Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

110KB
MD5

497f7ba4491582569dea68545ade8acc
SHA1

f2fec19bb7b6dc3bc12d6e5cec21ccace42a8e2c
SHA256

4cffc9f19574516dc95e5f2a1b0a1daa96736aa5cff04fc797b0227d21fe6945
SHA512

7e0cf0697165af9ada4b6613190a3666099718e7d87987f084c21ab3e4502a71ce267db9580101a4587fb78e9522d09bdfb5d4f9653ec500d1dfd00d5184a429
SSDEEP

3072:dyEB+CvheoSIJKMu29WPaTAFAQ/6HF3YeH:Ys+4htruFFXOIeH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Desktop/Handover/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EMG/Setup.exe

Files

Setup.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Desktop/Handover/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EMG/Setup.exe
.exe windows x86

Password: S@ndb0x!2023@@

81638d02019c0bfcaaf23a9c69f2f12c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json