setup64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup64.exe
Size

133KB
MD5

b894ff5b8a147440f146c39764c880b1
SHA1

5261ad3be7e3de3d661dafaf88bb8cce9be1c95f
SHA256

168104e65fdcf11e6e8badbb0a4b32da192106ba6ac424a91bbd793e55b0ab47
SHA512

bb828cb401bd54b68d6223b0fd8c64d883c8118fb7bf0f89016e71ac0aee3bbc06108789a4bded038926355e8166ade85d731c23e551e772c6d0873d6e1367bf
SSDEEP

3072:Gz9UYrr64lElPgpY0YpnUkssCnsoKsaXfcOQQ10H:zlGYFykmbKsScOIH

Score

1^/10

Malware Config

Signatures

Files

setup64.exe
.exe windows:6 windows x64 arch:x64

61d3bc313fcb84aea8ce7c9e83e24dba

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/05/2020, 12:18

Not After

26/08/2023, 12:18

Subject

SERIALNUMBER=316547600105556,CN=Muzychenko Evgenii Viktorovich\, IP,O=Muzychenko Evgenii Viktorovich\, IP,L=Novosibirsk,ST=Novosibirskaya oblast,C=RU,1.2.840.113549.1.9.1=#0c17736f667477617265406d757a796368656e6b6f2e6e6574,1.3.6.1.4.1.311.60.2.1.2=#13154e6f766f7369626972736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:f2:20:f9:f7:a7:9b:3e:a2:53:ed:ae:70:b6:bc:18:43:34:b2:33:51:fa:43:e4:cb:49:91:dc:24:b8:f2:e1
Signer

Actual PE Digest

35:f2:20:f9:f7:a7:9b:3e:a2:53:ed:ae:70:b6:bc:18:43:34:b2:33:51:fa:43:e4:cb:49:91:dc:24:b8:f2:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

setup64.pdb

Imports

advapi32

GetUserNameW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegFlushKey
CloseServiceHandle
OpenSCManagerW
CreateServiceW
OpenServiceW
DeleteService
StartServiceW
QueryServiceStatus
ControlService
RegOpenKeyExW
RegQueryValueExW

kernel32

DeleteFileW
SetLastError
FlushFileBuffers
WriteFile
GetLocalTime
MultiByteToWideChar
GetACP
ReadFile
GetFileSize
SetEndOfFile
SetFileAttributesW
GetFileAttributesW
MoveFileExW
RtlZeroMemory
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetPrivateProfileStringW
lstrcatW
GetExitCodeProcess
WaitForSingleObject
ExitProcess
CopyFileW
GetCurrentDirectoryW
LocalFree
lstrlenW
GetCurrentProcessId
GetVersionExW
GetSystemInfo
GetModuleHandleW
CompareStringW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetProcAddress
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
FindFirstVolumeW
GetCurrentProcess
GetSystemDirectoryW
OpenProcess
CreateEventW
OpenEventW
TerminateProcess
DuplicateHandle
GetProcessId
SetEvent
CreateThread
lstrlenA
GetTickCount
Sleep
GetLastError
ProcessIdToSessionId
lstrcmpiW
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
FormatMessageW
GetCommandLineW
lstrcpyW
CreateFileW
CloseHandle
lstrcmpW
HeapFree

gdi32

SetTextColor
CreateSolidBrush
GetStockObject
DeleteObject
SetBkColor

user32

IsDialogMessageW
CreateDialogParamW
SendDlgItemMessageW
DialogBoxParamW
TranslateMessage
BroadcastSystemMessageW
ExitWindowsEx
GetDesktopWindow
wsprintfW
RegisterWindowMessageW
DispatchMessageW
GetMessageW
SendMessageW
GetMessagePos
GetDlgItemTextW
ShowWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
SetDlgItemTextW
SetFocus
EndDialog
MessageBoxW
GetSystemMetrics
SetWindowTextW
CharUpperW
wsprintfA
wvsprintfW

comctl32

ord17

ole32

CoCreateInstance
CoInitialize

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

setupapi

CM_Get_DevNode_Status
CM_Locate_DevNodeW

psapi

GetProcessImageFileNameW
EnumProcesses

rpcrt4

UuidFromStringW
UuidCreate

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61d3bc313fcb84aea8ce7c9e83e24dba

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5dCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

35:f2:20:f9:f7:a7:9b:3e:a2:53:ed:ae:70:b6:bc:18:43:34:b2:33:51:fa:43:e4:cb:49:91:dc:24:b8:f2:e1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

comctl32

ole32

shell32

setupapi

psapi

rpcrt4

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 614B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5d
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

35:f2:20:f9:f7:a7:9b:3e:a2:53:ed:ae:70:b6:bc:18:43:34:b2:33:51:fa:43:e4:cb:49:91:dc:24:b8:f2:e1
Signer

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 614B