Static task
static1
Behavioral task
behavioral1
Sample
Setupprogram_01234.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Setupprogram_01234.exe
Resource
win10v2004-20240709-en
General
-
Target
Setupprogram_01234.exe
-
Size
66.5MB
-
MD5
e9b7415372034669078d1ac0a13f1bcc
-
SHA1
ae3bea1c8c5e8a2aa233fce5e81774db33abadab
-
SHA256
442afee6bacb813fd84a6bab4bcb4d49d6a1fae17bedf6be4e2dcd7473db4149
-
SHA512
d51387e14f0f0b965a0ec970bc183d0351821f83b0a332de2f3a517d1b43ce687d068f225bc53aa63e015e0a5e37bb39f2d0be775746d5268641da209eb867f4
-
SSDEEP
786432:8n+FzopERE+TPP5ksm3ivhdS+9Ix5rUVP:zTPP5kVYtIxGP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Setupprogram_01234.exe
Files
-
Setupprogram_01234.exe.exe windows:6 windows x86 arch:x86
9b8d6bd8ee9d7c480175f8244a86c7e3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
kernel32
LocalFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetStdHandle
TlsSetValue
GetProcAddress
WaitForSingleObjectEx
CreateDirectoryW
FindFirstFileW
FindFirstFileA
InitializeSListHead
GetModuleHandleW
GetCommandLineA
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThreadId
SetCurrentDirectoryW
HeapFree
CreateEventA
SetStdHandle
CreateThread
GetFileAttributesExW
FlushFileBuffers
FileTimeToSystemTime
SetUnhandledExceptionFilter
MoveFileExW
FormatMessageA
SetCurrentDirectoryA
GetACP
ReleaseSemaphore
CreateFileA
TlsFree
GetSystemDirectoryW
GetTimeZoneInformation
RaiseException
TerminateProcess
SetFileAttributesW
PeekNamedPipe
GetFileSize
GetFinalPathNameByHandleW
GlobalMemoryStatus
GetTimeFormatW
GetModuleHandleExW
GetTickCount
AcquireSRWLockExclusive
GetStringTypeW
RemoveDirectoryA
GetEnvironmentStringsW
FreeLibraryAndExitThread
GetModuleFileNameW
ResetEvent
FindFirstFileExA
GetTempPathA
TryAcquireSRWLockExclusive
GetCurrentDirectoryW
MultiByteToWideChar
FindClose
TlsGetValue
HeapReAlloc
GetCommandLineW
ReadConsoleW
GetLocaleInfoEx
FormatMessageW
FreeLibrary
WaitForMultipleObjects
WideCharToMultiByte
LoadLibraryExW
SetEndOfFile
GetLastError
GetCurrentProcess
InitializeCriticalSectionEx
SetFilePointerEx
CompareStringW
LoadLibraryA
WriteConsoleW
GetEnvironmentVariableA
GetCurrentDirectoryA
DeleteFileA
GetSystemInfo
VerSetConditionMask
GetFileAttributesW
UnhandledExceptionFilter
SetEvent
ReadFile
GetProcessHeap
GetVersionExA
ExitProcess
GetUserDefaultLCID
SetLastError
GetTickCount64
LoadLibraryW
IsProcessorFeaturePresent
QueryPerformanceFrequency
FreeEnvironmentStringsW
ReleaseSRWLockExclusive
CreateSemaphoreA
GetDriveTypeW
SetFileAttributesA
GetModuleHandleA
GetTempPathW
LCMapStringW
GetLocaleInfoW
GetDateFormatW
GetProcessAffinityMask
EnterCriticalSection
LCMapStringEx
GetConsoleMode
FindNextFileW
SetFileTime
SleepEx
EnumSystemLocalesW
CreateDirectoryA
VerifyVersionInfoW
GetModuleFileNameA
SetFilePointer
WakeAllConditionVariable
GetFileAttributesA
CreateFileW
RtlUnwind
SetEnvironmentVariableA
GetStartupInfoW
AreFileApisANSI
EncodePointer
GetFileSizeEx
TlsAlloc
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
DeleteCriticalSection
VirtualFree
VirtualAlloc
GetCPInfo
GetVersion
HeapSize
DecodePointer
InitializeCriticalSection
QueryPerformanceCounter
lstrcatA
DeleteFileW
HeapAlloc
ExitThread
IsDebuggerPresent
GetFileType
IsValidLocale
GetOEMCP
IsValidCodePage
CloseHandle
RemoveDirectoryW
FindNextFileA
lstrlenA
GetConsoleCP
WriteFile
GetSystemTimeAsFileTime
Sleep
user32
SendMessageA
GetDlgItem
GetWindowLongA
CharUpperW
SetTimer
LoadStringA
PostMessageA
SetWindowTextW
MessageBoxW
LoadStringW
SetWindowLongA
MessageBoxA
ShowWindow
EndDialog
wsprintfA
LoadIconA
KillTimer
DialogBoxParamW
DestroyWindow
SetWindowTextA
CharUpperA
DialogBoxParamA
shell32
ShellExecuteExA
oleaut32
VariantClear
SysAllocStringLen
SysStringLen
bcrypt
BCryptGenRandom
advapi32
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptCreateHash
CryptAcquireContextW
CryptEncrypt
CryptDestroyHash
crypt32
CryptQueryObject
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertGetNameStringW
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFindExtension
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateChain
CertFindCertificateInStore
PFXImportCertStore
CertCreateCertificateChainEngine
wldap32
ord216
ord301
ord145
ord219
ord46
ord14
ord147
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ws2_32
gethostname
htons
getsockopt
send
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAResetEvent
getaddrinfo
WSACloseEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
ioctlsocket
setsockopt
freeaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
WSAEventSelect
WSACreateEvent
recvfrom
sendto
getpeername
Sections
.text Size: 6.0MB - Virtual size: 6.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 200KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