Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

110KB
MD5

0b8a1ddcb6a7485f7cd0c08b83dd4ebf
SHA1

6b5229046cf3980960d32f1dbd8a7ddba5a4f799
SHA256

d28b2db296598fa3e5134f677628c45a638b8e884b9c31e1f61078aac98be812
SHA512

ea4dfec83be5afcd8920ac45dadbda1cf3fdfc33fc9e42be1c43750dfedb4b1bbdf6f51a0069c59e87fbc3011fcf59afaeb722391f27110112887bc1d90c1c65
SSDEEP

3072:FM74N7ms4CCwG5qSDUxL7gl5NXs2llTRZUm:aBs4T538EXs8TRSm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume5/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EmgServer/Setup.exe

Files

Setup.exe
.zip

Password: India@2023@@
Device/HarddiskVolume5/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EmgServer/Setup.exe
.exe windows:4 windows x86 arch:x86

Password: India@2023@@

81638d02019c0bfcaaf23a9c69f2f12c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json