Setup[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.zip
Size

12.2MB
MD5

e02e15bf94b1b6a81336dbed8b3c7d30
SHA1

1ef7050bb3d1042f669f4a432ea4f1df23e516a5
SHA256

59f20114929a66a4c6243ae9d416192f0b7a584c6d3a07253e0cc69776b4de46
SHA512

ca2c368ecd3d3ff50bcbce0ca1cf7f6a3825d600ac3b2fa3a31edd52dad9d569fab5aaae36db2e16ec866857cf463190fdcbf6909c006e32d93716126985dba9
SSDEEP

196608:CnTu6c4Xdvslpr+c9HdoxcvXnQIRISojiSJRFTIxQhzjt72oejl1eLnO8+hgwWh2:j4izT9QmxCL+wMoe/inOXmCYW

Score

1^/10

Malware Config

Signatures

Files

Setup.zip
.zip
Setup.exe
.exe windows:5 windows x86 arch:x86

41de4648d9faf32ced514f0f032c8077

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04-10-2021 17:33

Not After

04-10-2024 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

15:1d:30:3d:5c:f1:93:be:4a:24:52:7a:57:bc:df:71:6f:d2:80:95:c0:b9:94:67:81:13:05:24:fe:1d:a6:3f
Signer

Actual PE Digest

15:1d:30:3d:5c:f1:93:be:4a:24:52:7a:57:bc:df:71:6f:d2:80:95:c0:b9:94:67:81:13:05:24:fe:1d:a6:3f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\repos\main\SSH2\Release\pdbs\WRC.pdb

Imports

ws2_32

htons
getservbyname
inet_addr
gethostbyname
getservbyport
gethostbyaddr
WSAGetLastError
inet_ntoa
WSASetLastError
ntohl
WSAStringToAddressW
htonl
ntohs
WSACleanup
WSAStartup

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Destroy

kernel32

FreeLibrary
GetCurrentProcess
VerSetConditionMask
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
OutputDebugStringA
CreateFileA
WriteFile
RtlCaptureStackBackTrace
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
LoadLibraryExW
HeapFree
FoldStringW
LoadLibraryA
GetSystemDirectoryA
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
Sleep
FlushFileBuffers
CompareFileTime
HeapAlloc
HeapReAlloc
CreateFileW
ProcessIdToSessionId
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTime
lstrcpyW
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetUserDefaultUILanguage
DeleteFileW
CreateDirectoryW
CreateToolhelp32Snapshot
FindFirstFileW
FindNextFileW
FindClose
OutputDebugStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
QueryPerformanceCounter
InterlockedPushEntrySList
EncodePointer
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetConsoleMode
GetACP
GetFileType
GetStringTypeW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
WriteConsoleW
GetConsoleCP
SetFilePointerEx
WaitForMultipleObjectsEx
SleepEx
GlobalSize
GlobalFree
GlobalAlloc
GetFileSize
ExpandEnvironmentStringsW
GetOverlappedResult
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiber
MultiByteToWideChar
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindFirstVolumeW
QueryDosDeviceW
GetLogicalDriveStringsW
GetVersionExW
QueryPerformanceFrequency
SetEndOfFile
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetNumberFormatW
LocalAlloc
GetCurrentDirectoryW
GetLongPathNameW
GetFullPathNameW
SetFilePointer
ReadFile
ReadConsoleW
GetFileSizeEx
GetCPInfoExW
TryEnterCriticalSection
GetTickCount
CancelIo
FileTimeToLocalFileTime
WideCharToMultiByte
Thread32Next
SuspendThread
OpenThread
Thread32First
VirtualAlloc
VirtualFree
GetConsoleOutputCP
GetCommandLineW
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
GetModuleHandleW
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
WaitForSingleObject
ResetEvent
CreateProcessW
CloseHandle
SetEvent
InterlockedCompareExchange
SwitchToThread
GetModuleHandleExW
GetModuleFileNameW
GetFileAttributesW
CreateEventW
CreateMutexW
CreateThread
InterlockedExchange
ReleaseMutex
WaitForMultipleObjects
SetLastError
LocalFree
lstrlenW
FormatMessageW

