Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

238KB
MD5

ca54833157e87a7e553e6c6fd838f466
SHA1

3a622654add11bca87ea9232712817f3903fb525
SHA256

453be50e00bb79c29fc25039f672ce8063d1c37afcc7e6a4188a4c992ff4cc5c
SHA512

b0539a12129684b4e9d5885e5837eb24663aaf1f241f5d6bb7c96db4bcb342cfb7b6222b1356abc66fab07d78a9b4ab3c503afaf9059487b0cf305a4d2ad3708
SSDEEP

3072:FLg/PC7EKiNv0Dliiio5ByoENvFowDVZcLwF4+xcjzozZBJZFqb2tv2LbL+GBeLb:FLgy7EK+v0DliGEN2wDILWNy8p

Score

1^/10

Malware Config

Signatures

Files

Setup.exe
.exe windows x86

9bccd1ab84153af8b320c8bc8ecf4060

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:6a:01:88:d4:02:94:10:b5:c3:67:10:49:11:42:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/08/2006, 00:00

Not After

28/08/2007, 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:a7:55:f5:53:87:fd:91:82:4f:e1:88:43:0e:e6:af:a7:dc:11:95
Signer

Actual PE Digest

39:a7:55:f5:53:87:fd:91:82:4f:e1:88:43:0e:e6:af:a7:dc:11:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetA

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

MulDiv
GlobalFlags
GetCurrentDirectoryA
GetProcessVersion
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
SizeofResource
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
GetEnvironmentVariableA
TlsGetValue
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
FindNextFileA
SetLastError
GetFileTime
GetFileSize
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GetProfileStringA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
HeapAlloc
HeapFree
WritePrivateProfileStringA
CreateProcessA
GetUserDefaultLCID
MultiByteToWideChar
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTempPathA
Sleep
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetSystemDirectoryA
lstrcpyA
lstrcatA
GetShortPathNameA
GetWindowsDirectoryA
DeleteFileA
MoveFileA
GetDiskFreeSpaceExA
CopyFileA
GetFileAttributesA
SetFileAttributesA
MoveFileExA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
OpenMutexA
CloseHandle
CreateMutexA
GetCurrentProcess
ReleaseMutex
HeapDestroy

user32

GetClientRect
ScreenToClient
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
DestroyMenu
ReleaseDC
GetDC
DrawFocusRect
FillRect
InvalidateRect
PtInRect
LoadCursorA
ClientToScreen
GetClassNameA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetSysColorBrush
InflateRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
LoadStringA
GetSystemMetrics
CharUpperA
wsprintfA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetActiveWindow
GetKeyState
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
CharNextA
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnableWindow
GetSystemMenu
CopyRect
GetForegroundWindow
IsWindowUnicode
MessageBoxA
GetWindowRect
UpdateWindow
EnableMenuItem
PostMessageA
ExitWindowsEx
MoveWindow

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
GetTextMetricsA
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
PatBlt
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPointA
CreateDIBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
GetTokenInformation

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bccd1ab84153af8b320c8bc8ecf4060

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

74:6a:01:88:d4:02:94:10:b5:c3:67:10:49:11:42:84Certificate

Extended Key Usages

Key Usages

39:a7:55:f5:53:87:fd:91:82:4f:e1:88:43:0e:e6:af:a7:dc:11:95Signer

Headers

File Characteristics

Imports

setupapi

comctl32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

ole32

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 12KB - Virtual size: 11KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

74:6a:01:88:d4:02:94:10:b5:c3:67:10:49:11:42:84
Certificate

39:a7:55:f5:53:87:fd:91:82:4f:e1:88:43:0e:e6:af:a7:dc:11:95
Signer

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 12KB - Virtual size: 11KB