setupprep[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

setupprep.exe
Size

1.2MB
MD5

1d6c595387ea787a7ec57fef83fa41d9
SHA1

162687ebcbbc80e6dcae23263b4b9f05602bb92d
SHA256

712794f75f288387bdcb6d4db72fbce1fd461205b447165237c062aff6613ffd
SHA512

3743ba90704f012a95b1355d8884cf449147744db35bd932b96a674962a6e0ded3802f26694df57c09d8730f6a1a3d920798456c80265bef12e7d77470578f1a
SSDEEP

24576:LXRGJLgrr1T1wHTSJgoqKl143v2KjcdS5Y:bRGNgdWTsgo5l82acdKY

Score

1^/10

Malware Config

Signatures

Files

setupprep.exe
.exe windows:10 windows x64 arch:x64

459b33e89c7cf81bb1ee37630c08e09c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:6e:81:ab:c6:eb:f0:dc:eb:f7:5b:d3:ce:65:72:8a:5e:c7:7c:34:d9:5d:a2:79:71:d4:00:29:54:4a:c1:88
Signer

Actual PE Digest

b3:6e:81:ab:c6:eb:f0:dc:eb:f7:5b:d3:ce:65:72:8a:5e:c7:7c:34:d9:5d:a2:79:71:d4:00:29:54:4a:c1:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

SetupPrep.pdb

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
MakeSelfRelativeSD
RegQueryValueExW
OpenThreadToken
AddAccessAllowedAce
DuplicateTokenEx
SetSecurityDescriptorControl
GetLengthSid
RegDeleteValueW
SetSecurityInfo
CreateProcessAsUserW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
OpenProcessToken
RegSetValueExW
CopySid
RegCreateKeyExW
RegFlushKey
AllocateAndInitializeSid
RegDeleteKeyW
SetTokenInformation
GetAce
SetSecurityDescriptorOwner
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumValueW
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegUnLoadKeyW
StopTraceW
GetTraceLoggerHandle
QueryAllTracesW
InitiateSystemShutdownExW
RegDeleteTreeW

kernel32

AcquireSRWLockExclusive
WaitForSingleObjectEx
GetVersionExA
LockResource
DeleteFileW
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
GetNativeSystemInfo
CreateThreadpoolTimer
LoadLibraryW
FindResourceExW
ResetEvent
LoadResource
GetOverlappedResult
SetFilePointerEx
CreateMutexExW
LocalFree
MoveFileExW
ReplaceFileW
LockFileEx
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
CreateSymbolicLinkW
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
CloseThreadpoolTimer
DebugBreak
DosDateTimeToFileTime
GetSystemWindowsDirectoryW
MoveFileW
VirtualQuery
GetDriveTypeW
LoadLibraryExW
IsDebuggerPresent
FlushFileBuffers
GetExitCodeProcess
SetEvent
CreateFileA
OutputDebugStringW
ReleaseSRWLockExclusive
GetCurrentThread
GetLastError
GetTickCount64
DelayLoadFailureHook
IsValidLocale
IsValidCodePage
VerifyVersionInfoW
VerSetConditionMask
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
SearchPathW
OutputDebugStringA
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
CreateDirectoryW
ReadFile
GetModuleFileNameA
LocalFileTimeToFileTime
GetTimeZoneInformation
FormatMessageW
GetFileInformationByHandle
Sleep
MultiByteToWideChar
CreateEventW
GetLogicalDriveStringsW
SetFileAttributesW
GetSystemDirectoryW
GetSystemTime
GetVersionExW
SetThreadPreferredUILanguages
LocaleNameToLCID
GetLocaleInfoW
GetPrivateProfileIntW
InitializeCriticalSection
GlobalLock
GlobalUnlock
MulDiv
FindResourceW
QueryDosDeviceW
RaiseException
DuplicateHandle
GetShortPathNameW
HeapSize
HeapReAlloc
LoadLibraryExA
GetPriorityClass
GetThreadPriority
GetExitCodeThread
SetThreadPriority
SetPriorityClass
CreateThread
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetFileTime
FileTimeToSystemTime
CompareFileTime
CopyFileExW
SetFileInformationByHandle
DeviceIoControl
GetFileInformationByHandleEx
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetStartupInfoW
SizeofResource
FindFirstFileW
GetFileSizeEx
CompareStringW
CreateSemaphoreExW
SetLastError
EnterCriticalSection
GetCommandLineW
GetFullPathNameW
FindNextFileW
GetCurrentProcess
ReleaseSemaphore
WriteFile
ExpandEnvironmentStringsW
TerminateProcess
SetFileTime
GetModuleFileNameW
WaitForMultipleObjects
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreatePipe
SetFilePointer
ReleaseMutex
SetEndOfFile
UnlockFileEx
CreateMutexW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CreateHardLinkW
FindClose
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
OpenEventW

gdi32

GetStockObject
GetObjectW
SetBkMode
SetTextColor
CreateICW
CreateSolidBrush
BitBlt
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
CreateDCW
EnumFontFamiliesExW
CreateDIBSection
GetDeviceCaps
DeleteDC
DeleteObject
TranslateCharsetInfo
CreateFontIndirectW

