_setup64[.]tmp | Triage

Sharing

General

Target

_setup64.tmp
Size

6KB
MD5

e4211d6d009757c078a9fac7ff4f03d4
SHA1

019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256

388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512

17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e
SSDEEP

96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

_setup64.tmp

Files

_setup64.tmp
.exe windows:4 windows x64 arch:x64

35a25297eaad71a907abf55111fc7e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

shlwapi

StrToIntW
StrToInt64ExW

kernel32

ReadFile
WriteFile
CloseHandle
SetConsoleCtrlHandler
SetProcessShutdownParameters
SetCurrentDirectoryW
GetSystemDirectoryW
SetErrorMode
ExitProcess
LocalFree
GetLastError
GetCommandLineW

advapi32

FreeSid
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW

shell32

CommandLineToArgvW

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