Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

2.7MB
MD5

2e5d84f170a33ed44a9eada85f58ed03
SHA1

d7ac11b209b89770fd5460f38c17a3ab5617f5a7
SHA256

f659ca020b97340542c45516fe8c3e97491a8adc769ec13602a3ace462a6e773
SHA512

7a94b0028e09702acd31b01957f73ead93afe03e794175d65452f41853c1055ea6e6fdf299e50e6e7012ae622edf2ebe195b826012a15b79b6967b583e7d76d2
SSDEEP

49152:hXx8suXAxjn51mxHdfZOUOtVpZRODFd/+op00Ufer2avcI58xTZDo:px8sN5sldfMUOtV3ROrmz0iedUI58z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:4 windows x86 arch:x86

15c3008f9314d05264a2f70b7606631f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetFileSecurityA
GetTokenInformation
GetUserNameA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegCloseKey
RegConnectRegistryA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
SetFileSecurityA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
InitCommonControls

comdlg32

CommDlgExtendedError
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

gdi32

AbortDoc
AddFontResourceA
BitBlt
CombineRgn
CopyMetaFileA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontA
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateScalableFontResourceA
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
EndDoc
EndPage
EnumFontFamiliesExA
Escape
ExtCreateRegion
ExtSelectClipRgn
ExtTextOutA
GdiFlush
GetBkColor
GetBkMode
GetClipBox
GetClipRgn
GetCurrentObject
GetDIBits
GetDeviceCaps
GetEnhMetaFileA
GetEnhMetaFileHeader
GetMapMode
GetMetaFileA
GetMetaFileBitsEx
GetObjectA
GetPaletteEntries
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextColor
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetViewportExtEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MoveToEx
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
PlayEnhMetaFile
PtInRegion
PtVisible
RealizePalette
RectVisible
Rectangle
RemoveFontResourceA
RestoreDC
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchDIBits
TextOutA

kernel32

CloseHandle
CompareStringA
CompareStringW
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileIntA
GetProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadStringPtrA
IsBadWritePtr
IsDBCSLeadByte
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LockFile
LockResource
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
OpenFile
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryA
ResetEvent
SetLastError
RtlUnwind
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SetVolumeLabelA
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualUnlock
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcat
lstrcmp
lstrcmpi
lstrcpy
lstrcpyn
lstrlen
lstrlenW

msacm32

acmFormatSuggest
acmStreamClose
acmStreamConvert
acmStreamOpen
acmStreamPrepareHeader
acmStreamSize
acmStreamUnprepareHeader

netapi32

Netbios

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
CoLockObjectExternal
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
DoDragDrop
OleDuplicateData
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

oleaut32

LoadTypeLib
RegisterTypeLib
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
VariantTimeToSystemTime

oledlg

OleUIBusyA

olepro32

OleCreateFontIndirect

shell32

DragFinish
DragQueryFile
ExtractIconA
SHAppBarMessage
SHBrowseForFolder
SHGetFileInfo
SHGetMalloc
SHGetPathFromIDList
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteEx
Shell_NotifyIcon

urlmon

URLDownloadToFileA

user32

AdjustWindowRectEx
AppendMenuA
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharPrevA
CharToOemA
CharUpperA
CharUpperBuffA
CheckMenuItem
CheckRadioButton
ClientToScreen
ClipCursor
CloseWindow
CopyAcceleratorTableA
CopyRect
CreateDialogIndirectParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefDlgProcA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCursor
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawAnimatedRects
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawStateA
DrawTextA
DrawTextExA
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumChildWindows
EnumWindows
EqualRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageA
GetMessagePos
GetMessageTime
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GrayStringA
HideCaret
InflateRect
InsertMenuA
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsIconic
IsMenu
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
KillTimer
LoadAcceleratorsA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadMenuA
LoadStringA
MapDialogRect
MapWindowPoints
MessageBeep
MessageBoxA
ModifyMenuA
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OemToCharBuffA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ReuseDDElParam
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetParent
SetPropA
SetRect
SetRectEmpty
SetScrollInfo
SetTimer
SetWindowContextHelpId
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TabbedTextOutA
TrackPopupMenu
TranslateAccelerator
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnpackDDElParam
UnregisterClassA
UpdateWindow
ValidateRect
WaitForInputIdle
WinHelpA
WindowFromPoint
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

mciGetErrorStringA
mciSendCommandA
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
sndPlaySoundA
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

wsock32

WSAAsyncGetHostByName
WSACancelAsyncRequest
WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
socket

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15c3008f9314d05264a2f70b7606631f

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msacm32

netapi32

ole32

oleaut32

oledlg

olepro32

shell32

urlmon

user32

version

winmm

winspool.drv

wsock32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 345KB - Virtual size: 348KB

.data Size: 192KB - Virtual size: 508KB

.rsrc Size: 70KB - Virtual size: 69KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 345KB - Virtual size: 348KB

.data
Size: 192KB - Virtual size: 508KB

.rsrc
Size: 70KB - Virtual size: 69KB