Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

833KB
MD5

dbdcc92232f5c1e70076dd2b4ba40a31
SHA1

7538ab9359dbc174a5c334859914b9481af47002
SHA256

e4bdd2d082e48820142b73d811ea61fd7e6f880122087f1be499c1d79090fce1
SHA512

7779072a23293f830ef3bfffea4175fb7110ccb14ae60a192ccff3fb5639de7c6865decdd885e2f3a27073dbe98144b1a83a4e488103eb0d3e01585194c4cc16
SSDEEP

12288:itYhMUbxS1hDspsqNKM+gZpBJCw335fL6XMJ2jZj0Pd9vom3rbY:wz1hDspXUM+gZpBJBL6ZjZjs9vhrbY

Score

1^/10

Malware Config

Signatures

Files

Setup.exe
.exe windows:4 windows x86

195c2c19276f5da5478f0635e06114a1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:8a:d4:08:54:52:fd:13:0f:fa:5e:1e:e0:a2:7e:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2006, 00:00

Not After

21/06/2007, 23:59

Subject

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

db:53:c0:ab:2b:c9:89:f5:5d:be:9f:c5:e1:57:a1:5a:83:e0:c0:83
Signer

Actual PE Digest

db:53:c0:ab:2b:c9:89:f5:5d:be:9f:c5:e1:57:a1:5a:83:e0:c0:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileSize
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
RaiseException
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
GetTimeZoneInformation
GetACP
HeapSize
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SuspendThread
GetProfileStringA
InterlockedExchange
SizeofResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
MulDiv
ExpandEnvironmentStringsA
CreateEventA
ResetEvent
SetEvent
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetDriveTypeA
lstrlenW
TerminateThread
ResumeThread
SetErrorMode
GetVersionExA
lstrcpynW
GetTickCount
HeapReAlloc
DeviceIoControl
OpenMutexA
ReleaseMutex
CreateMutexA
GetCurrentDirectoryA
MoveFileExA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetPrivateProfileSectionNamesA
lstrcmpA
WritePrivateProfileStringA
GetPrivateProfileSectionA
lstrcpynA
lstrcatA
lstrcmpiA
lstrcpyA
GetProcessHeap
HeapAlloc
HeapFree
WinExec
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntA
FindResourceA
LoadResource
LockResource
GlobalAlloc
GlobalLock
GetModuleHandleA
GlobalUnlock
GlobalFree
GetTempFileNameA
lstrlenA
GetModuleFileNameA
FileTimeToSystemTime
Sleep
GetSystemDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLCID
GetUserDefaultLangID
MultiByteToWideChar
GetSystemDirectoryA
GetShortPathNameA
FormatMessageA
LocalFree
GetTempPathA
GetCurrentProcess
CreateFileA
GetFileTime
CloseHandle
FindFirstFileA
CopyFileA
FindNextFileA
FindClose
LoadLibraryA
FreeLibrary
WideCharToMultiByte
RemoveDirectoryA
GetLastError
GetDiskFreeSpaceA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
SetLastError
GetPrivateProfileStringA
IsBadCodePtr
GetProcAddress
IsBadReadPtr
IsBadWritePtr
LCMapStringA

user32

DestroyMenu
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
InflateRect
GetClassNameA
PtInRect
GetSysColorBrush
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
IsIconic
GrayStringA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
CharUpperA
LoadStringA
UnhookWindowsHookEx
UpdateWindow
BringWindowToTop
RedrawWindow
PostMessageA
GetWindowTextA
CharNextA
WaitForInputIdle
PostThreadMessageA
ExitWindowsEx
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
ClientToScreen
ScreenToClient
IsDialogMessageA
SetDlgItemTextA
wsprintfA
MessageBoxA
ReleaseDC
GetWindowDC
GetDesktopWindow
TranslateMessage
DispatchMessageA
PeekMessageA
SetTimer
GetMessageA
KillTimer
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UnregisterClassA
EnableWindow
GetParent
BeginPaint
EndPaint
GetSystemMenu
EnableMenuItem
GetSysColor
LoadBitmapA
GetWindowRect
GetSystemMetrics
SetForegroundWindow
InvalidateRect
FindWindowA
IsWindow
SendMessageA
GetDlgItem
GetDC
GetClientRect
ShowWindow
CheckRadioButton
SendDlgItemMessageA
GetWindowPlacement
MapWindowPoints
DrawTextA
SetWindowTextA
OffsetRect

gdi32

IntersectClipRect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkMode
SetBkColor
SelectPalette
RestoreDC
SaveDC
DeleteDC
CreateBitmap
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePalette
RealizePalette
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
CreateFontIndirectA
SelectObject
DeleteObject
GetDeviceCaps
GetStockObject
CreateDIBitmap
GetTextExtentPointA
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

