Setup_651790[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Setup_651790.exe
Size

3.2MB
MD5

ec11a88236df300dd212f2e7a192e6c7
SHA1

eae70c319b189d0433026cc4f182b3e0ae278ab1
SHA256

e03f4f902c57bcddd3b6f0a962e864d245e6a14cfa6e4ec66e413027daf509d5
SHA512

7beb9821922c9a53718beb8ca1ecc4cb03c3051ec79af9323291eb684c6bfa04d698a2bcbe0951ad1c45fcad9fa46045dfad5afc1912079917328cd1cba1d176
SSDEEP

49152:jN32bA5Bneq5lSHAcfIw3+y2ar7S716ehof3RoVj64xIe0TUR7tPcdC:jNhSHwwuDGJUj64HPcd

Score

1^/10

Malware Config

Signatures

Files

Setup_651790.exe
.exe windows:5 windows x86

aa0bc1a69d974f233e02e29ac95f3d89

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

28/12/2022, 22:16

Not After

28/12/2023, 22:16

Subject

SERIALNUMBER=1242287,CN=Mack Digital Marking\, LLC,O=Mack Digital Marking\, LLC,L=Louisville,ST=Kentucky,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084b656e7475636b79,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:f7:ce:45:84:dc:64:20:47:0f:29:e0:84:82:aa:c3:ae:03:bc:1d:68:a5:37:d3:5b:c4:17:d0:f1:25:93:65
Signer

Actual PE Digest

cb:f7:ce:45:84:dc:64:20:47:0f:29:e0:84:82:aa:c3:ae:03:bc:1d:68:a5:37:d3:5b:c4:17:d0:f1:25:93:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

timeGetTime

comctl32

_TrackMouseEvent
ImageList_DragLeave
ImageList_Add
ImageList_SetIconSize
FlatSB_GetScrollInfo
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragEnter
InitializeFlatSB
ImageList_Create
FlatSB_SetScrollInfo
ImageList_SetBkColor
ImageList_Draw
ImageList_DragMove
FlatSB_SetScrollProp
ImageList_DrawIndirect
ImageList_GetBkColor
ImageList_Read
ImageList_BeginDrag
FlatSB_SetScrollPos
ImageList_GetIcon
ImageList_DrawEx
FlatSB_GetScrollPos
ImageList_EndDrag
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Write
ImageList_Remove
ImageList_GetDragImage

