setup (6)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

setup (6).exe
Size

27.2MB
MD5

6a0f46c7492aeb7f3902ae81199df642
SHA1

c6b3525c429965e282396ae4da9f0c6e94c1a3d7
SHA256

3ff96a702d8abd81976ddc4f21e5cf4af587098135edd5fd6ef0477158c68e5a
SHA512

d8933e8e64d2fa889712a5cf16640f4d8db003b75418e8514c0b633c5d140d80ce210d3b65d4196624392923e3ff41b65e0d490a7c50d07b77d8e5bcddea86e5
SSDEEP

786432:/pMt1QR6EAcSQVw+jyzjhggCiM2w0DpCk5j:/Gt2VWQVoj6Ew0DMmj

Score

1^/10

Malware Config

Signatures

Files

setup (6).exe
.exe windows:4 windows x86 arch:x86

eadde2b3cedc3fcfba03ce4e04fb1156

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:f0:2a:60:a7:35:52:ab:39:ce:19:dd:96:5a:fe:97
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/03/2019, 00:00

Not After

14/03/2020, 23:59

Subject

CN=BUSINESS PROCESS SOLUTIONS,O=BUSINESS PROCESS SOLUTIONS,POSTALCODE=4071,STREET=Rue Kendi,L=Khézama Ouest,ST=Sousse,C=TN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:c9:3c:b9:9a:0b:af:f8:97:7c:09:84:ac:72:93:7b:9c:54:62:4c
Signer

Actual PE Digest

33:c9:3c:b9:9a:0b:af:f8:97:7c:09:84:ac:72:93:7b:9c:54:62:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\source\source.AV\59648\Release_wdautoex_163\Release\WdAutoEx.pdb

Imports

comctl32

ord17

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetGetUniversalNameW
WNetCloseEnum

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
ceil
vswprintf
_except_handler3
iswspace
strncpy
memchr
memcmp
_wmakepath
_wstati64
memmove
iswalnum
wcsstr
realloc
_wcsnicmp
memset
towupper
free
malloc
_purecall
_wcsicmp
strncmp
strcat
strchr
_vsnwprintf
_vsnprintf
wcschr
wcscmp
strlen
_wtoi
memcpy
wcsrchr
_controlfp
wcsncpy
_snwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
wcscpy
wcscat
swprintf

kernel32

GetStartupInfoA
GetModuleHandleA
LCMapStringW
CreateProcessW
InterlockedDecrement
CompareStringA
CompareStringW
WideCharToMultiByte
QueryDosDeviceW
GetDriveTypeW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
FindNextFileW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetVersionExW
GetFileTime
SetLastError
SetFileTime
SetErrorMode
SetEndOfFile
FlushFileBuffers
UnlockFileEx
UnlockFile
LockFileEx
LockFile
SetFilePointer
ReadFile
WriteFile
GetVolumeInformationW
GetLogicalDriveStringsW
GetFileInformationByHandle
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchangeAdd
OpenProcess
MultiByteToWideChar
LockResource
LoadResource
FindResourceW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetExitCodeProcess
SetEnvironmentVariableW
GetCurrentDirectoryW
CloseHandle
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
GetLastError
FormatMessageW
LocalFree
GetModuleFileNameW

user32

CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
MessageBoxW
SendDlgItemMessageW
SetWindowTextW
IsWindow
LoadStringW
CharUpperW
GetDlgItem
GetDesktopWindow
DrawTextW
FillRect
GetDC
DestroyWindow
UpdateWindow
ShowWindow
GetClientRect
GetSystemMetrics
CreateWindowExW
RegisterClassW
GetSysColor
LoadIconW
DefWindowProcW
SetDlgItemTextW
SetWindowPos
GetParent
DialogBoxParamW
EndDialog
SendMessageW
ReleaseDC

gdi32

DeleteObject
GetStockObject
SelectObject
SetROP2
SetTextColor
SetBkMode
CreateSolidBrush

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW

ole32

OleInitialize

Exports

Exports

CommandeComposante

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eadde2b3cedc3fcfba03ce4e04fb1156

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

b7:f0:2a:60:a7:35:52:ab:39:ce:19:dd:96:5a:fe:97Certificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

33:c9:3c:b9:9a:0b:af:f8:97:7c:09:84:ac:72:93:7b:9c:54:62:4cSigner

Headers

File Characteristics

PDB Paths

Imports

comctl32

mpr

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 91KB - Virtual size: 90KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

b7:f0:2a:60:a7:35:52:ab:39:ce:19:dd:96:5a:fe:97
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

33:c9:3c:b9:9a:0b:af:f8:97:7c:09:84:ac:72:93:7b:9c:54:62:4c
Signer

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 91KB - Virtual size: 90KB