dhasetup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dhasetup.exe
Size

560KB
MD5

e2a5eaca3b6eacc1948c3a6b7d8a399d
SHA1

198b2c10b49c3d22c5570fe9d0b03aebc2ef8708
SHA256

0b6362309cab9531486f0ee82fa79750bef29769d3054cfe09bab2d9c43198f9
SHA512

2d5200da5181ffbbf3f84198ebbe6159824d59b90dce1a6eafc7a3da9b99f8723521b7b8cfa77b45151592b1514612f9b33ab0304801e8ad775567b414f512d2
SSDEEP

6144:iRj3ZMbtYScho68XcDsN6WQHu8YizZVfZIuze4KnChlXDwJWMgXLuqj9NxjaTCs0:aLsNAzZLxhlXuqj9eTnHSgSHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhasetup.exe

Files

dhasetup.exe
.exe windows:4 windows x86

acc3b703de66b73b4b3a29d5b1971411

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA

kernel32

AddAtomA
CopyFileA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
GetWindowsDirectoryA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
printf
signal
strcmp
strcpy
strlen

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