setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.exe
Size

176KB
MD5

ab6b9d7cbf006525646a202c43d2ecfa
SHA1

c83bb90e243f0acd924f70f0ec5eb17de76c9410
SHA256

5c1de6ada7ca5af0a873066f42ce358d6428aade886384911f88f0852a04e5d8
SHA512

06929b634d2f74b0447bf4a663bc6bae37be1472d8ee42a1d6325ada93ba41f7064804c59a3908dac6ac90c9523e937bcdbb87f6c8c879af5703cdf01b7c5fd9
SSDEEP

3072:B22wDNxgfCfaLKHmQNatCJuNPyo3hqjR+Hvnpqo1ng:o55aW7N8lhm+PnYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows:4 windows x86 arch:x86

605e7cb5f104fc1295d31e7e13daf83c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

comctl32

ord17

kernel32

LocalFileTimeToFileTime
Sleep
CreateFileA
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
ReadFile
SetFilePointer
SetFileAttributesA
QueryPerformanceFrequency
CreateEventA
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
LoadResource
SetFileTime
InterlockedIncrement
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalFree
GlobalUnlock
GlobalHandle
WriteFile
InterlockedDecrement
GetPrivateProfileSectionA
SetCurrentDirectoryA
lstrcmpA
MoveFileA
GetSystemInfo
SetLastError
IsValidCodePage
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetTempPathA
SetErrorMode
GetWindowsDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
lstrlenA
DeleteFileA
CloseHandle
lstrlenW
CopyFileA
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
MultiByteToWideChar
lstrcmpiA
GlobalLock
GetPrivateProfileIntA
GlobalAlloc
SizeofResource
FindResourceA
SetStdHandle
LCMapStringW
IsBadReadPtr
GetStringTypeW
IsBadCodePtr
FlushFileBuffers
GetFileType
LCMapStringA
GetStringTypeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
LeaveCriticalSection
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetEnvironmentStrings
EnterCriticalSection
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
RaiseException
HeapFree
HeapAlloc
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose

user32

DrawIcon
DestroyIcon
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
wsprintfA
GetDesktopWindow
DialogBoxParamA
IsWindow
GetDlgItem
EndDialog
ReleaseDC
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
SendDlgItemMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
CharPrevA
LoadStringA
SetCursor
GetDlgItemTextA
EnableWindow
MessageBoxA
GetParent
GetSystemMetrics
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
MoveWindow
GetWindowPlacement
SetWindowTextA
GetDC
FillRect
PeekMessageA
MessageBoxIndirectA
DestroyWindow
CreateDialogParamA
BeginPaint
CharNextA
GetWindowLongA
SendMessageA
IsDialogMessageA
GetDlgCtrlID
CharLowerBuffA

gdi32

DeleteObject
BitBlt
SelectObject
DeleteDC
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
GetStockObject
CreateDIBitmap

advapi32

AllocateAndInitializeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegSetValueExA
OpenThreadToken
GetTokenInformation
FreeSid
EqualSid
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ole32

StgOpenStorage
StgIsStorageFile

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

605e7cb5f104fc1295d31e7e13daf83c

Headers

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 48KB - Virtual size: 44KB