setup[.]exe (14)[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe (14).7z
Size

420KB
MD5

f3e7761cb7f2bfd95b7cf7e6260c1f2a
SHA1

0b228e19d56c4525066883cb192a766810ebf3f0
SHA256

311120776431cc3763e08693d9a918d4d59a963b943d29f74a641039098408ca
SHA512

17d378c55c134a7555f4e903ec01f6c3af0424b4517f537ad06239b3b241b71e5251988e8cf8aee1030ffb8d1cd5853786e70b8463011636f288a7824b6a9558
SSDEEP

12288:T7/+7CAYStCX4g428Gfj2pchgM9Cr4/YztF67CPf8P:TIlltC4gBfphgs/XuQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

setup.exe (14).7z
.7z

Password: infected
setup.exe
.exe windows:5 windows x86

b11c944a344d112938510b4b31b806b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

IsBadReadPtr
CompareStringW
CompareStringA
GetSystemDefaultLangID
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileTime
SetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
CopyFileW
GetWindowsDirectoryW
InterlockedDecrement
InterlockedIncrement
GetTempPathW
CreateFileW
LoadLibraryA
GetSystemDirectoryA
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileIntW
LockResource
LoadResource
MultiByteToWideChar
MoveFileExW
WriteProcessMemory
VirtualProtectEx
GetSystemDirectoryW
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
TerminateProcess
ExitProcess
LoadLibraryW
lstrcatW
lstrcpynW
lstrcmpiW
LoadLibraryExW
FreeLibrary
FindResourceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
CreateEventW
CreateMutexW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
SetErrorMode
RaiseException
FreeResource
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
MulDiv
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleMode
WriteFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
FindFirstFileW
FindClose
CreateDirectoryW
VerLanguageNameW
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
lstrcpyA
GetTickCount
ExitThread
CreateThread
GetExitCodeProcess
ReadFile
GetCommandLineW
FormatMessageW
LocalFree
SizeofResource
GetVersionExW
GetCurrentProcess
WaitForSingleObject
SetLastError
GetLastError
DuplicateHandle
RemoveDirectoryW
DeleteFileW
SetCurrentDirectoryW
lstrlenW
lstrcpyW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
Sleep
CloseHandle
GetSystemDefaultUILanguage
ReadConsoleW
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
GetStdHandle
HeapSize
AreFileApisANSI
GetModuleHandleExW
GetStringTypeW
GetCurrentThreadId
GetCPInfo
GetOEMCP
IsValidCodePage
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FatalAppExitA
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
lstrcpynA
LocalAlloc
FindNextFileW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
lstrcmpW
GetShortPathNameW
GetCurrentThread
QueryPerformanceCounter
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
GetEnvironmentVariableW
CompareFileTime
InterlockedExchange
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
LCMapStringW
GetVersion
GetCurrentProcessId
GetLocalTime
lstrlenA
GetProcessTimes
OpenProcess
SetFileTime

user32

DialogBoxIndirectParamW
MoveWindow
SendMessageW
CharUpperBuffW
WaitForInputIdle
wsprintfW
GetDlgItem
SetDlgItemTextW
SetActiveWindow
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
LoadIconW
TranslateMessage
DispatchMessageW
PeekMessageW
EndDialog
SystemParametersInfoW
GetWindow
FillRect
GetSysColor
MapWindowPoints
RemovePropW
GetPropW
SetPropW
EndPaint
BeginPaint
EnableMenuItem
GetSystemMetrics
SetFocus
ExitWindowsEx
CharUpperW
wsprintfA
CallWindowProcW
CreateWindowExW
DrawIcon
DrawTextW
UpdateWindow
GetWindowDC
InvalidateRect
DrawFocusRect
CopyRect
InflateRect
EnumChildWindows
GetClassNameW
MapDialogRect
RegisterClassExW
GetDlgItemTextW
IntersectRect
MonitorFromPoint
DefWindowProcW
GetMessageW
LoadStringW
LoadImageW
ReleaseDC
GetDC
CreateDialogParamW
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
CreateDialogIndirectParamW
IsWindowVisible
IsDialogMessageW
FindWindowExW
ScreenToClient
EnableWindow
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
PostMessageW

gdi32

SetTextColor
SetBkMode
SetBkColor
SaveDC
RestoreDC
CreateSolidBrush
UnrealizeObject
CreateHalftonePalette
GetDIBColorTable
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
BitBlt
GetObjectW
TranslateCharsetInfo
DeleteObject
CreateFontIndirectW
CreateCompatibleBitmap
CreateDCW
CreatePatternBrush
GetStockObject
GetTextExtentPoint32W
DeleteMetaFile
CreateDIBitmap
CreateBitmap
CreateRectRgn
PatBlt
PlayMetaFile
SelectClipRgn
SetMapMode
SetMetaFileBitsEx
SetPixel
StretchBlt
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
TextOutW

advapi32

CryptSignHashW
RegEnumValueW
RegQueryValueExW
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
RegOverridePredefKey
RegCreateKeyW
RegEnumKeyW
OpenThreadToken
GetTokenInformation
EqualSid
CryptAcquireContextW
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptImportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptVerifySignatureW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
ProgIDFromCLSID
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
GetRunningObjectTable
CreateItemMoniker
CoLoadLibrary
CoCreateGuid
StringFromGUID2

oleaut32

VariantChangeType
VarBstrCmp
CreateErrorInfo
SetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VariantInit
VariantClear
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysReAllocStringLen
GetErrorInfo
SysStringByteLen
VarBstrCat
SysAllocStringByteLen

rpcrt4

UuidCreate
RpcStringFreeW
UuidFromStringW
UuidToStringW

gdiplus

GdipFree
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b11c944a344d112938510b4b31b806b8

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

gdiplus

Sections

.text Size: 689KB - Virtual size: 688KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 305KB - Virtual size: 304KB

.text
Size: 689KB - Virtual size: 688KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 305KB - Virtual size: 304KB