setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

5.2MB
MD5

b8cc893e86ad26411a8c07a24754a280
SHA1

39fa1767dce42b8a91d5e0332203a88abdcf12ee
SHA256

3f85c27a3a2f8823efd140eec387404f2c865718fe51a31910d9b0dc4e578da2
SHA512

582ce8058e877884ce98fbdedbadca789227979b32b9cc9678ca1720a0bea23d33c5d64b26fe971891bcac99b3b818a2fc91acbceb6d0b50fd40a5018521f0e4
SSDEEP

98304:fPmMoOgdm1G58mRhlqVWUlj9MRcjIEATAhlrJkPLfygofbd8:fPmY3GLqV7j9MRcIEAqrJkPe5bO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows:6 windows x86 arch:x86

daee2d855de105c30752689436c4c9e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetFullPathNameW
FindFirstFileW
GetEnvironmentVariableW
SetThreadPriority
SetFilePointer
FlushFileBuffers
SetThreadLocale
MoveFileExW
GetVersionExW
GetVersionExA
ResumeThread
GetExitCodeThread
CreateMutexW
ReleaseMutex
GetTempPathW
RemoveDirectoryW
GetTempFileNameW
DeleteFileW
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetSystemDirectoryW
TerminateThread
GetUserDefaultLangID
WriteFile
FindResourceExW
ResetEvent
IsBadWritePtr
IsBadReadPtr
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
OutputDebugStringW
OutputDebugStringA
GetVolumeInformationW
GetEnvironmentVariableA
GetProcAddress
GetWindowsDirectoryW
GetTickCount
OpenProcess
CreateProcessW
GetExitCodeProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
GetDriveTypeW
GetDiskFreeSpaceW
FindClose
WideCharToMultiByte
CloseHandle
ReadFile
CreateFileW
GetUserDefaultLCID
GetSystemDefaultLCID
GetPrivateProfileSectionW
GetPrivateProfileStringW
LoadLibraryW
LocalFree
GetModuleFileNameW
FreeLibrary
SetLastError
GetLastError
SetFileAttributesW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetThreadLocale
GetLocaleInfoW
MultiByteToWideChar
FindResourceW
FormatMessageW
MulDiv
SizeofResource
LockResource
LoadResource
GetModuleHandleW
FreeResource
DosDateTimeToFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemInfo
VirtualProtect
GetCurrentDirectoryA
FindFirstFileExW
LoadLibraryExA
FindNextFileW
GetFileTime
SetFileTime
SetErrorMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
CreateThread
CreatePipe
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
MoveFileW
LocalAlloc
LocalReAlloc
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
CopyFileW
EncodePointer
GetCurrentThreadId
GetModuleHandleA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
CompareStringA
SuspendThread
GetPrivateProfileIntW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
GlobalGetAtomNameW
FileTimeToSystemTime
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
lstrcpyW
lstrcmpiW
GetFileSize
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
VerSetConditionMask
VerifyVersionInfoW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
LCMapStringW
GetCPInfo
GetStdHandle
CreateFileA
IsValidCodePage
IsDBCSLeadByteEx
FileTimeToDosDateTime
RtlUnwind
InterlockedPushEntrySList
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCommandLineA
GetCommandLineW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
ExitProcess
WriteConsoleW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
ReadConsoleW

user32

GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
AdjustWindowRectEx
MapWindowPoints
EqualRect
GetClassLongW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetDesktopWindow
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
SendDlgItemMessageA
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
TrackMouseEvent
DestroyIcon
IsClipboardFormatAvailable
MessageBeep
SetRect
DeleteMenu
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
GetMenuDefaultItem
GetNextDlgGroupItem
DrawFocusRect
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawFrameControl
IsZoomed
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetScrollPos
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
ReleaseDC
GetWindowRect
ScreenToClient
ScrollWindow
ValidateRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
IsDialogMessageW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
SetFocus
GetDlgCtrlID
GetDC
SetDlgItemTextW
GetDlgItem
ShowWindow
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
ClientToScreen
CheckDlgButton
EndPaint
BeginPaint
GetWindowDC
SetWindowPlacement
GetWindowPlacement
SetWindowPos
FlashWindow
GetWindow
ChildWindowFromPoint
DrawIcon
EnableMenuItem
GetSystemMenu
GetFocus
RegisterWindowMessageW
UnregisterClassW
SetForegroundWindow
GetForegroundWindow
IsRectEmpty
IntersectRect
GetCursorPos
ShowScrollBar
TranslateAcceleratorW
LoadAcceleratorsW
IsIconic
SetParent
UpdateWindow
DrawIconEx
LoadBitmapW
PtInRect
PostMessageW
FillRect
DrawStateW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
DrawEdge
IsWindowVisible
RedrawWindow
SystemParametersInfoW
LoadIconW
SetRectEmpty
InvalidateRect
DrawTextExW
GetKeyState
KillTimer
SetTimer
OffsetRect
IsWindow
MessageBoxW
MsgWaitForMultipleObjects
PostThreadMessageW
SendNotifyMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
SetCursor
LoadImageW
GetClientRect
CopyRect
GetSysColor
LoadStringW
MapDialogRect
GetClassNameW
EnumChildWindows
GetParent
GetWindowLongW
TabbedTextOutW
GrayStringW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
GetMessageW
IsCharAlphaNumericW
IsCharAlphaW
ExitWindowsEx
EnableWindow
MoveWindow
PostQuitMessage
SendMessageW
CopyAcceleratorTableW

gdi32

GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
ExcludeClipRect
SetViewportExtEx
SetBkColor
GetPixel
DeleteDC
CreateBitmap
GetDIBColorTable
PolyPolyline
StretchBlt
SetGraphicsMode
SelectPalette
RealizePalette
CreatePalette
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCW
GetObjectA
GetTextMetricsW
SelectObject
GetObjectW
TranslateCharsetInfo
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
DeleteObject
CreateFontIndirectW
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
SetRectRgn
DPtoLP
EnumFontFamiliesExW
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CopyMetaFileW
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex

ole32

ReleaseStgMedium
OleDuplicateData
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateGuid
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathW
SHCreateItemFromParsingName
ShellExecuteW

wininet

InternetGetConnectedState
InternetCheckConnectionW

msimg32

AlphaBlend
TransparentBlt

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

mpr

WNetGetUserW

ws2_32

closesocket

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDisposeImage
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

oleaut32

VariantChangeType
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysFreeString
SysAllocStringLen
SysAllocString
VariantCopy
VarBstrFromDate
VariantClear

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

cabinet

ord20
ord22
ord23

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daee2d855de105c30752689436c4c9e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

shell32

wininet

msimg32

uxtheme

wtsapi32

mpr

ws2_32

gdiplus

imm32

winmm

oleaut32

winspool.drv

version

rpcrt4

cabinet

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 214KB - Virtual size: 250KB

.gfids Size: 104KB - Virtual size: 103KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 357KB - Virtual size: 357KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 214KB - Virtual size: 250KB

.gfids
Size: 104KB - Virtual size: 103KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 357KB - Virtual size: 357KB