Set-up[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Set-up.exe
Size

202KB
MD5

64179e64675e822559cac6652298bdfc
SHA1

cceed3b2441146762512918af7bf7f89fb055583
SHA256

c26db97858c427d92e393396f7cb7f9e7ed8f9ce616adcc123d0ec6b055b99c9
SHA512

ef740b35ea5190f8ee47776af1f15ebdd54d39c84da5665e64f67ae6dd0f4b181e955e9a35319a5d0bd764972562e8f2bc44dbdf83c3bedf05674eae902e7280
SSDEEP

3072:EMtKztOp6KfOQqoY3ltdNjlcwsSdplkrxf+Uyecgw:ELKfOQLY3l9jlcwnlUf+z7gw

Score

1^/10

Malware Config

Signatures

Files

Set-up.exe
.exe windows:6 windows x86 arch:x86

47bd48aad101666476039d5dc021c38d

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:af:36:f9:e9:ea:16:a6:35:24:8c:6c:f8:a0:c3:5f:04:5e:fd:95:7d:f4:ed:f6:fb:33:1b:c5:69:85:ff:00
Signer

Actual PE Digest

71:af:36:f9:e9:ea:16:a6:35:24:8c:6c:f8:a0:c3:5f:04:5e:fd:95:7d:f4:ed:f6:fb:33:1b:c5:69:85:ff:00

Digest Algorithm

sha256

PE Digest Matches

true

fa:a9:97:e2:3e:1a:96:65:a6:36:26:5f:d4:47:92:f1:db:f0:11:fd
Signer

Actual PE Digest

fa:a9:97:e2:3e:1a:96:65:a6:36:26:5f:d4:47:92:f1:db:f0:11:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-productivitytools\output\maps\release\pt\ptSrv.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
IsBadReadPtr
MultiByteToWideChar
DeleteFileW
GetTempPathW
SetUnhandledExceptionFilter
HeapAlloc
HeapFree
GetModuleFileNameA
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetSystemTime
SetLastError
InitializeCriticalSection
FreeLibrary
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
WideCharToMultiByte
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
VirtualQuery
GetVersionExW
GetSystemDirectoryW
OpenProcess
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetCurrentProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
CloseHandle
DecodePointer
OutputDebugStringW
OutputDebugStringA
WriteFile
ReadFile
GetFileSize
CreateFileW
GetEnvironmentVariableW
GetProcessHeap
GetCommandLineW

user32

IsWindowVisible
GetMessageW
TranslateMessage
DestroyWindow
LoadCursorW
GetClassNameW
FindWindowW
SetWindowLongW
GetWindowLongW
GetWindowTextW
CreateWindowExW
GetClassInfoExW
DispatchMessageW
SendMessageW
PostThreadMessageW
MessageBoxW
EnumThreadWindows
IsWindow
wvsprintfW
UnregisterClassW
PostMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
CharNextW
RegisterClassExW

advapi32

RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
MapGenericMask
GetTokenInformation
GetSecurityDescriptorDacl
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
AccessCheck
OpenProcessToken
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenThreadToken
GetFileSecurityW
ImpersonateSelf
RevertToSelf

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoRevokeClassObject

oleaut32

GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
GetActiveObject
RevokeActiveObject
RegisterActiveObject
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
CreateErrorInfo

shlwapi

PathCombineW
StrRChrW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
wnsprintfW
PathFileExistsW

msvcp140

?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

psapi

EnumProcesses

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

vcruntime140

memset
wcsstr
_CxxThrowException
__CxxFrameHandler3
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
memmove
memcpy
__std_terminate
_purecall
memcmp

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_seh_filter_dll
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
terminate
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_errno
_crt_atexit
_controlfp_s
_resetstkoflw

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc
_recalloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-string-l1-1-0

iswdigit
strlen
_wcsupr
_wcslwr
_wcsrev
wcslen
wcsncpy_s
wcscpy_s
wcscat_s
tolower
iswspace

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf
_set_fmode
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47bd48aad101666476039d5dc021c38d

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

71:af:36:f9:e9:ea:16:a6:35:24:8c:6c:f8:a0:c3:5f:04:5e:fd:95:7d:f4:ed:f6:fb:33:1b:c5:69:85:ff:00Signer

fa:a9:97:e2:3e:1a:96:65:a6:36:26:5f:d4:47:92:f1:db:f0:11:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp140

psapi

wtsapi32

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 11KB - Virtual size: 10KB

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

71:af:36:f9:e9:ea:16:a6:35:24:8c:6c:f8:a0:c3:5f:04:5e:fd:95:7d:f4:ed:f6:fb:33:1b:c5:69:85:ff:00
Signer

fa:a9:97:e2:3e:1a:96:65:a6:36:26:5f:d4:47:92:f1:db:f0:11:fd
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 11KB - Virtual size: 10KB