setupfile[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

setupfile.exe.zip
Size

888KB
MD5

28c00de654b77017100b9a31b2501b37
SHA1

321ddcbdbefd3d5957d8dd46f59478b50485f450
SHA256

aef716e0afdb13d8be71409cdd0efe89f4bba418d3fcc218050452207a114fd1
SHA512

6528da9b39d3b67965584e950566497fc8360fab4026b278ead13b2619b9822e470072699cab140ebe3d26600ffc8e18cc2da330157a2a18aad720d3ae873b19
SSDEEP

24576:8vZrjY/ohrpbOZKfsHgVwI2JOyO1tHel7n:NGpYKfsHg+I0Ohe7n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setupfile.exe

Files

setupfile.exe.zip
.zip

Password: infected
setupfile.exe
.exe windows:6 windows x86 arch:x86

Password: infected

ea7ba18de127f4d0dc525c5661ace9a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\rustloaders\digital_cayman\target\i686-pc-windows-msvc\release\deps\digital_cayman.pdb

Imports

advapi32

RegSetValueExA
SystemFunction036
RegOpenKeyExA

kernel32

CloseHandle
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
VirtualProtect
VirtualAlloc
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
ReleaseMutex
DeleteProcThreadAttributeList
ReleaseSRWLockShared
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
QueryPerformanceCounter
AcquireSRWLockExclusive
GetCurrentThread
RtlCaptureContext
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
DuplicateHandle
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
TerminateProcess
TryAcquireSRWLockExclusive
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
TlsSetValue
GetModuleHandleA
CreateFileW
CopyFileExW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TlsGetValue
GetSystemTimeAsFileTime
FreeLibrary
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
LoadLibraryExW

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtWriteFile

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-runtime-l1-1-0

exit
_crt_atexit
_controlfp_s
_initialize_onexit_table
_c_exit
abort
_seh_filter_exe
_set_app_type
__p___argv
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
__p___argc
_register_onexit_function
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_cexit
terminate
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 959KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ea7ba18de127f4d0dc525c5661ace9a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

bcrypt

ntdll

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 959KB - Virtual size: 959KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 49KB - Virtual size: 48KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 959KB - Virtual size: 959KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 49KB - Virtual size: 48KB