Setup[.]exe | Triage

General

Target

Setup.exe
Size

56KB
MD5

11d848283854f2c83643beeffd92dec0
SHA1

36d6f214163e8dde9a9c884290b8c29b47515d6f
SHA256

c62b7d5bf971023fb4a167a4080816c7657b482c641cdcdd7308832580105644
SHA512

43828c39a8e765583ad12d1d4fe1e8f35143f529752bd77ca5ac7dc53eb24ccd2e6d2b8dfa8162f84f610d08d38561af0333039bd3b6d2476a667291aa51de97
SSDEEP

768:o8/4y5bg7tXPBanuR3leslqIiPGWwtE8b/8dY/mAo2bkSq:o8/4Og7tXJanuR3QIiPPwtx//o2b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:4 windows x86 arch:x86

35da02844dad69825a0f81d9d7f16d1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CopyFileA
CloseHandle
CreateMutexA
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
GetLastError
GetProcAddress
Sleep
LoadLibraryA
GetCommandLineA
FreeLibrary
GetModuleFileNameA
GetTempPathA
GetVersionExA
GetSystemDirectoryA
GetCurrentProcess
CreateThread
GetPrivateProfileStringA
WideCharToMultiByte
GetOEMCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetPrivateProfileIntA
SetFilePointer
MultiByteToWideChar
GetFileType
GetStdHandle
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetCPInfo
GetACP
WriteFile
VirtualAlloc
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetEnvironmentStringsW
SetHandleCount
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

MessageBoxA
LoadStringA
SetWindowTextA
ExitWindowsEx
EndDialog
SendMessageA
GetDlgItem
SetFocus
DialogBoxParamA
FindWindowA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
LookupPrivilegeValueA
FreeSid
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
EqualSid

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35da02844dad69825a0f81d9d7f16d1d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 8KB