ksetup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ksetup.exe
Size

31KB
MD5

dc949023143f0672926669523c18c5d3
SHA1

36599b3871f7b785f3ff890efb0680fdbcb9e76a
SHA256

1dbe0a1a0fc8e8abeda38df7c81538296033d8d857c83b8c22b95a109c3ffa8f
SHA512

89204168c484b8199a67d2f833c1533974ec0574bfe572a638c255fc0246d56dd31dab03f92f2cce2911c4bfef08caf2bf7521fa3e1196baed3d1cc7152396ca
SSDEEP

384:lpbmAwwWaM/kDonLvuAiaSR/dUbhdORa4RdTRXqcHw+R9pdri84Vey4W9ExWZuEb:gwWaMVnLv1AodOlRucQ+RP4VekE4tln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ksetup.exe

Files

ksetup.exe
.exe windows:10 windows x86

aac3cbe679da427659c10bc5b3451e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
LsaQueryInformationPolicy
RegOpenKeyExW
RegEnumKeyExW
LsaFreeMemory
RegCloseKey
LsaSetInformationPolicy
RegCreateKeyExW
RegDeleteKeyW
LsaClose
RegDeleteValueW
RegSetValueExW
LsaStorePrivateData
RegQueryValueExW
LsaOpenPolicy
LsaSetTrustedDomainInfoByName
RegConnectRegistryW
LsaQueryTrustedDomainInfoByName

kernel32

LocalFree
LocalAlloc
SetComputerNameExW
GetLastError
GetComputerNameW
GetModuleHandleW
lstrcmpiW
lstrlenW
lstrcmpW
SetLastError
GetStdHandle
SetConsoleMode
GetSystemDirectoryW
GetConsoleMode
FormatMessageW
LoadLibraryW

msvcrt

_except_handler4_common
memcpy
_wcsicmp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
iswalpha
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcsncmp
fgetws
wcsncat_s
_snwprintf_s
wcschr
realloc
_wcsdup
isspace
iswupper
fwprintf
wcstoul
_cexit
exit
wcscpy_s
free
getchar
_vsnprintf
fprintf
wcsstr
printf
malloc
_wsetlocale
_vsnwprintf
__iob_func
_controlfp
memset

wldap32

ord156
ord170
ord13
ord211
ord146
ord26
ord27
ord30
ord50
ord34
ord41
ord73

logoncli

DsGetDcNameW

sspicli

LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaFreeReturnBuffer

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-file-l1-2-1

WriteFile

api-ms-win-core-localization-l1-2-1

SetThreadUILanguage

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

ntdll

RtlCompareUnicodeString
RtlInitString
RtlInitUnicodeString

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aac3cbe679da427659c10bc5b3451e0a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

wldap32

logoncli

sspicli

srvcli

netutils

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-string-l1-1-0

ntdll

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB