Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

110KB
MD5

60e115c5faa2f1480b813d6a6e33de17
SHA1

e5e2c52c4b417691caa7cafbe544eb7e172fe577
SHA256

de8166c91a58ea3c24092e57ae4e855c1fefbfb5a5c895c3e57bd97d2a58edd9
SHA512

0cb9d6af59454a980535d597f8e351dcbf64fe9e1ff2e5b846639de991d6f70c71474bbe3e48597a5d56b3feafa18453526839ab9367e4e37d9f0fbe11c1f8ee
SSDEEP

1536:NRyhzz+C/wMGF7EctFClBm8ar+CSKs27RX9BKcOxJs3bazyugfRX7TkFTghbz6nC:7kzz1GFVPC7m4EhxOXyuIfkFUYdvbDQR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Desktop/Handover/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EmgServer/Setup.exe

Files

Setup.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Desktop/Handover/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EmgServer/Setup.exe
.exe windows x86

Password: S@ndb0x!2023@@

81638d02019c0bfcaaf23a9c69f2f12c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json