OfficeSetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OfficeSetup.exe
Size

7.3MB
MD5

0dc9aec0156811cf2d5c53f6faa01bd1
SHA1

e496342eb3c274f91788c9a000950b14f5a5a9d7
SHA256

eafc3befb0cb291917cd27456c5cee72ab7a5bcdfafc18c6a41b2bdc43373580
SHA512

1edf0fe0aa1bdfb0ffcbfed1665c66865e3955f36f41dad9a0d31ccabadfa630a2c892d70533a6891d5e2ac4e3219b0e49e85fd22648da5e0ba741c0f094edde
SSDEEP

196608:VjMdmAoOG5xu6bzaLWss8/ekAyOWCmmQvvZ1xRSaI6HMaJTtGbw:lvAoOG5x0WY/ekAlWvZ1xR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OfficeSetup.exe

Files

OfficeSetup.exe
.exe windows:5 windows x86

Password: f6_H3skL

dad3940b8286ba7e4b11f8ed291ffa4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CreateWellKnownSid
CheckTokenMembership
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
EventWriteTransfer
EventRegister
EventUnregister
RegNotifyChangeKeyValue
RevertToSelf
OpenThreadToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
ChangeServiceConfigW
RegEnumValueA
RegDeleteValueA
RegGetValueA
EventWrite

ole32

CoInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoCreateFreeThreadedMarshaler
IIDFromString
CoInitializeSecurity
CoInitializeEx
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
VariantInit
VariantClear
SetErrorInfo
SysAllocString
SysStringLen

gdi32

CreateFontW
SetBkColor
SetTextColor
DeleteObject
Rectangle
SetDCPenColor
CreatePen
GetTextExtentPoint32W
SelectObject
CreateSolidBrush
SetDCBrushColor
GetTextMetricsW
GetStockObject
GetDeviceCaps

kernel32

RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
CloseThreadpoolWork
CreateTimerQueueTimer
ExitProcess
CloseHandle
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
CompareStringEx
LocalFree
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
FreeLibrary
CreateThread
GetCurrentThreadId
GetExitCodeThread
SetProcessMitigationPolicy
CreateEventExW
WriteFile
DeleteFileW
WideCharToMultiByte
IsWow64Process
GetModuleHandleExW
ExpandEnvironmentStringsW
GlobalFree
MultiByteToWideChar
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CreateMutexW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultLocaleName
FlsFree
FlsAlloc
AttachConsole
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
LocaleNameToLCID
FindClose
UnmapViewOfFile
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FormatMessageA
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
OpenProcess
GetExitCodeProcess
GetProcessTimes
GetTickCount64
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
GlobalMemoryStatusEx
GetVersionExW
IsValidCodePage
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetCPInfoExW
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
SetErrorMode
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetSystemDirectoryW
HeapAlloc
CreateEventW
SetEvent
WaitForSingleObject
ReleaseSemaphore
WaitForSingleObjectEx
GetOEMCP
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
QueryDepthSList
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
TzSpecificLocalTimeToSystemTime
OpenEventW
ReleaseMutex
CreateMutexExW
OpenMutexW
GetTempPathW
GetLongPathNameW
GetFinalPathNameByHandleW
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
ResetEvent
IsDebuggerPresent
GetFileAttributesExW
FindFirstFileExW
MoveFileExW
FindNextFileW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
LockFileEx
UnlockFileEx
GetFileInformationByHandleEx
GetCurrentDirectoryW
GetTempFileNameW
CopyFileExW
GetVolumePathNamesForVolumeNameW
SetFileInformationByHandle
CreateFileMappingW
WaitForMultipleObjects
OpenThread
GetFileType
SetFilePointer
GetOverlappedResult
GetFileAttributesW
GetFileTime
CopyFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
LockResource
LCIDToLocaleName
SetFileTime
CancelIoEx
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetTickCount
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
GetStartupInfoW
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
QueryUnbiasedInterruptTime
OutputDebugStringW
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
LocalAlloc
GetThreadLocale
FindFirstFileW
lstrcmpW
FlushViewOfFile
GetFullPathNameW
DeleteFileA
GetTempPathA
ProcessIdToSessionId
GetCommandLineW
SetEnvironmentVariableW
GetPriorityClass
K32EnumProcesses
GetTimeZoneInformation
IsValidLocale
GetLocaleInfoEx
LCMapStringEx
GetSystemDefaultLCID
ResolveLocaleName
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetFileAttributesA
LoadLibraryExA
GetLocaleInfoW
GetUserPreferredUILanguages
GetACP
GetUserGeoID
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
HeapValidate
HeapSize
GetDiskFreeSpaceA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
K32GetProcessMemoryInfo
GetPhysicallyInstalledSystemMemory
GetProductInfo
SwitchToThread
InitializeCriticalSectionAndSpinCount
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
SleepConditionVariableCS
InitializeConditionVariable
InitOnceBeginInitialize
DeleteTimerQueueTimer
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
ExitThread
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
ReadFile
InitOnceComplete
EnumSystemLocalesW
CompareStringW
SetStdHandle
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
GetLocalTime
WaitForMultipleObjectsEx
GetFileInformationByHandle
GetStringTypeW
GetSystemPreferredUILanguages
K32GetProcessImageFileNameW
GetDateFormatW
GetTimeFormatW
GetDriveTypeW

setupapi

SetupIterateCabinetW

gdiplus

GdipDeleteGraphics
GdiplusStartup
GdipCreateFromHDC
GdipDrawImageRectI
GdipLoadImageFromStream
GdipFree
GdipAlloc
GdipDisposeImage
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCloneImage

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: f6_H3skL

dad3940b8286ba7e4b11f8ed291ffa4a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

oleaut32

gdi32

kernel32

setupapi

gdiplus

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 194KB - Virtual size: 258KB

.rsrc Size: 343KB - Virtual size: 342KB

.reloc Size: 377KB - Virtual size: 377KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 194KB - Virtual size: 258KB

.rsrc
Size: 343KB - Virtual size: 342KB

.reloc
Size: 377KB - Virtual size: 377KB