Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

780.3MB
MD5

95b4b47ba201cf6b40e3393176466bb8
SHA1

739d0129e81e2b0e4c49c5f6577e3a4b775efbce
SHA256

d2fb57b0ce0b6b5299ba8d19c4d809813185dc403c435e1cc49828cab64839d3
SHA512

175a75364a1e9195e40afb6059007dadbc7d42c89f01d782ed786f54d1283b7ba2eefdd868d09f38ae52e6cdf481a7e3365d58ab9acf2091bf5c78522f28b44a
SSDEEP

98304:jxWgjJiF2XO/GMRKOEpw8Wv3y1Lm7I8DJfDgxQ3V03r8y55ntV/boRCjsm:RJ9OejDfmELzQf8ql49rbeKR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

Setup.exe
.exe windows:6 windows x86

5c4ca581bd0c16fde33f63c4ab8ff974

Code Sign

29:43:9b:e8:07:84:37:b1:47:dc:cc:b2:b0:d3:b4:b0
Certificate

Issuer

CN=Colorful iGame S790-X ZNG Edition V35

Not Before

01/12/2022, 17:37

Not After

02/12/2032, 17:37

Subject

CN=Colorful iGame S790-X ZNG Edition V35

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:72:7c:3a:f4:7a:d4:6e:22:05:53:b5:d3:1e:30:9a:08:04:33:09:96:15:a4:62:0a:68:91:e4:3a:cb:1b:de
Signer

Actual PE Digest

82:72:7c:3a:f4:7a:d4:6e:22:05:53:b5:d3:1e:30:9a:08:04:33:09:96:15:a4:62:0a:68:91:e4:3a:cb:1b:de

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumDisplayDevicesA

advapi32

GetCurrentHwProfileW

gdi32

BitBlt

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wininet

HttpAddRequestHeadersA

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c4ca581bd0c16fde33f63c4ab8ff974

Code Sign

29:43:9b:e8:07:84:37:b1:47:dc:cc:b2:b0:d3:b4:b0Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

82:72:7c:3a:f4:7a:d4:6e:22:05:53:b5:d3:1e:30:9a:08:04:33:09:96:15:a4:62:0a:68:91:e4:3a:cb:1b:deSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

winhttp

iphlpapi

wininet

crypt32

Sections

.text Size: - Virtual size: 425KB

.rdata Size: - Virtual size: 48KB

.data Size: - Virtual size: 16KB

.vmp0 Size: - Virtual size: 2.5MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 120KB - Virtual size: 286KB

29:43:9b:e8:07:84:37:b1:47:dc:cc:b2:b0:d3:b4:b0
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

82:72:7c:3a:f4:7a:d4:6e:22:05:53:b5:d3:1e:30:9a:08:04:33:09:96:15:a4:62:0a:68:91:e4:3a:cb:1b:de
Signer

.text
Size: - Virtual size: 425KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 16KB

.vmp0
Size: - Virtual size: 2.5MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 120KB - Virtual size: 286KB