EnumPrintProcessorsA
EnumPortsA
EnumPrintersW
GetPrinterDriverDirectoryA
GetPrintProcessorDirectoryA
EnumMonitorsA
AddMonitorA
EnumPrinterDriversA
OpenPrinterA
GetPrinterA
SetPrinterA
EnumPrintersA
DocumentPropertiesA
AddPrinterDriverA
AddPrintProcessorA
AddPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
QueryServiceStatus
RegCreateKeyExA
RegUnLoadKeyA
RegLoadKeyA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
RegCloseKey
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceConfigA

comctl32

ord17
ImageList_Destroy

ole32

CoUninitialize
CoCreateInstance
CoInitialize

lz32

LZOpenFileA
LZCopy
LZClose

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??0CDeviceInf@@QAE@ABV0@@Z
??0CDeviceInf@@QAE@XZ
??0CDeviceInfSection@@QAE@ABV0@@Z
??0CDeviceInfSection@@QAE@XZ
??0CImageDriverInf@@QAE@ABV0@@Z
??0CImageDriverInf@@QAE@XZ
??0CIniSections@@QAE@ABV0@@Z
??0CIniSections@@QAE@XZ
??0CManufacturers@@QAE@ABV0@@Z
??0CManufacturers@@QAE@XZ
??0CPrinterDriverInf@@QAE@ABV0@@Z
??0CPrinterDriverInf@@QAE@XZ
??1CDeviceInf@@UAE@XZ
??1CDeviceInfSection@@UAE@XZ
??1CImageDriverInf@@UAE@XZ
??1CIniSections@@UAE@XZ
??1CManufacturers@@UAE@XZ
??1CPrinterDriverInf@@UAE@XZ
??4CDeviceInf@@QAEAAV0@ABV0@@Z
??4CDeviceInfSection@@QAEAAV0@ABV0@@Z
??4CImageDriverInf@@QAEAAV0@ABV0@@Z
??4CIniSections@@QAEAAV0@ABV0@@Z
??4CManufacturers@@QAEAAV0@ABV0@@Z
??4CPrinterDriverInf@@QAEAAV0@ABV0@@Z
??_7CDeviceInf@@6B@
??_7CDeviceInfSection@@6B@
??_7CImageDriverInf@@6B@
??_7CIniSections@@6B@
??_7CManufacturers@@6B@
??_7CPrinterDriverInf@@6B@
??_C@_08GILO@HelpFile?$AA@
??_C@_08OGFF@DataFile?$AA@
??_C@_0L@HDMK@DriverFile?$AA@
??_C@_0L@OJNJ@ConfigFile?$AA@
?AddPrinterA@CPrinterDriverInf@@IAEHPBD000@Z
?AddPrinterDriverA@CPrinterDriverInf@@IAEHPBD000@Z
?AllocAndGetDependentFiles@CPrinterDriverInf@@IAEPADPBD0000@Z
?AllocAndGetValue@CPrinterDriverInf@@IAEPADPBD00@Z
?AllocAndGetValueEx@CPrinterDriverInf@@IAEPADPBD0000@Z
?Clear@CDeviceInf@@QAEXXZ
?Clear@CDeviceInfSection@@QAEXXZ
?Clear@CIniSections@@QAEXXZ
?Clear@CManufacturers@@QAEXXZ
?Count@CDeviceInfSection@@QAEKXZ
?Count@CIniSections@@QAEKXZ
?DoInstall@CDeviceInf@@IAEHPBD00@Z
?GetConfigFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetDataFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetDeviceId@CDeviceInf@@QAEPBDK@Z
?GetDeviceIdCount@CDeviceInf@@QAEKXZ
?GetDeviceIdList@CDeviceInf@@IAEHH@Z
?GetDriverDesc@CDeviceInf@@QAEPBDKPBD@Z
?GetDriverFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetDriverVer@CDeviceInf@@QAEPBDXZ
?GetDriversCount@CDeviceInf@@QAEKPBD@Z
?GetFileInfo@CPrinterDriverInf@@IAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K0@Z
