPolicy
LsaSetTrustedDomainInfoByName
RegConnectRegistryW
LsaQueryTrustedDomainInfoByName

kernel32

LocalFree
LocalAlloc
SetComputerNameExW
GetLastError
GetComputerNameW
GetModuleHandleW
lstrcmpiW
lstrcmpW
SetLastError
GetStdHandle
SetConsoleMode
GetSystemDirectoryW
GetConsoleMode
FormatMessageW
LoadLibraryW

msvcrt

memcpy
realloc
fgetws
_wcsdup
_XcptFilter
?terminate@@YAXXZ
_amsg_exit
_commode
_fmode
wcschr
exit
free
_vsnprintf
fprintf
wcsstr
malloc
isspace
getchar
iswalpha
iswupper
__C_specific_handler
wcsncmp
printf
fwprintf
_wsetlocale
_initterm
wcstoul
_snwprintf_s
__setusermatherr
wcscpy_s
_cexit
_exit
__set_app_type
__wgetmainargs
wcsncat_s
_vsnwprintf
__iob_func
_wcsicmp
memset

wldap32

ord41
ord50
ord27
ord26
ord211
ord30
ord34
ord156
ord146
ord13
ord170
ord73

logoncli

DsGetDcNameW

sspicli

LsaConnectUntrusted
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

ntdll

RtlInitUnicodeString
RtlCompareUnicodeString
RtlInitString

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f57addb730d5e4437682feaf1f27c0d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

wldap32

logoncli

sspicli

srvcli

netutils

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

ntdll

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 1024B - Virtual size: 1020B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 212B