setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.exe
Size

3.8MB
MD5

2556c5735f01d6373c68ba0f1daf594c
SHA1

73c9fa9c200db7bbf0ee8f19e100d767499adcb4
SHA256

4b7cac3f5b1817fb665aeba8ac47f6ee6257f3be4e17c436a8568795d2fb3163
SHA512

ce32edb2f7f2032e5ea558b0d323effd466d7002851c6102f0752d88b67bb18ecdf117b5d2a5c3553c7f2eec9516ad11ab6283de671f4ffdd0569b4c336d80da
SSDEEP

98304:tCauMB0djCt/oDBp9SmAv1uLCtyt8hwjxsdz:tCauZC/oDBHistt44s1

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows:4 windows x86 arch:x86

e4f0e1dc4383a72c5388efc4005e672d

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:89:ff:9a:9f:b5:9b:f8:9a:f3:26:d2:4a:da:39:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-04-2012 00:00

Not After

20-04-2013 23:59

Subject

CN=LEGO System A/S,OU=LEGO System A/S+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LEGO System A/S,L=Billund,ST=Syddanmark,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:88:5e:99:ad:9c:64:80:bc:4e:fd:38:95:05:d5:68:db:62:59:5a
Signer

Actual PE Digest

6f:88:5e:99:ad:9c:64:80:bc:4e:fd:38:95:05:d5:68:db:62:59:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

c:\P4\NIInstallers\trunk\2.6\src\MetaInstaller\Unicode_Release\setup.pdb

Imports

kernel32

GetFullPathNameW
GetEnvironmentVariableW
GetSystemInfo
VirtualProtect
SetThreadPriority
FlushFileBuffers
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetTempPathW
GetExitCodeThread
GetTempFileNameW
CopyFileW
MoveFileExW
DeleteFileW
SetThreadLocale
CreateMutexW
GetVersionExA
FindClose
ResumeThread
ReleaseMutex
WritePrivateProfileSectionW
WritePrivateProfileStringW
TerminateThread
GetUserDefaultLangID
WriteFile
GetShortPathNameW
GetSystemDirectoryW
FindResourceExW
ResetEvent
GetCurrentDirectoryA
GetEnvironmentVariableA
OutputDebugStringA
GetCurrentProcessId
LoadLibraryA
GetCurrentThread
GetCurrentProcess
IsBadWritePtr
VirtualQuery
GetModuleFileNameA
IsBadReadPtr
CreateEventW
GetDriveTypeW
GetProcAddress
GetDiskFreeSpaceW
GetExitCodeProcess
OpenProcess
GetTickCount
Sleep
CreateProcessW
GetWindowsDirectoryW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
CreateFileW
CloseHandle
ReadFile
LoadLibraryW
GetFileAttributesW
SetFileAttributesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetModuleFileNameW
FreeLibrary
FileTimeToDosDateTime
GetFileInformationByHandle
IsDBCSLeadByteEx
CreateFileA
BeginUpdateResourceW
EndUpdateResourceW
UpdateResourceW
QueryPerformanceFrequency
CompareFileTime
LoadLibraryExW
OutputDebugStringW
DosDateTimeToFileTime
LocalFree
GetUserDefaultLCID
GetCurrentDirectoryW
GetVolumeInformationW
FindFirstFileW
GetLastError
SetLastError
CreateDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
InterlockedDecrement
MultiByteToWideChar
FormatMessageW
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetLocaleInfoA
GetACP
InterlockedExchange
MulDiv
GetThreadLocale
GetLocaleInfoW
FindNextFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
SetStdHandle
GetFullPathNameA
GetDriveTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetDateFormatA
GetTimeFormatA
IsBadCodePtr
GetTimeZoneInformation
GetSystemTimeAsFileTime
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
lstrlenW
LocalAlloc
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
lstrcpynW
GlobalAlloc
GlobalSize
lstrcpyW
lstrcmpW
lstrcatW
GetModuleHandleA
lstrlenA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
lstrcmpiA
lstrcmpA
SuspendThread
lstrcmpiW
GlobalFlags
InterlockedIncrement
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
SystemTimeToFileTime
LocalUnlock
LocalLock
GetPrivateProfileIntW
MoveFileW
GetStringTypeExW
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
SetErrorMode
GlobalGetAtomNameW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileTime
GetStartupInfoW
RtlUnwind
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetCPInfo
GetOEMCP
ExitProcess
TerminateProcess
ExitThread
CreateThread
VirtualAlloc
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableW

