Setup[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.7z
Size

2.4MB
MD5

72cbddd810e52a32ffed4a5db1faeb1d
SHA1

d59a38db0710e67cf21966361d6e24c29e7f3613
SHA256

fb62553b983b37fa0355985bcb8dbcaec055a0d00910148255fe07de8be8473f
SHA512

f449748bdf1ee4624deff3fb99dad72bf583f7600a8accdca03f3dc13f0ac351e7b6f732a21e6e8e49082e9ac1eca69776e525732b659cfaa2af2e5a28ba3acb
SSDEEP

49152:MWzYWsApt293G3g2XJCk0JhkYbO3io3Nw9SR0tZr2y9ka:MWzYROt2o3F/0Jh/wio3K9Syb5f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe

Files

Setup.7z
.7z

Password: 1234
Setup.exe
.exe windows:6 windows x64

Password: 1234

b5fd5c5a28970cfa1aef9750a101db08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.`d,
Size: - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eu,
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.! K
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

b5fd5c5a28970cfa1aef9750a101db08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 3.1MB

.rdata Size: - Virtual size: 240KB

.data Size: - Virtual size: 73KB

.pdata Size: - Virtual size: 85KB

_RDATA Size: - Virtual size: 252B

.`d, Size: - Virtual size: 565KB

.eu, Size: 2KB - Virtual size: 2KB

.! K Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 90KB

.text
Size: - Virtual size: 3.1MB

.rdata
Size: - Virtual size: 240KB

.data
Size: - Virtual size: 73KB

.pdata
Size: - Virtual size: 85KB

_RDATA
Size: - Virtual size: 252B

.`d,
Size: - Virtual size: 565KB

.eu,
Size: 2KB - Virtual size: 2KB

.! K
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 90KB