?GetFilesFromCopyFilesSection@CPrinterDriverInf@@IAEHPBD0AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?GetFullInfo@CDeviceInf@@QAEHH@Z
?GetHelpFile@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetInfClass@CDeviceInf@@QAEPBDXZ
?GetInstallSection@CDeviceInf@@IAEKPBD0KPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1@Z
?GetInstallSection@CDeviceInf@@QAEKPBDHPADPAK12PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetItem@CIniSections@@QAEPBDK@Z
?GetKey@CDeviceInfSection@@QAEPBDK@Z
?GetLanguageMonitorInfo@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetList@CDeviceInfSection@@QAEHXZ
?GetList@CIniSections@@QAEHXZ
?GetList@CManufacturers@@QAEHXZ
?GetMfg@CDeviceInf@@QAEPBDK@Z
?GetMfgCount@CDeviceInf@@QAEKXZ
?GetModelsSeed@CManufacturers@@QAEPBDK@Z
?GetPrintProcessorInfo@CPrinterDriverInf@@QAEHPBD0AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetSuitableDriverName@CDeviceInf@@QAEKPBDHPADPAK@Z
?GetValue@CDeviceInfSection@@QAEPBDK@Z
?HasSuitableDriver@CDeviceInf@@QAEKPBD0@Z
?Init@CDeviceInf@@QAEHPBDHH@Z
?Init@CDeviceInfSection@@QAEHPBDPAVCInfStringTable@@0@Z
?Init@CImageDriverInf@@QAEHPBDHH@Z
?Init@CIniSections@@QAEHPBD@Z
?Init@CManufacturers@@QAEHPBDPAVCInfStringTable@@0@Z
?Init@CPrinterDriverInf@@QAEHPBDHH@Z
?InitWFN@CDeviceInfSection@@QAEHPBGPAVCInfStringTable@@PBD@Z
?InstallDriver@CDeviceInf@@QAEHPBD0K@Z
?InstallDriver@CDeviceInf@@QAEHPBDH@Z
?InstallDriver@CPrinterDriverInf@@QAEHPBD0K@Z
?InstallDriver@CPrinterDriverInf@@QAEHPBDH@Z
?InstallPrinter@CPrinterDriverInf@@QAEHPBD0K00@Z
?InstallPrinter@CPrinterDriverInf@@QAEHPBDH00@Z
?IsComment@CDeviceInfSection@@IAEHPBD@Z
?SetAltProgress@CDeviceInf@@QAEXPAUHWND__@@I@Z
?SetColorProfile@CPrinterDriverInf@@IAEHPBD0@Z
?SetDirectoryId@CDeviceInf@@MAEHPAXPBD1@Z
?SetDirectoryId@CPrinterDriverInf@@MAEHPAXPBD1@Z
?SetOwner@CDeviceInf@@QAEXPAUHWND__@@@Z

Sections

.text
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

195c2c19276f5da5478f0635e06114a1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2e:8a:d4:08:54:52:fd:13:0f:fa:5e:1e:e0:a2:7e:1eCertificate

Extended Key Usages

Key Usages

db:53:c0:ab:2b:c9:89:f5:5d:be:9f:c5:e1:57:a1:5a:83:e0:c0:83Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

ole32

lz32

version

Exports

Exports

Sections

.text Size: 580KB - Virtual size: 577KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 128KB - Virtual size: 150KB

.rsrc Size: 52KB - Virtual size: 49KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2e:8a:d4:08:54:52:fd:13:0f:fa:5e:1e:e0:a2:7e:1e
Certificate

db:53:c0:ab:2b:c9:89:f5:5d:be:9f:c5:e1:57:a1:5a:83:e0:c0:83
Signer

.text
Size: 580KB - Virtual size: 577KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 128KB - Virtual size: 150KB

.rsrc
Size: 52KB - Virtual size: 49KB