user32

EqualRect
AdjustWindowRectEx
GetMenu
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetWindowTextLengthW
IsChild
SetFocus
SendDlgItemMessageA
SendDlgItemMessageW
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetClassInfoExW
CallNextHookEx
SetWindowsHookExW
CreateWindowExW
GetCapture
WinHelpW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
ShowWindow
ScrollWindowEx
GetMenuCheckMarkDimensions
CheckMenuItem
ModifyMenuW
SetMenuItemBitmaps
TabbedTextOutW
DrawTextW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
wsprintfW
InflateRect
GetMenuItemInfoW
DestroyMenu
ShowOwnedPopups
ValidateRect
GetMessageW
GetSysColorBrush
GetDesktopWindow
MessageBeep
SetRect
GetTabbedTextExtentW
DeleteMenu
SetCapture
WindowFromPoint
ReleaseCapture
GetWindowThreadProcessId
WaitMessage
DestroyIcon
CharUpperW
SetMenu
BringWindowToTop
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
LoadMenuW
UnionRect
GetDCEx
LockWindowUpdate
UnregisterClassA
DeferWindowPos
EnableMenuItem
DrawIcon
RegisterWindowMessageW
GetWindow
GetForegroundWindow
SetForegroundWindow
GetCursorPos
LoadAcceleratorsW
TranslateAcceleratorW
ShowScrollBar
UpdateWindow
IsIconic
IntersectRect
IsRectEmpty
SetParent
IsWindowVisible
DrawIconEx
LoadBitmapW
PtInRect
PostMessageW
AppendMenuW
CreatePopupMenu
DrawEdge
FillRect
DrawStateW
RedrawWindow
GetKeyState
SystemParametersInfoW
DrawTextExW
LoadIconW
InvalidateRect
SetRectEmpty
KillTimer
SetTimer
IsWindow
OffsetRect
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
UnregisterClassW
LoadCursorW
SetCursor
GetClientRect
GetSysColor
LoadStringW
CopyRect
GetDlgItemTextW
EndDialog
SetWindowLongW
FindWindowExW
GetSystemMetrics
LoadImageW
CallWindowProcW
GetWindowTextW
GetDlgItem
MessageBoxW
EnumChildWindows
GetClassNameW
PostQuitMessage
GetWindowRect
GetWindowLongW
GetParent
ScreenToClient
MoveWindow
EnableWindow
ReleaseDC
GetDC
SendMessageW
MapDialogRect
GetScrollInfo
SetScrollInfo
GetClassInfoW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
GetFocus
ChildWindowFromPoint
IsCharAlphaNumericW
IsCharAlphaW
FlashWindow
ExitWindowsEx
GetWindowPlacement
SetWindowPlacement
SetWindowPos
RegisterClassW
GetDlgCtrlID
DefWindowProcW
SystemParametersInfoA
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
GetSystemMenu
RemoveMenu
IsClipboardFormatAvailable

gdi32

StartPage
CreateSolidBrush
CreateBitmap
GetPixel
SetBkColor
DeleteDC
SetGraphicsMode
GetDIBColorTable
CreatePalette
SelectPalette
RealizePalette
PolyPolyline
StretchBlt
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCW
GetObjectA
GetTextMetricsW
SelectObject
GetDeviceCaps
GetTextExtentPoint32W
DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
TranslateCharsetInfo
CopyMetaFileW
GetDCOrgEx
GetClipBox
SetTextColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetCharWidthW
EndPage
SetAbortProc
AbortDoc
GetBkColor
CreateFontW
StretchDIBits
EndDoc

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW
ReplaceTextW
FindTextW
PrintDlgW
PageSetupDlgW

ole32

CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CoTreatAsClass
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoUninitialize
CoGetClassObject
CoLoadLibrary
CoCreateInstance
CoInitialize
CoCreateGuid
CoInitializeEx

oleaut32

SysAllocStringLen
CreateErrorInfo
SetErrorInfo
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocString
SysStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
SafeArrayUnaccessData

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW
DragQueryFileW
ExtractIconW
SHGetFileInfoW
DragFinish

mpr

WNetGetResourceInformationW
WNetGetConnectionW

ws2_32

closesocket

winspool.drv

DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rpcrt4

RpcStringFreeA
UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate
UuidToStringA

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 960KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4f0e1dc4383a72c5388efc4005e672d

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

51:89:ff:9a:9f:b5:9b:f8:9a:f3:26:d2:4a:da:39:92Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6f:88:5e:99:ad:9c:64:80:bc:4e:fd:38:95:05:d5:68:db:62:59:5aSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

shell32

mpr

ws2_32

winspool.drv

version

rpcrt4

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 960KB - Virtual size: 957KB

.data Size: 180KB - Virtual size: 213KB

.rsrc Size: 244KB - Virtual size: 241KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

51:89:ff:9a:9f:b5:9b:f8:9a:f3:26:d2:4a:da:39:92
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6f:88:5e:99:ad:9c:64:80:bc:4e:fd:38:95:05:d5:68:db:62:59:5a
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 960KB - Virtual size: 957KB

.data
Size: 180KB - Virtual size: 213KB

.rsrc
Size: 244KB - Virtual size: 241KB