setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

406KB
MD5

9daf0b0e4a693a7a166d43179734e37a
SHA1

d10d72b283af597ff0e2f9a18ed729e535c7910e
SHA256

fb00e0c758dd6fd69d68c21a6aefea4f47fc72f5d3e5b32489e781c0fe61e3d3
SHA512

da815fd170e9f851d82007ba2dc7382820eacd687a7e65b58a1d28b7ed00a4105eed1de372561a957b45beeaf78893ab01430b60326f6bdecd002c5a56622c41
SSDEEP

12288:pxQ0Nd7RuvtRO5bBLfckOtkDoAdom2wo7+TLOWiy:k0Nd76tRabB6tVAqm2whTLOby

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows:6 windows x64 arch:x64

c1a3b11d23f96f2185faf824f1224564

Code Sign

1e:e6:d2:b0:d0:fd:1d:3f:62:d0:49:19:b7:04:de:97
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/09/2018, 00:00

Not After

23/09/2021, 23:59

Subject

CN=FastCopy Lab\, LLC.,O=FastCopy Lab\, LLC.,POSTALCODE=220-0004,STREET=1-11-1 Kitasaiwai-cho\, Nishi-ku,L=Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:0a:c2:66:e5:30:7a:e6:7f:39:4e:41:20:e7:00:fb:7b:17:14:26:70:33:81:3f:97:df:bf:dc:26:3c:b1:21
Signer

Actual PE Digest

1b:0a:c2:66:e5:30:7a:e6:7f:39:4e:41:20:e7:00:fb:7b:17:14:26:70:33:81:3f:97:df:bf:dc:26:3c:b1:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AttachConsole
OutputDebugStringW
GetVersionExA
RaiseException
WriteConsoleW
GetCurrentProcessId
SetUnhandledExceptionFilter
SetThreadLocale
VirtualProtect
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetUserDefaultLCID
SetEvent
LoadLibraryW
DeleteCriticalSection
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
ReadConsoleW
ReadFile
SetEndOfFile
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetStdHandle
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
IsValidLocale
HeapReAlloc
HeapAlloc
HeapFree
GetACP
GetModuleHandleExW
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
LoadLibraryExA
GetModuleHandleW
VirtualQuery
GetSystemInfo
MoveFileW
MapViewOfFile
CopyFileW
FreeLibrary
CreateProcessW
GetFileSize
MoveFileExW
CreateFileMappingA
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
CloseHandle
DeleteFileW
SetDllDirectoryA
GetLastError
Sleep
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
GetTempPathW
GetModuleFileNameW
SetFileTime
RemoveDirectoryW
WriteFile
FindNextFileW
GetFullPathNameW
GetCommandLineW
FindFirstFileW
GetModuleHandleA
GetCurrentThreadId
OutputDebugStringA
WriteConsoleA
GetStdHandle
GetCurrentProcess
GetModuleFileNameA
GetFileType
GetFileTime
FreeEnvironmentStringsW
CreateDirectoryW

user32

DialogBoxParamW
LoadCursorA
IsWindow
RegisterClassW
PostQuitMessage
GetParent
GetWindowTextLengthW
GetMessageW
EndDeferWindowPos
GetMessageA
CallWindowProcW
PostMessageW
MonitorFromPoint
DispatchMessageA
DestroyWindow
IsWindowVisible
SetActiveWindow
DeferWindowPos
EnableWindow
LoadIconA
GetClassNameW
SendMessageA
CreateWindowExA
IsDialogMessageA
IsDialogMessageW
BeginDeferWindowPos
EndDialog
GetWindowPlacement
MessageBoxA
SetDlgItemTextW
CreateDialogParamW
DefWindowProcW
GetWindowTextA
SetWindowLongPtrW
CreateWindowExW
SendMessageW
GetScrollInfo
GetWindowLongPtrW
TranslateAcceleratorA
GetDlgItemTextA
DispatchMessageW
SetTimer
GetMonitorInfoW
CallWindowProcA
PeekMessageW
SetWindowPos
SetWindowTextA
AttachThreadInput
GetDlgItemTextW
SendDlgItemMessageW
MoveWindow
IsDlgButtonChecked
DefWindowProcA
SetFocus
BringWindowToTop
TranslateAcceleratorW
TranslateMessage
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemInt
SystemParametersInfoA
GetClientRect
GetDlgItem
PeekMessageA
GetWindowLongPtrA
KillTimer
CheckDlgButton
SetDlgItemInt
SetWindowLongPtrA
UpdateWindow
SetForegroundWindow
InvalidateRect
IsIconic
GetCursorPos
GetWindowTextW
GetWindowThreadProcessId
LoadStringA
LoadStringW
GetForegroundWindow
GetWindow
GetWindowRect
MessageBoxW
PostMessageA
ScreenToClient
GetSystemMetrics
SetWindowTextW
ShowWindow
SetClassLongPtrA

advapi32

GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegDeleteKeyW
RegCloseKey

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1a3b11d23f96f2185faf824f1224564

Code Sign

1e:e6:d2:b0:d0:fd:1d:3f:62:d0:49:19:b7:04:de:97Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

1b:0a:c2:66:e5:30:7a:e6:7f:39:4e:41:20:e7:00:fb:7b:17:14:26:70:33:81:3f:97:df:bf:dc:26:3c:b1:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 241KB - Virtual size: 241KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 5KB - Virtual size: 204KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 11KB - Virtual size: 10KB

1e:e6:d2:b0:d0:fd:1d:3f:62:d0:49:19:b7:04:de:97
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

1b:0a:c2:66:e5:30:7a:e6:7f:39:4e:41:20:e7:00:fb:7b:17:14:26:70:33:81:3f:97:df:bf:dc:26:3c:b1:21
Signer

.text
Size: 241KB - Virtual size: 241KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 5KB - Virtual size: 204KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 11KB - Virtual size: 10KB