user32

GetFocus
GetNextDlgTabItem
IsChild
SystemParametersInfoW
GetWindowLongW
CopyRect
DrawFocusRect
RedrawWindow
DrawTextW
GetParent
PostMessageW
InvalidateRect
LoadStringW
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
SetWindowLongW
IsWindowVisible
GetSystemMetrics
MessageBoxW
SendMessageW
SetTimer
PostThreadMessageW
KillTimer
LoadImageW
EnableWindow
GetKeyState
GetSysColorBrush
GetClientRect
TrackMouseEvent
FillRect
SetCursor
LoadCursorW
GetSysColor
GetDC
GetWindowRect
CharUpperW

mfc42u

ord4368
ord5066
ord5725
ord5722
ord3468
ord1066
ord2412
ord3783
ord1405
ord2408
ord5730
ord5711
ord6054
ord4215
ord663
ord286
ord1647
ord2665
ord2903
ord4473
ord4557
ord1812
ord854
ord4623
ord4609
ord984
ord525
ord6127
ord851
ord6559
ord336
ord1646
ord6734
ord4481
ord599
ord3754
ord1043
ord629
ord4826
ord6351
ord2661
ord1966
ord4130
ord3174
ord4612
ord3742
ord4445
ord3286
ord6352
ord342
ord1441
ord5467
ord5702
ord1586
ord287
ord812
ord288
ord1082
ord3790
ord2427
ord1574
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord1505
ord1949
ord1479
ord4550
ord1463
ord3894
ord1035
ord2329
ord822
ord1430
ord3830
ord626
ord1126
ord2856
ord1040
ord5077
ord5406
ord5245
ord4771
ord1777
ord6437
ord5687
ord665
ord5699
ord2140
ord2457
ord5683
ord1736
ord6614
ord6612
ord6102
ord6632
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1778
ord4365
ord4988
ord6440
ord3535
ord852
ord4721
ord2517
ord4218
ord337
ord2193
ord2094
ord3177
ord3076
ord1799
ord4741
ord2586
ord3743
ord4424
ord2394
ord4187
ord1930
ord4599
ord2393
ord4131
ord2906
ord4014
ord6243
ord2420
ord2898
ord2900
ord6705
ord6708

msvcrt

memmove
__RTDynamicCast
_wtoi
_errno
realloc
wcsncmp
wcsrchr
_amsg_exit
__wgetmainargs
wcscmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
memset
memcpy
_XcptFilter
free
__dllonexit
_unlock
memmove_s
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
towlower
_wcsnicmp
wcsstr
wcschr
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_wcsicmp
memcpy_s
_vsnwprintf
__CxxFrameHandler3
_wcstoui64
wcstoul
towupper
_vscwprintf
_vsnprintf
_onexit
_exit
exit
iswspace
__set_app_type
memcmp

comctl32

InitCommonControlsEx

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shell32

CommandLineToArgvW

ntdll

NtUnloadKey2
NtSetInformationProcess
NtShutdownSystem
NtSetInformationThread
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
RtlGetVersion
RtlAdjustPrivilege
RtlInitUnicodeString
NtDuplicateToken
DbgPrintEx
NtWriteFile
NtReadFile
RtlReAllocateHeap
RtlExpandEnvironmentStrings
NtQueryInformationFile
NtWaitForSingleObject
RtlRaiseStatus
NtYieldExecution
NtClose

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

wdscore

WdsSetupLogDestroy
WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP
WdsGenericSetupLogInit

fltlib

FilterFindFirst
FilterFindClose
FilterUnload
FilterFindNext

rpcrt4

UuidFromStringW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW

cabinet

ord22
ord23
ord20

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

wimgapi

WIMUnmountImage
WIMSetFileIOCallbackTemporaryPath
WIMInitFileIOCallbacks

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptFinishHash

Sections

.text
Size: 640KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boxload
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 400KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

459b33e89c7cf81bb1ee37630c08e09c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b3:6e:81:ab:c6:eb:f0:dc:eb:f7:5b:d3:ce:65:72:8a:5e:c7:7c:34:d9:5d:a2:79:71:d4:00:29:54:4a:c1:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comctl32

ole32

oleaut32

shell32

ntdll

userenv

wtsapi32

wdscore

fltlib

rpcrt4

cabinet

version

wimgapi

bcrypt

Sections

.text Size: 640KB - Virtual size: 636KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 20KB - Virtual size: 17KB

.didat Size: 4KB - Virtual size: 16B

.boxload Size: 4KB - Virtual size: 4B

.rsrc Size: 400KB - Virtual size: 396KB

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b3:6e:81:ab:c6:eb:f0:dc:eb:f7:5b:d3:ce:65:72:8a:5e:c7:7c:34:d9:5d:a2:79:71:d4:00:29:54:4a:c1:88
Signer

.text
Size: 640KB - Virtual size: 636KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 20KB - Virtual size: 17KB

.didat
Size: 4KB - Virtual size: 16B

.boxload
Size: 4KB - Virtual size: 4B

.rsrc
Size: 400KB - Virtual size: 396KB

.reloc
Size: 4KB - Virtual size: 3KB