user32

UpdateWindow
ScrollWindowEx
SetScrollInfo
GetScrollInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
IsDialogMessageW
EnumThreadWindows
EnableWindow
GetDialogBaseUnits
MapDialogRect
AdjustWindowRectEx
GetFocus
PostMessageW
GetComboBoxInfo
GetUpdateRect
IsZoomed
EnumChildWindows
GetMenuItemRect
GetMenuItemID
GetMenuItemCount
DialogBoxIndirectParamW
EndDialog
DestroyWindow
GetSystemMenu
SetMenuItemInfoW
GetMenuItemInfoW
GetCapture
ScrollWindow
SetRectEmpty
AllowSetForegroundWindow
MessageBoxW
GetSystemMetrics
LoadImageW
SetWindowRgn
LoadIconW
RemovePropW
GetPropW
SetPropW
IsDlgButtonChecked
CheckDlgButton
SetWindowPlacement
DrawAnimatedRects
ValidateRect
MsgWaitForMultipleObjects
DrawIconEx
IsWindowVisible
GetWindow
IsWindow
DrawEdge
GetDCEx
InflateRect
IsIconic
SetWinEventHook
SetCursorPos
RegisterWindowMessageW
GetDoubleClickTime
GetMessagePos
SetTimer
KillTimer
SetForegroundWindow
SendMessageTimeoutW
EnumWindows
ReplyMessage
InSendMessage
WindowFromPoint
GetForegroundWindow
ShowWindow
wsprintfW
RemoveMenu
CharLowerBuffW
GetClassLongW
ShowScrollBar
SendDlgItemMessageW
FindWindowW
SetLayeredWindowAttributes
DispatchMessageW
TranslateMessage
PeekMessageW
DestroyIcon
SetFocus
GetMenuState
UnhookWinEvent
MessageBeep
GetClipboardData
IsClipboardFormatAvailable
RedrawWindow
GetSysColorBrush
GetWindowDC
IsRectEmpty
GetKeyState
TrackPopupMenuEx
GetSubMenu
EnableMenuItem
LoadMenuIndirectW
DefWindowProcW
GetDlgCtrlID
OffsetRect
DrawTextW
GetWindowTextLengthW
ReleaseCapture
SetCapture
GetMessageTime
TrackMouseEvent
PtInRect
InvalidateRect
CreateWindowExW
SetClassLongW
DrawFocusRect
FrameRect
DrawFrameControl
IsWindowEnabled
GetPropA
RemovePropA
SetPropA
RegisterClassExW
GetClassInfoExW
CreateIconIndirect
FillRect
CreateIconFromResourceEx
GetIconInfo
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetWindowThreadProcessId
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClassNameA
MonitorFromRect
GetWindowPlacement
GetMonitorInfoW
GetParent
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
GetDlgItem
CallWindowProcW
CloseClipboard
OpenClipboard
DestroyMenu
EndPaint
BeginPaint
MapWindowPoints
MonitorFromWindow
SystemParametersInfoW
MoveWindow
SetWindowPos
SendMessageW
SetWindowLongW
GetWindowLongW
GetSysColor
GetUserObjectInformationW
GetProcessWindowStation
wsprintfA
MessageBoxA
CreateDialogIndirectParamW
NotifyWinEvent
GetScrollRange
GetScrollPos
SetScrollPos
EmptyClipboard
SetClipboardData
GetDesktopWindow
FlashWindowEx
GetAncestor
RegisterClipboardFormatW
IsChild
SetWindowTextW
GetCursorPos
GetWindowTextW

ole32

ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantChangeType
VariantCopy
VariantClear
SysStringLen
SysAllocString
SysAllocStringLen

shlwapi

SHCopyKeyW

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFindCertificateInStore
PFXImportCertStore
CertFreeCertificateContext
CertOpenStore
CryptAcquireCertificatePrivateKey
CryptEncodeObjectEx
CertGetPublicKeyLength
CertGetCertificateContextProperty
PFXExportCertStoreEx
CryptDecodeObjectEx
CertFindExtension
CertCreateCertificateContext
CryptProtectData
CryptUnprotectData
CryptSignAndEncodeCertificate
CryptEncodeObject
CertCreateSelfSignCertificate
CryptMsgClose
CryptStringToBinaryA
CryptQueryObject
CertAddCertificateContextToStore
CertCloseStore
CertGetNameStringW
CryptExportPublicKeyInfoEx

wininet

HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetReadFile

gdi32

SetWindowOrgEx
ExtCreatePen
RoundRect
DPtoLP
CreateFontIndirectW
GetClipBox
SetMapMode
CombineRgn
SetRectRgn
CreateRectRgn
SelectClipRgn
ExtTextOutW
ExtSelectClipRgn
CreateRectRgnIndirect
LPtoDP
GetDIBits
SetDIBColorTable
CreateDIBSection
Rectangle
SetROP2
CreatePatternBrush
GetTextMetricsW
SetBkMode
SetTextColor
GetDeviceCaps
CreateDCW
CreateDIBitmap
LineTo
MoveToEx
CreatePen
CreateBitmap
SetPixel
GetPixel
GetObjectW
BitBlt
SetBkColor
GetTextExtentPoint32W
GetStockObject
RestoreDC
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmapIndirect
CreateSolidBrush
CreateBrushIndirect
DeleteObject
DeleteDC

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW

msimg32

AlphaBlend

oleacc

LresultFromObject
CreateStdAccessibleObject

psapi

GetModuleInformation

advapi32

IsValidSid
QueryServiceConfigW
GetSidLengthRequired
InitializeSid
GetSidIdentifierAuthority
SetEntriesInAclW
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptGetKeyParam
CryptImportKey
CryptGetProvParam
CryptVerifySignatureW
CryptSignHashW
CryptDestroyKey
LookupAccountSidW
RegCreateKeyExW
RegDeleteKeyW
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetSidSubAuthority
GetSidSubAuthorityCount
CopySid
GetLengthSid
EqualSid
OpenProcessToken
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegNotifyChangeKeyValue
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
GetTokenInformation
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptAcquireContextA

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41de4648d9faf32ced514f0f032c8077

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5eCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

15:1d:30:3d:5c:f1:93:be:4a:24:52:7a:57:bc:df:71:6f:d2:80:95:c0:b9:94:67:81:13:05:24:fe:1d:a6:3fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

kernel32

user32

ole32

oleaut32

shlwapi

crypt32

wininet

gdi32

shell32

msimg32

oleacc

psapi

advapi32

comdlg32

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 212KB - Virtual size: 237KB

.tls Size: 512B - Virtual size: 181B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 537KB - Virtual size: 537KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

15:1d:30:3d:5c:f1:93:be:4a:24:52:7a:57:bc:df:71:6f:d2:80:95:c0:b9:94:67:81:13:05:24:fe:1d:a6:3f
Signer

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 212KB - Virtual size: 237KB

.tls
Size: 512B - Virtual size: 181B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 537KB - Virtual size: 537KB