Setup[.]exe | Triage

Resubmissions

10/04/2024, 13:42

240410-qz2zlach2v 8

09/04/2024, 16:06

240409-tj6jmafb51 8

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

1.8MB
MD5

e11cfb400aff0c350b2afc4dba3c1169
SHA1

f036e2727c25162eb5ee712d16be60e7da2187fa
SHA256

a3d7d4d2892feca9b61a91f01957febcefe2f37ad742ab94b5babb77b4c70885
SHA512

63a60c9f42cf9f744248cb7d13f6496564990736bae4f4751a4f90bcca9778b06c2cf6ba56b60cd11f5dead2b763280bf3f250b3cf12ec3d59a220036a4ce6eb
SSDEEP

49152:3IaEdIq7j9Al3HgXjhFmNpuZ+2k4i12t7qoW4:3IaEdQ1eFFmNN2kmBqG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:4 windows x86 arch:x86

171398dc21aaa4c5ff7aabdbe4805836

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work7X\Setup_v7\Release\Setup.pdb

Imports

comctl32

CreatePropertySheetPageA
PropertySheetA

setupapi

SetupDiCreateDeviceInfoA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupCloseInfFile
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupDiGetClassDevsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupOpenInfFileA
SetupOpenFileQueue
SetupInstallFilesFromInfSectionA
SetupInitDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupCommitFileQueueA
SetupDiCreateDeviceInfoList

wsock32

bind
WSAStartup
inet_ntoa
sendto
closesocket
socket
setsockopt
WSACleanup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCurrentThreadId
SetLastError
lstrcatA
CloseHandle
WriteFile
GetLastError
CreateFileA
HeapFree
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetCurrentProcess
GetComputerNameA
Sleep
WaitForSingleObject
SearchPathA
MultiByteToWideChar
WinExec
DeleteFileA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
MoveFileExA
CopyFileA
GetTempPathA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceCounter
GetProcAddress
lstrcpyA
ExpandEnvironmentStringsA
TerminateProcess
OpenProcess
ResetEvent
SetEvent
OpenEventA
GetCurrentProcessId
GetProcessHeap
GetVersionExA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
ExitProcess
GetModuleHandleA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
FreeLibrary
RtlUnwind
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
lstrlenA

user32

SetWindowLongA
GetDlgItem
SendMessageA
SetFocus
PostMessageA
LoadCursorA
SetCursor
DestroyCursor
wsprintfA
LoadStringA
MessageBoxA
ExitWindowsEx
GetWindowLongA
GetDlgItemInt
ShowWindow
SetDlgItemTextA
GetWindowThreadProcessId
GetClassNameA
EnumWindows
FindWindowA
PostThreadMessageA
DestroyWindow
keybd_event
ReleaseDC
GetDC
SystemParametersInfoA
MessageBeep
SendDlgItemMessageA
SetWindowTextA
GetParent
SetDlgItemInt

gdi32

CreateFontIndirectA
DeleteObject
GetDeviceCaps

advapi32

RegDeleteKeyA
StartServiceA
AdjustTokenPrivileges
RegDeleteValueA
QueryServiceStatus
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
OpenSCManagerA
RegCreateKeyExA
CreateServiceA
OpenServiceA
ChangeServiceConfigA
CloseServiceHandle
ControlService
DeleteService
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

171398dc21aaa4c5ff7aabdbe4805836

Headers

File Characteristics

PDB Paths

Imports

comctl32

setupapi

wsock32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB