setup_free[.]zip | Triage

Sharing

General

Target

setup_free.zip
Size

10.1MB
MD5

c119f9703b856f21019dd41275372413
SHA1

bebdbee12d8b0864e02bb89727b4b3959ff675ec
SHA256

f65dabdd07a266b0fac6020d2a8f2ab9ab36059d648b82a65e06d58b160db343
SHA512

8dfb4c20e28dc4037a2f05d6259aeabf437f097eba6ece8f38f512a22ee592f8d2ea693f05a9a9eefc5222ee01f1a6d7e308c363137b854f42cdfd448cd39bfd
SSDEEP

196608:I+yZM4cwKKBiaFxBUAGT0uzkhr/fG2HBJhDh3KdJqJnyIQx3QBuS23Y:I+yZLcwpTFnUjzQK2HxR+8JRQup23Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup_free.exe

Files

setup_free.zip
.zip
setup_free.exe
.exe windows:6 windows x86

f12628e79e0578736a9c8d42dbc589c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 738.7MB - Virtual size: 738.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ai7
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.X%m
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<;C
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