setup_win64_86[.]zip | Triage

Sharing

General

Target

setup_win64_86.zip
Size

7.5MB
MD5

7caa3cfce1693f47786f2ed82d5b3011
SHA1

934d304f81e799719bcf4285fb83a52f689f618e
SHA256

9c013e394a77b7dfea1b41e8189c86966bbe5fd83f4702456a96a9aaa16fdfdb
SHA512

f507087d2bf05d7dc647d7d5804e54faf522007f3d5646faf91ceb3c34e1c221e5569e505ff0439ff60d313c81938631905a44baf7a15e09fe3199072ab13b99
SSDEEP

196608:oW0wfrH6ji8jgmuu6/EVM8F16H1liDWvS65zWOPZNkGp:ZRfrajKmQ/EVSHnAEVEuJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup_win64_86.exe

Files

setup_win64_86.zip
.zip
setup_win64_86.exe
.exe windows:6 windows x86 arch:x86

2abe533e25a4d6517447ccb30bcf5468

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 737.2MB - Virtual size: 737.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.<!w
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.M_A
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.>Si
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