Setup_938513[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Setup_938513.exe
Size

22.8MB
MD5

8484dc3553d0a208e9308dfbc51ddd80
SHA1

c207fd38e79d5955597c66a8f0fdd77e8dd45e92
SHA256

ad8cd146d876a8082216f3443aba9965dcd565f8cfbf03b118fe480bc5a1a15d
SHA512

72a05fd2f5fd8b80084aaf4cd639e574e44d2dc9d94b5d3430903c86105043b338c568399acebebadb9c477e774cf40b01d26948f0719d23d8c1772e3243356d
SSDEEP

393216:DmSptt0t+F8l1LrYFVw1qeH5j5Xov/2MjdshHzeobmKNV+lMG5DMPxasyPRYtoXV:DmSol1LrYFVw1qej54vuVzeobJ+aG5cC

Score

1^/10

Malware Config

Signatures

Files

Setup_938513.exe
.exe windows:6 windows x86 arch:x86

2260c67f33115e8747a65998e6212640

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

18/08/2023, 00:00

Not After

17/08/2024, 23:59

Subject

SERIALNUMBER=0450768115,CN=Cyber Holding Partners LLC,O=Cyber Holding Partners LLC,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:5a:18:63:35:c0:68:37:3c:06:50:91:90:32:b6:9d:04:97:c1:92:e9:eb:67:5b:43:55:cb:ef:67:b9:51:10
Signer

Actual PE Digest

33:5a:18:63:35:c0:68:37:3c:06:50:91:90:32:b6:9d:04:97:c1:92:e9:eb:67:5b:43:55:cb:ef:67:b9:51:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileExW
SetEnvironmentVariableW
VerSetConditionMask
FileTimeToLocalFileTime
EnterCriticalSection
SetUnhandledExceptionFilter
GetProcessHeap
SleepEx
TerminateProcess
GetConsoleMode
DecodePointer
WaitForMultipleObjects
GetStringTypeW
LeaveCriticalSection
GetLogicalDriveStringsW
LoadLibraryExW
GetCommandLineW
FindFirstFileW
DuplicateHandle
GetVersionExW
SetThreadPriority
GetConsoleOutputCP
SetThreadAffinityMask
CloseHandle
WriteFile
GetTickCount
InitializeCriticalSectionAndSpinCount
GetCPInfo
lstrlenA
CreateTimerQueue
ExitProcess
InterlockedPushEntrySList
ReleaseSemaphore
GetLastError
GetTickCount64
FreeLibrary
FileTimeToSystemTime
GetSystemTimeAsFileTime
TlsGetValue
GlobalAlloc
CreateSemaphoreW
GetVersion
FindClose
CompareStringW
FormatMessageW
HeapAlloc
GetFileSizeEx
CreateDirectoryW
GetUserDefaultLCID
InitializeCriticalSectionEx
EnumSystemLocalesW
GetNumaHighestNodeNumber
GlobalMemoryStatus
GetStdHandle
SetFileTime
ReadFile
GlobalUnlock
CreateTimerQueueTimer
GetFileAttributesW
ReleaseSRWLockExclusive
TlsAlloc
GetOEMCP
RemoveDirectoryW
GetFileAttributesExW
HeapReAlloc
ReadConsoleW
QueryDepthSList
IsValidCodePage
SystemTimeToTzSpecificLocalTime
ResetEvent
GetThreadPriority
CreateEventW
GetCurrentDirectoryW
WriteConsoleW
FindNextFileW
SetPriorityClass
VirtualAlloc
TlsFree
SetEvent
SetLastError
QueryPerformanceFrequency
SignalObjectAndWait
GetStartupInfoW
AcquireSRWLockExclusive
SetEndOfFile
SwitchToThread
GetModuleHandleA
GetFileType
GetLogicalProcessorInformation
LCMapStringW
LoadLibraryW
CompareFileTime
GetTimeFormatW
SetFilePointerEx
GetLocaleInfoW
IsValidLocale
GlobalLock
WaitForSingleObject
GetDriveTypeW
GetDateFormatW
HeapFree
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
LocalFree
DeleteTimerQueueTimer
RtlUnwind
GetSystemInfo
GetSystemDirectoryW
MoveFileW
RaiseException
GetFileInformationByHandle
UnregisterWaitEx
GetProcessAffinityMask
GetModuleHandleExW
RegisterWaitForSingleObject
GetFileSize
GetEnvironmentVariableA
EncodePointer
GetEnvironmentStringsW
FreeLibraryAndExitThread
PeekNamedPipe
ChangeTimerQueueTimer
HeapSize
GetFullPathNameW
CreateThread
CreateFileW
SetFileAttributesW
QueryPerformanceCounter
VerifyVersionInfoW
InterlockedPopEntrySList
WaitForSingleObjectEx
GetModuleHandleW
MoveFileExW
TryEnterCriticalSection
UnregisterWait
IsDebuggerPresent
MultiByteToWideChar
VirtualProtect
GetCurrentThread
FlushFileBuffers
GetTimeZoneInformation
GlobalFree
InitializeSListHead
GetModuleFileNameW
InitializeCriticalSection
GetCommandLineA
TlsSetValue
SetStdHandle
GetProcAddress
DeleteCriticalSection
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCurrentProcess
WideCharToMultiByte
InterlockedFlushSList
FreeEnvironmentStringsW
GetACP
Sleep
ExitThread
DeleteFileW
VirtualFree
lstrcatA
GetThreadTimes

user32

LoadStringW
CloseClipboard
GetWindowTextLengthW
EmptyClipboard
InvalidateRect
SetFocus
LoadCursorW
ScreenToClient
SetWindowTextW
GetDlgItem
GetMonitorInfoA
OpenClipboard
GetFocus
SystemParametersInfoW
GetParent
PostMessageW
CheckDlgButton
SetClipboardData
MapDialogRect
MonitorFromWindow
KillTimer
MessageBoxW
GetWindowTextW
MessageBoxA
MoveWindow
CharUpperW
GetWindowRect
IsDlgButtonChecked
GetKeyState
DialogBoxParamW
SetTimer
wsprintfA
SetCursor
SetWindowLongW
EnableWindow
LoadIconW
ShowWindow
SetDlgItemTextW
SendMessageW
EndDialog
GetWindowLongW

advapi32

CryptGetHashParam
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CloseServiceHandle
CryptAcquireContextW
CryptEncrypt
CryptReleaseContext
CryptCreateHash
CryptHashData

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertFreeCertificateChain
CryptDecodeObjectEx
CertOpenStore
CertCreateCertificateChainEngine
CertGetNameStringW
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
PFXImportCertStore
CertGetCertificateChain
CryptStringToBinaryW
CertFindExtension
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptQueryObject
CertFreeCertificateChainEngine

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSACloseEvent
WSACreateEvent
getsockopt
send
WSAEnumNetworkEvents
getaddrinfo
WSAIoctl
socket
WSAWaitForMultipleEvents
WSAEventSelect
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAResetEvent
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
freeaddrinfo

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2260c67f33115e8747a65998e6212640

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

33:5a:18:63:35:c0:68:37:3c:06:50:91:90:32:b6:9d:04:97:c1:92:e9:eb:67:5b:43:55:cb:ef:67:b9:51:10Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 94KB - Virtual size: 94KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

33:5a:18:63:35:c0:68:37:3c:06:50:91:90:32:b6:9d:04:97:c1:92:e9:eb:67:5b:43:55:cb:ef:67:b9:51:10
Signer

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 94KB - Virtual size: 94KB