setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

123KB
MD5

17e429d6981d165915f70bbb2d659b4b
SHA1

19f3c59338a4b5ad8e5ea7b96fec982592172839
SHA256

2aa81bc888dfa304e89dc43eca16d76bccaf2f2085c2565b1cf0c368493276e9
SHA512

2bc21f936ae8453f47307e29194ac2297b09b17816666b1d8e85cdb5d8eba6e4f610a92143a189a56fc141a001db9872dba656b4a91046829641b8b32854c755
SSDEEP

3072:l/R17fiqJKwF881ogN7ZWlyv515lYksbMk0GR0Z9Gl/:lp17fIwK2Tv51sA2/

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows x86

c06639b8edf397b91f14f062d74fac45

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:ab:dc:40:57:ff:b3:d2:b4:61:cf:e8:5a:3f:58:0f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/03/2007, 00:00

Not After

25/03/2010, 23:59

Subject

CN=Sony Ericsson Mobile Communication,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PCSW,O=Sony Ericsson Mobile Communication,ST=Skane,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:7a:4e:f9:f6:e5:c7:6b:16:21:39:7b:61:a1:7b:05:42:0c:58:72
Signer

Actual PE Digest

00:7a:4e:f9:f6:e5:c7:6b:16:21:39:7b:61:a1:7b:05:42:0c:58:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DeleteFileA
FindClose
SetFileAttributesA
FindFirstFileA
WideCharToMultiByte
Sleep
WaitForSingleObject
CreateThread
GetProcAddress
LoadLibraryW
FreeLibrary
OpenProcess
lstrcpyW
SetLastError
HeapFree
HeapAlloc
MultiByteToWideChar
TerminateProcess
FreeResource
SizeofResource
LoadResource
FindResourceA
WriteFile
LockResource
lstrcpyA
GetModuleFileNameA
LoadLibraryA
GetTempPathA
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
CreateDirectoryA
GetTempFileNameA
RemoveDirectoryA
FindNextFileA
GetCurrentProcess
GetVersionExA
GetModuleHandleA
CloseHandle
GetDateFormatA
GetLocalTime
lstrcpynA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
FlushFileBuffers
GetACP
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetStdHandle
GetStdHandle
SetHandleCount
SetEndOfFile
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileTime
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
GetFileAttributesA
RaiseException
RtlUnwind
ExitProcess
SetFilePointer
ReadFile
GetFileType
GetLastError

user32

ShowWindow
SendMessageA
PostMessageA
GetWindowThreadProcessId
wvsprintfA
FindWindowA
GetActiveWindow
IsWindow
IsWindowVisible
InvalidateRect
UpdateWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
BringWindowToTop
IsIconic
MonitorFromWindow
GetMonitorInfoA
PeekMessageA
GetWindowRect
SetWindowPos
GetWindowLongA
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
UnregisterClassA
PostQuitMessage
DestroyWindow
SetWindowTextA
GetWindowTextA
wsprintfA
GetDlgItem
DefDlgProcA
LoadCursorA
RegisterClassA
EnumWindows
CreateDialogParamA

gdi32

CreateSolidBrush

shell32

ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathIsDirectoryA
PathCombineA
PathRemoveFileSpecA
PathAppendA
PathStripPathA
PathRemoveBackslashA
PathRenameExtensionA
PathStripPathW
PathAddBackslashA
PathFileExistsA

version

VerQueryValueA

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c06639b8edf397b91f14f062d74fac45

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

54:ab:dc:40:57:ff:b3:d2:b4:61:cf:e8:5a:3f:58:0fCertificate

Extended Key Usages

Key Usages

00:7a:4e:f9:f6:e5:c7:6b:16:21:39:7b:61:a1:7b:05:42:0c:58:72Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

version

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 30KB

.rsrc Size: 28KB - Virtual size: 24KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

54:ab:dc:40:57:ff:b3:d2:b4:61:cf:e8:5a:3f:58:0f
Certificate

00:7a:4e:f9:f6:e5:c7:6b:16:21:39:7b:61:a1:7b:05:42:0c:58:72
Signer

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 30KB

.rsrc
Size: 28KB - Virtual size: 24KB