setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

2.2MB
MD5

1de77e9f35c505ab9274f90a592793cf
SHA1

6dee0a584a330d0d56055fdca1a0cb3078c5794d
SHA256

39dc8267939ba672a5c81321e00db9a4fb2628bfdc738f6285ee111a86ec6057
SHA512

907eb52cebde9c5d451f53fcc288770a814d9b1474d876b4ff5d4e424136deadab48eb660736fa93283f7cecc36b8ff225f3eac81596a18a9bf3d734a69deb97
SSDEEP

49152:seiZwaTVMAqfWjg36WvkA3Do26D9Wh35jVTwz0ZSH1t4JeWzONnAyIhFcQQM:sUYVeWjgd7826D9Wh35hTwz0ZSH1t4Jd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows:4 windows x64

d75116b68202e298728ec70552120ba0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

strcpy_s
memset
strcat_s
malloc
strncpy
memmove
fopen
fwrite
fclose
strstr
strrchr
strcat
fgetc
fputc
rand
_getcwd
strncat
sprintf
getenv
_itoa
strcmp
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

kernel32

CreatePipe
SetHandleInformation
GetStdHandle
CreateProcessA
CloseHandle
ReadFile
WaitForSingleObject
GetExitCodeProcess
GetWindowsDirectoryA
GetLocaleInfoA
GetModuleFileNameA
CopyFileA
GetCurrentProcessId
ExitProcess

user32

MessageBoxA

shell32

ShellExecuteExA

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