Setup[.]exe | Triage

Resubmissions

10/06/2024, 15:45

240610-s6292ssaka 4

10/06/2024, 15:43

240610-s567lssdmn 4

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

1.1MB
MD5

156bf7904f23c1425bd11ecefdd17048
SHA1

efafd80b6a649ffa7c1441c563f417cc1ab0d11d
SHA256

24a3ef24c9dd65ae002951f0665c3292c515338bcf63efee5cc2117149b63da2
SHA512

57b23aa941b549c4b02d796909c4c4fa376c002985df3785caa57bf3cae90f8bf06e960ba7bf624341ea68deb141bb600c010d7157961b6775458bea662f66b0
SSDEEP

24576:BycSmWeSeeY6CdrFQmbhVPy+NS+YJPFalS9j+cjvGx:NrFQmvY+YJAS9j+cLGx

Score

1^/10

Malware Config

Signatures

Files

Setup.exe
.exe windows:6 windows x64 arch:x64

c7b854de3fee23c09683cab46e05e7e7

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:c9:19:09:21:2e:bb:a6:48:81:00:01:00:00:00:c9
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:45:c7:e6:6a:a9:a9:10:11:51:00:00:00:00:00:45
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/04/2015, 20:32

Not After

08/07/2016, 20:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:fa:b2:41:61:ae:6b:35:f7:02:4b:20:0b:56:93:4a:fc:09:ff:52:41:a4:a3:20:1b:0e:49:bd:73:ba:be:9a
Signer

Actual PE Digest

c6:fa:b2:41:61:ae:6b:35:f7:02:4b:20:0b:56:93:4a:fc:09:ff:52:41:a4:a3:20:1b:0e:49:bd:73:ba:be:9a

Digest Algorithm

sha256

PE Digest Matches

true

b4:06:e7:7f:d1:39:88:62:df:af:ea:5c:2d:ff:3e:15:5c:cf:9a:9f
Signer

Actual PE Digest

b4:06:e7:7f:d1:39:88:62:df:af:ea:5c:2d:ff:3e:15:5c:cf:9a:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Setup.pdb

Imports

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CreateProcessAsUserW
LookupPrivilegeNameW
CloseServiceHandle
InitiateSystemShutdownExW
PrivilegeCheck
QueryServiceStatus
ControlService
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetSidSubAuthority
DuplicateTokenEx
GetSidSubAuthorityCount
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
StartServiceW
RegFlushKey
EnableTrace
QueryAllTracesW
ControlTraceW
StartTraceW
ConvertStringSidToSidW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenThreadToken
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
RegEnumValueW

kernel32

VirtualProtect
SizeofResource
CreateDirectoryW
GetTempPathW
GetTempFileNameW
CopyFileW
GetLocaleInfoW
CreateProcessW
CreateMutexW
WaitForSingleObject
ReleaseMutex
IsWow64Process
Sleep
GetExitCodeProcess
GetWindowsDirectoryW
GetSystemDirectoryW
GlobalAlloc
GlobalFree
EncodePointer
MulDiv
SwitchToThread
GetCurrentProcess
LoadLibraryExW
FindResourceExW
LoadResource
FreeLibrary
GetDiskFreeSpaceExW
OpenProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
FindResourceW
LockResource
FreeResource
WaitForMultipleObjects
ExpandEnvironmentStringsW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetProcessId
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetModuleHandleExW
GetSystemInfo
VerSetConditionMask
DecodePointer
GetUserGeoID
HeapSetInformation
SetErrorMode
GetCurrentThread
MoveFileExW
GetSystemDefaultLCID
FormatMessageW
GetSystemDefaultLangID
OutputDebugStringW
SetEndOfFile
SetFilePointer
GetFileAttributesW
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlPcToFileHeader
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetLastError
CloseHandle
GetModuleFileNameW
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
LocalFree
GetModuleHandleW
GetProcAddress
GlobalFindAtomW
GetDriveTypeW
GetVersionExW
GetLocalTime
SystemTimeToFileTime
GetNativeSystemInfo
SetLastError
ProcessIdToSessionId
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
WritePrivateProfileStringW
FindClose
RemoveDirectoryW
DeleteFileW
VerifyVersionInfoW
CreateFileW
ReadFile
WriteFile
GetFileSize
GetFileSizeEx
GetLongPathNameW
MoveFileW
CreateThread
SetEvent
ResetEvent
CreateEventW
GetCurrentThreadId
GetExitCodeThread
GetPrivateProfileStringW
GetPrivateProfileIntW

user32

SetWindowTextW
ShowWindow
SetTimer
GetSysColor
KillTimer
MessageBoxW
IsDialogMessageW
GetWindowThreadProcessId
PostMessageW
SendMessageW
GetSystemMetrics
FindWindowW
SetForegroundWindow
PostThreadMessageW
AdjustWindowRect
LoadStringW
DestroyWindow
CreateDialogParamW
EnableMenuItem
PostQuitMessage
DispatchMessageW
TranslateMessage
RegisterWindowMessageW
InvalidateRect
GetFocus
GetSysColorBrush
FillRect
ScreenToClient
LoadIconW
GetSystemMenu
GetClassNameW
GetDlgItem
GetWindow
SetFocus
EnableWindow
EndPaint
BeginPaint
MapWindowPoints
GetClientRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterClassExW
LoadCursorW
DefWindowProcW
UpdateWindow
GetWindowRect
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
GetMessageW
SystemParametersInfoW
LoadImageW
DestroyIcon
GetWindowTextW
GetWindowTextLengthW
IsWindow
UnregisterClassA

