Setup[.]exe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe.exe
Size

543KB
MD5

88eb0d9dbd70ebcacacdfd973949bebc
SHA1

436140abd0da8aa4a535db0136637671ec6b8865
SHA256

b9884a897724f63ce2e9d65e71194af252ead40c38271d68a46d66a8604340f1
SHA512

92fab6d372212f3e3b47f7691c0455aa1e9101530c9487be81a45e38c6e15b5b89b3d6da25c3c9cd4138f219b1e04ab73cc5f6530c3273a9f22d8916f547ce51
SSDEEP

6144:a3mq6K6hnc5X0bAePa8v8jCNN0CDMnoLLCCvzLf9hZoJMDu3JDA1N4pQePDa8TF:2aVQMBJkiHMnoLWCvzJhdqBOwD/TF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe.exe

Files

Setup.exe.exe
.exe windows:4 windows x86 arch:x86

Password: 2024

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Paradise.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