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

user32

LoadCursorW
EnableScrollBar
EndMenu
EnumThreadWindows
GetWindowDC
CreateIcon
SetCapture
MonitorFromPoint
GetKeyboardLayoutNameW
CreateIconIndirect
DestroyMenu
GetMessageExtraInfo
GetScrollRange
DrawTextW
GetCapture
CreateWindowExW
WindowFromPoint
SetWindowLongW
EndPaint
SetScrollRange
ShowOwnedPopups
GetWindowLongW
DefMDIChildProcW
IsIconic
IsWindowEnabled
DrawIcon
GetMenu
GetMenuItemInfoW
GetMenuState
IsDialogMessageW
ReleaseDC
GetKeyboardLayout
MessageBoxW
IsClipboardFormatAvailable
ClientToScreen
EnumClipboardFormats
SetClassLongW
MapVirtualKeyW
GetKeyboardLayoutList
HideCaret
InsertMenuItemW
GetWindow
UnregisterClassW
DispatchMessageW
DrawFrameControl
UnhookWindowsHookEx
GetParent
GetKeyboardState
SetTimer
BeginPaint
PostQuitMessage
TranslateMessage
SetMenuItemInfoW
IsChild
CheckMenuItem
PeekMessageW
GetMessagePos
RegisterClassW
GetMonitorInfoW
SetWindowRgn
CallWindowProcW
SwitchToThisWindow
GetWindowRect
SetScrollInfo
PeekMessageA
InsertMenuW
GetSysColorBrush
GetWindowPlacement
GetMenuStringW
MsgWaitForMultipleObjectsEx
GetDlgCtrlID
CharLowerBuffW
GetClassInfoW
GetClassNameW
SetScrollPos
DestroyIcon
EnableMenuItem
SendMessageW
DrawFocusRect
GetSysColor
FrameRect
GetWindowThreadProcessId
GetLastActivePopup
GetClassLongW
SetWindowPlacement
SetParent
LoadIconW
GetActiveWindow
FindWindowExW
SetMenu
SetWindowTextW
GetCursor
EnumWindows
GetPropW
GetScrollInfo
PostMessageW
GetDCEx
FindWindowW
TrackPopupMenu
WaitMessage
GetDesktopWindow
LoadStringW
EnableWindow
GetDC
ScreenToClient
DrawTextExW
SetWindowPos
RegisterClipboardFormatW
GetFocus
CallNextHookEx
CharUpperW
IsZoomed
ShowCaret
SetRect
CharLowerW
RemovePropW
FillRect
GetKeyState
MsgWaitForMultipleObjects
ShowWindow
LoadKeyboardLayoutW
DestroyWindow
CreatePopupMenu
IsWindowVisible
DrawEdge
SetCursorPos
ShowScrollBar
CopyImage
RedrawWindow
GetMenuItemCount
EnumDisplayMonitors
RemoveMenu
IsWindowUnicode
SetPropW
DrawMenuBar
MapWindowPoints
ScrollWindow
GetKeyNameTextW
ActivateKeyboardLayout
GetSystemMenu
GetSystemMetrics
SetWindowsHookExW
GetSubMenu
LoadBitmapW
UpdateWindow
KillTimer
SendMessageA
GetClientRect
GetWindowTextW
DefWindowProcW
EnumChildWindows
ReleaseCapture
DispatchMessageA
GetForegroundWindow
GetCursorPos
GetTopWindow
GetClipboardData
GetIconInfo
RegisterWindowMessageW
DeleteMenu
GetScrollPos
CharNextW
InvalidateRect
CreateMenu
SystemParametersInfoW
MessageBeep
MonitorFromWindow
DrawIconEx
DestroyCursor
SetFocus
AdjustWindowRectEx
CharUpperBuffW
GetMenuItemID
TranslateMDISysAccel
SetCursor
SetForegroundWindow
SetActiveWindow
IsWindow
DefFrameProcW
IsDialogMessageA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleaut32

GetErrorInfo
SysFreeString
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
VariantInit
SafeArrayPtrOfIndex
SysAllocStringLen
VariantChangeType
VariantClear
VariantCopy
SysReAllocStringLen

advapi32

AdjustTokenPrivileges
OpenProcessToken
OpenSCManagerW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
OpenServiceW

netapi32

NetApiBufferFree
NetWkstaGetInfo

msvcrt

memcpy

winhttp

WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpSetStatusCallback

kernel32

SetThreadPriority
LockResource
EnumResourceNamesW
GetEnvironmentVariableW
SuspendThread
DeviceIoControl
GlobalAlloc
GetSystemInfo
SwitchToThread
QueryPerformanceFrequency
GetCPInfoExW
LeaveCriticalSection
GetExitCodeThread
ReadFile
GetFullPathNameW
GetVersion
GetFileAttributesW
GetTimeZoneInformation
VirtualQuery
GlobalFree
TlsSetValue
EnterCriticalSection
LocalFree
IsDebuggerPresent
SetErrorMode
GetStartupInfoW
QueryPerformanceCounter
CloseHandle
SizeofResource
ExitThread
GlobalHandle
VirtualAlloc
LoadLibraryExW
VirtualFree
VirtualQueryEx
ExitProcess
LCMapStringW
GetCurrentThreadId
GetLastError
ResumeThread
TerminateThread
GetCurrentProcess
GlobalLock
HeapAlloc
LoadLibraryA
GetSystemDefaultUILanguage
FindNextFileW
CreateThread
GetCPInfo
InitializeCriticalSection
EnumCalendarInfoW
LoadLibraryW
GetThreadLocale
GetDiskFreeSpaceW
IsValidLocale
GetThreadPriority
GetFileSize
GetCurrentProcessId
WriteFile
CompareStringW
GetLocalTime
GetACP
FreeLibrary
CreateMutexW
FileTimeToSystemTime
SetEvent
VerifyVersionInfoW
MultiByteToWideChar
FindResourceW
UnhandledExceptionFilter
VirtualProtect
ResetEvent
HeapCreate
GetDateFormatW
GlobalDeleteAtom
GetLocaleInfoW
SetLastError
FindClose
GetCommandLineW
MoveFileW
CreateEventW
FormatMessageW
CreateFileW
WaitForMultipleObjectsEx
CreateDirectoryW
Sleep
WaitForSingleObject
FindFirstFileW
GetTempPathW
GlobalAddAtomW
GetTickCount
SetFilePointer
SetEndOfFile
GetUserDefaultUILanguage
TlsGetValue
RaiseException
GetModuleFileNameW
GetVersionExW
RtlUnwind
SetThreadLocale
LocalAlloc
VerSetConditionMask
FreeResource
HeapFree
GetProcAddress
WideCharToMultiByte
GetDriveTypeW
GetCurrentThread
lstrlenW
GlobalFindAtomW
GlobalSize
MulDiv
HeapDestroy
DeleteCriticalSection
GetModuleHandleW
LoadResource
GlobalUnlock
GetComputerNameW
GetStdHandle

