setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

274KB
MD5

b32a5c9c11914d79786e0fae41f738a4
SHA1

e96a21157e224864a33448c9427517d1639a236e
SHA256

bc3feab402335bd66fd9dd23cf9edb8db4fc3a818cb42b1d17e31ae94095d58b
SHA512

a2989cceafa3ce8be3d67f4dda2ef327801b79c9739b7e3191660dfe12800527d703a9796a236ebd374ecc2b5cc9b98d46b597d7d1170c81d0a525ec04898169
SSDEEP

6144:BNU/otKZhSdAxfIwxT1e0aYvsV02b6PednPVuqW3K3ma:nYRbSgedn0qW4/

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows:5 windows x86 arch:x86

527148e695efd3746830acac64b3b751

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:9e:34:20:c7:02:1f:34:20:9d:a6:ee:e5:46:72:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/01/2013, 00:00

Not After

31/01/2016, 23:59

Subject

CN=PTC Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Dev,O=PTC Inc.,L=Needham,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:6d:d8:16:a9:e7:e2:b2:93:75:1d:e8:7d:7c:ff:af:25:d2:8f:6b
Signer

Actual PE Digest

2c:6d:d8:16:a9:e7:e2:b2:93:75:1d:e8:7d:7c:ff:af:25:d2:8f:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetSystemInfo
GetVersionExW
CloseHandle
DeleteFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
FindClose
FindFirstFileW
GetCurrentDirectoryW
GetCommandLineW
GetDriveTypeW
GetDriveTypeA
GetModuleHandleA
GetVolumeInformationW
LoadLibraryW
WriteConsoleA
InitializeCriticalSectionAndSpinCount
CopyFileA
CopyFileW
CopyFileExA
CopyFileExW
CreateDirectoryA
CreateDirectoryW
CreateDirectoryExA
CreateDirectoryExW
CreateFileA
CreateFileW
CreateProcessA
DeleteFileA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindFirstFileA
GetDateFormatA
FindNextFileW
GetComputerNameA
GetComputerNameW
GetCurrentDirectoryA
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetSystemTime
GetFullPathNameA
GetFullPathNameW
GetLogicalDrives
GetTempFileNameA
MoveFileA
MoveFileW
MoveFileExA
MoveFileExW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetFileAttributesA
SetFileAttributesW
SetVolumeLabelA
SetVolumeLabelW
RaiseException
InitializeCriticalSection
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
CreatePipe
WaitForSingleObject
GetExitCodeProcess
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
SetFilePointer
DuplicateHandle
SetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
LoadLibraryA
FreeLibrary
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
FindNextFileA
GetCPInfo
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoA
SetHandleInformation
GetCommandLineA
GetProcessHeap

user32

WaitForInputIdle
MessageBoxW

netapi32

NetApiBufferFree
NetRemoteTOD

wsock32

gethostbyname
gethostname
gethostbyaddr
__WSAFDIsSet
socket
bind
send
sendto
recv
recvfrom
connect
accept
select
getpeername
getsockname
inet_ntoa
setsockopt
getsockopt
shutdown
closesocket
listen

advapi32

RegCloseKey
RegOpenKeyW
RegConnectRegistryA
RegConnectRegistryW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegQueryValueExW

shell32

CommandLineToArgvW

ws2_32

getnameinfo
getaddrinfo
freeaddrinfo

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

527148e695efd3746830acac64b3b751

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:9e:34:20:c7:02:1f:34:20:9d:a6:ee:e5:46:72:37Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2c:6d:d8:16:a9:e7:e2:b2:93:75:1d:e8:7d:7c:ff:af:25:d2:8f:6bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

wsock32

advapi32

shell32

ws2_32

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 9KB - Virtual size: 85KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:9e:34:20:c7:02:1f:34:20:9d:a6:ee:e5:46:72:37
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2c:6d:d8:16:a9:e7:e2:b2:93:75:1d:e8:7d:7c:ff:af:25:d2:8f:6b
Signer

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 9KB - Virtual size: 85KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 2KB - Virtual size: 2KB