Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

1.3MB
MD5

c2a7bfa52ab00214257d49d15c98c6f2
SHA1

02331ade0e71f3aa93c154389a4eac6456444685
SHA256

fc2b14e49a0dea09fd873aa8001848694ac8799bab126618a21bb5ae313fa46c
SHA512

6ca077945d3e545ac13d117c847af79172114af0a86de13690217ce67bae7cc6cc32ea498e8877ec0c30c080c40ec0f2495ee93d3e0976f056877f7f20240047
SSDEEP

24576:k1UgXLEZjeoz3ktKGvVk9nv4kvDUpYiHUsXh0lhSMXlMCHMHD26b65L:kmwKGv6v4kvDUp7Us2dHm2h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:6 windows x86 arch:x86

1836f5cee33acb8217bfce21e3603d67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

ntdll

NtQuerySection
RtlUnwind

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetLastError
RaiseFailFastException
GetCurrentThread
LoadLibraryW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FindFirstFileW
FindNextFileW
WriteFile
ExpandEnvironmentStringsW
SetThreadPriority
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
DeleteFileW
CloseHandle
CreateThread
GetLocalTime
ExitProcess
CreateProcessW
CopyFileW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
GetTickCount
ReadFile
HeapFree
ReleaseSemaphore
WaitForSingleObject
CreateEventW
GetModuleFileNameW
CreateFileA
SetEvent
LoadLibraryA
QueryPerformanceFrequency
HeapReAlloc
ResetEvent
HeapAlloc
SetFilePointerEx
GetProcessHeap
FreeLibrary
CreateSemaphoreW
WideCharToMultiByte
QueryPerformanceCounter
GetTimeZoneInformation
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
VirtualAlloc
GetCurrentProcess
VirtualFree
SetLastError
EnterCriticalSection
VirtualProtect
FlushFileBuffers
HeapSize
SetEndOfFile
WriteConsoleW
Sleep
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent

user32

EnableWindow
DialogBoxParamW
GetDlgItem
SetWindowLongW
AnimateWindow
TranslateMessage
RegisterClassW
DestroyIcon
DispatchMessageW
ShowWindow
GetSystemMetrics
EndDialog
SendMessageW
CreateWindowExW
EnumChildWindows
MessageBoxW
CreateIconFromResourceEx
DefWindowProcW
GetMessageW
GetWindowLongW

gdi32

SetTextColor
SetBkColor
CreateSolidBrush
GetStockObject

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

gdiplus

GdipGetImageWidth
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipDrawImageRectRectI
GdipDrawImage
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipBitmapLockBits
GdipFree
GdipCreateImageAttributes
GdipCreateFromHWND
GdipSetImageAttributesRemapTable
GdipCreateSolidFill
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImageHeight
GdiplusStartup
GdipDeleteGraphics
GdipDrawImagePointRectI

Sections

.text
Size: 599KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1836f5cee33acb8217bfce21e3603d67

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

ntdll

kernel32

user32

gdi32

advapi32

gdiplus

Sections

.text Size: 599KB - Virtual size: 598KB

.rdata Size: 527KB - Virtual size: 527KB

.data Size: 19KB - Virtual size: 682KB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 599KB - Virtual size: 598KB

.rdata
Size: 527KB - Virtual size: 527KB

.data
Size: 19KB - Virtual size: 682KB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 21KB - Virtual size: 20KB