ole32

CoTaskMemAlloc
CoCreateInstance
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
IsEqualGUID
CoTaskMemFree

gdi32

GetWindowOrgEx
SetWindowOrgEx
GetEnhMetaFilePaletteEntries
GetBitmapBits
GetDeviceCaps
GetObjectW
SetBrushOrgEx
LineTo
CreateBitmap
CreatePenIndirect
AngleArc
PolyBezier
IntersectClipRect
CreateCompatibleBitmap
DeleteObject
Polygon
GetBrushOrgEx
CopyEnhMetaFileW
SetViewportOrgEx
SetROP2
ExcludeClipRect
EnumFontFamiliesExW
CreateSolidBrush
CreateBrushIndirect
SetStretchBltMode
RectVisible
CreateFontIndirectW
SetDIBColorTable
ExtFloodFill
Pie
CreateCompatibleDC
PatBlt
GetEnhMetaFileDescriptionW
GetDIBColorTable
SelectObject
SetBkColor
GetStockObject
CreateDIBSection
GdiFlush
SetRectRgn
StretchBlt
Arc
GetStretchBltMode
GetPixel
UnrealizeObject
GetTextExtentPoint32W
ArcTo
GetClipBox
CreateDIBitmap
SetTextColor
PlayEnhMetaFile
MoveToEx
DeleteEnhMetaFile
ExtTextOutW
SaveDC
CreateHalftonePalette
GetTextMetricsW
SetBkMode
BitBlt
SetWinMetaFileBits
GetEnhMetaFileHeader
GetNearestPaletteIndex
PolyBezierTo
SelectPalette
SetDIBits
RoundRect
RealizePalette
CreateRectRgn
RestoreDC
CreatePalette
SetPixel
GetPaletteEntries
FrameRgn
GetEnhMetaFileBits
GetWinMetaFileBits
GetCurrentPositionEx
GetDIBits
Ellipse
DeleteDC
GetTextExtentPointW
Polyline
Chord
Rectangle
SetEnhMetaFileBits
GetSystemPaletteEntries
GetRgnBox
MaskBlt

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa0bc1a69d974f233e02e29ac95f3d89

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6cCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

cb:f7:ce:45:84:dc:64:20:47:0f:29:e0:84:82:aa:c3:ae:03:bc:1d:68:a5:37:d3:5b:c4:17:d0:f1:25:93:65Signer

Headers

File Characteristics

Imports

winmm

comctl32

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

winhttp

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 133KB - Virtual size: 132KB

.bss Size: - Virtual size: 27KB

.idata Size: 12KB - Virtual size: 12KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 149B

.tls Size: - Virtual size: 88B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 271KB - Virtual size: 271KB

.rsrc Size: 132KB - Virtual size: 132KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

cb:f7:ce:45:84:dc:64:20:47:0f:29:e0:84:82:aa:c3:ae:03:bc:1d:68:a5:37:d3:5b:c4:17:d0:f1:25:93:65
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 133KB - Virtual size: 132KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 12KB - Virtual size: 12KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 149B

.tls
Size: - Virtual size: 88B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 271KB - Virtual size: 271KB

.rsrc
Size: 132KB - Virtual size: 132KB