Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

110KB
MD5

957f4e79868caeb8b1b79e064c945ba5
SHA1

c3b60abcb3531189a293b627d2c2089852038683
SHA256

b3e01bbb66f9fc8a003b305e357656cb9b64cfae6871aa02b66de3ed228384b6
SHA512

0a380c6997cb10527df77ae654109fdab215d933ad73e3c10be74a7a26439bfbb8af03971b9d1950225cf64f61c612c6daf1a798246dbc3fd7ba80c79464a6ad
SSDEEP

3072:KmW8eiGs7MUMS4pG/Vo3c2hY51TcOpCmaWPZHOmH4/zYmg:KmW8ekwdHp4rMc1TcOpDPImY/kmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Users/LENOVO/Desktop/Handover/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EmgServer/Setup.exe

Files

Setup.exe
.zip

Password: India@2023@@
Device/HarddiskVolume3/Users/LENOVO/Desktop/Handover/Neurology/Application EEG,EMG/EMG/EMG Software V22.3.0/EmgServer/Setup.exe
.exe windows:4 windows x86 arch:x86

Password: India@2023@@

81638d02019c0bfcaaf23a9c69f2f12c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json