msvcrt

_vscwprintf
iswalpha
iswspace
wcstoul
_wtoi
wcsspn
wcscspn
_wcsicmp
wcschr
towupper
ldiv
_vsnwprintf
bsearch
towlower
_onexit
isxdigit
wcsrchr
mbtowc
__mb_cur_max
_snprintf
_itoa
wctomb
ferror
iswctype
wcstombs
_read
__badioinfo
_isatty
ungetc
isdigit
_iob
_write
__dllonexit
_unlock
_lock
_commode
__pioinfo
realloc
wcsstr
fclose
fgets
fseek
feof
fgetws
wcscmp
_wfsopen
wcsncmp
_wcsnicmp
localeconv
isleadbyte
??1bad_cast@@UEAA@XZ
_fmode
_wcmdln
??1__non_rtti_object@@UEAA@XZ
??0bad_typeid@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@PEBD@Z
??0bad_cast@@QEAA@PEBD@Z
_lseeki64
_fileno
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
memcpy
_CxxThrowException
_resetstkoflw
memset
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
malloc
__CxxFrameHandler
free
calloc
_errno
_wcsupr
_wcslwr
_wchmod
_purecall
memmove
floor
fgetwc

shell32

SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

OleRun
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
StringFromGUID2
CoCreateGuid

oleaut32

VariantClear
SysAllocString
VariantInit
VarBstrCat
GetErrorInfo
SysStringLen
VarCmp
SysFreeString
SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen

psapi

GetModuleFileNameExW

shlwapi

PathAppendW
PathCombineW
PathMatchSpecW
PathIsRelativeW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipDisposeImage
GdipFree
GdipAlloc
GdipDrawImageRect
GdipCreateLineBrushFromRect
GdipDeleteBrush
GdipCloneImage
GdipFillRectangle
GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

sqmapi

SqmGetSession
SqmEndSession
SqmSet
SqmSetString
SqmSetBits
SqmAddToStreamDWord
SqmAddToStreamString
SqmStartUpload
SqmWaitForUploadComplete
SqmSetAppVersion
SqmSetAppId
SqmCreateNewId
SqmSetUserId
SqmSetMachineId
SqmWriteSharedUserId
SqmReadSharedUserId
SqmWriteSharedMachineId
SqmReadSharedMachineId
SqmStartSession

gdi32

SetBkMode
SetTextColor
CreateSolidBrush
GetStockObject
GetDeviceCaps
SaveDC
SetGraphicsMode
DeleteObject
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectW
RestoreDC
StartPage
EndPage
StartDocW
AbortDoc
EndDoc
DeleteDC
CreateDCW
ModifyWorldTransform

msi

ord211
ord205
ord137
ord72
ord232
ord190
ord70
ord45
ord169
ord141
ord88
ord8
ord246

rpcrt4

UuidFromStringW

wintrust

WTHelperGetProvSignerFromChain
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminReleaseContext

crypt32

CertVerifyCertificateChainPolicy

comdlg32

CommDlgExtendedError
PrintDlgW

Sections

.text
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c7b854de3fee23c09683cab46e05e7e7

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71Certificate

Extended Key Usages

33:00:00:00:c9:19:09:21:2e:bb:a6:48:81:00:01:00:00:00:c9Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:45:c7:e6:6a:a9:a9:10:11:51:00:00:00:00:00:45Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

c6:fa:b2:41:61:ae:6b:35:f7:02:4b:20:0b:56:93:4a:fc:09:ff:52:41:a4:a3:20:1b:0e:49:bd:73:ba:be:9aSigner

b4:06:e7:7f:d1:39:88:62:df:af:ea:5c:2d:ff:3e:15:5c:cf:9a:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

psapi

shlwapi

gdiplus

comctl32

version

wtsapi32

userenv

sqmapi

gdi32

msi

rpcrt4

wintrust

crypt32

comdlg32

Sections

.text Size: 602KB - Virtual size: 601KB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 31KB - Virtual size: 37KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 6KB - Virtual size: 5KB

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

33:00:00:00:c9:19:09:21:2e:bb:a6:48:81:00:01:00:00:00:c9
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:45:c7:e6:6a:a9:a9:10:11:51:00:00:00:00:00:45
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c6:fa:b2:41:61:ae:6b:35:f7:02:4b:20:0b:56:93:4a:fc:09:ff:52:41:a4:a3:20:1b:0e:49:bd:73:ba:be:9a
Signer

b4:06:e7:7f:d1:39:88:62:df:af:ea:5c:2d:ff:3e:15:5c:cf:9a:9f
Signer

.text
Size: 602KB - Virtual size: 601KB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 31KB - Virtual size: 37KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 6KB - Virtual size: 5KB