Setup-576892[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Setup-576892.zip
Size

43.8MB
MD5

02919a2acc54edfcbf90ff934944e2f1
SHA1

a656c0662f19423b9c676f1fca4bbd12be317999
SHA256

7147486b2281f712ce12d0ec0d042ed6b8c1fe0b3af1dc196cb67bbeed916cb8
SHA512

7a93cb2aad4ab13b0be7d74f0f56765c2f711d4795d91d9f4add6c1e27f509210162001c873a81df98b4116f3c1f305915f9438f409c5361941736361f48d2c9
SSDEEP

786432:bbx6hv76QHmV5dQVesCOBSnwvTk09jQI9JGbI8pmw8YODMZ99n6141h:bb0/mVOeb6SwvT2eMMw8YODiHnZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup_02024.exe

Files

Setup-576892.zip
.zip
Setup_02024.exe
.exe windows:6 windows x86 arch:x86

05ab4c8442338eca44d155cf7c7529e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

LoadLibraryW
GetEnvironmentVariableA
GetFinalPathNameByHandleW
WriteConsoleW
FindNextFileW
SetFilePointer
SetCurrentDirectoryW
WaitForSingleObjectEx
MoveFileExW
RemoveDirectoryA
RtlUnwind
GetFullPathNameW
GetModuleHandleExW
VerifyVersionInfoW
GetFileAttributesA
GetFileInformationByHandle
UnhandledExceptionFilter
CreateSemaphoreA
CloseHandle
FormatMessageW
GetACP
IsDebuggerPresent
SetFileAttributesA
FormatMessageA
GetTempPathA
TlsFree
DeleteFileW
DeleteFileA
LoadLibraryA
GetCPInfo
FreeLibrary
GetConsoleCP
InitializeSListHead
GetSystemInfo
GetConsoleMode
EnterCriticalSection
RemoveDirectoryW
GetTempPathW
HeapAlloc
lstrlenA
LCMapStringW
GlobalMemoryStatus
HeapSize
GetTickCount64
GetProcessAffinityMask
ExitThread
QueryPerformanceFrequency
GetCommandLineW
TryAcquireSRWLockExclusive
WriteFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetLastError
SetStdHandle
SetCurrentDirectoryA
GetVersion
RaiseException
GetCommandLineA
SetLastError
Sleep
GetFileAttributesExW
ReleaseSRWLockExclusive
GetStringTypeW
VirtualFree
GetTimeFormatW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
ReadConsoleW
PeekNamedPipe
SleepEx
GetFileType
GetDriveTypeW
GetLocaleInfoEx
IsProcessorFeaturePresent
GetLocaleInfoW
IsValidCodePage
HeapFree
DeleteCriticalSection
GetDateFormatW
InitializeCriticalSectionAndSpinCount
GetFileSize
SetEvent
GetFileSizeEx
FindFirstFileA
FindNextFileA
GetVersionExA
WaitForMultipleObjects
WakeAllConditionVariable
CreateDirectoryA
ReleaseSemaphore
GetTickCount
CreateFileA
LoadLibraryExW
SetUnhandledExceptionFilter
GetTimeZoneInformation
FindFirstFileExA
GetStartupInfoW
InitializeCriticalSectionEx
TerminateProcess
FindFirstFileW
InitializeCriticalSection
GetCurrentDirectoryA
IsValidLocale
FreeEnvironmentStringsW
LocalFree
GetModuleHandleW
WaitForSingleObject
GetCurrentProcessId
EnumSystemLocalesW
GetCurrentProcess
lstrcatA
FileTimeToSystemTime
SetEndOfFile
CreateEventA
LCMapStringEx
GetCurrentThreadId
ExitProcess
VirtualAlloc
GetUserDefaultLCID
VerSetConditionMask
FreeLibraryAndExitThread
CreateThread
WideCharToMultiByte
DecodePointer
TlsSetValue
CreateFileW
FindClose
CreateDirectoryW
GetFileAttributesW
TlsGetValue
AcquireSRWLockExclusive
ResetEvent
GetProcessHeap
FlushFileBuffers
SetFileAttributesW
ReadFile
GetEnvironmentStringsW
LeaveCriticalSection
HeapReAlloc
GetProcAddress
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryW
SetEnvironmentVariableA
SetFileTime
GetSystemDirectoryW
GetOEMCP
TlsAlloc
AreFileApisANSI
EncodePointer
CompareStringW
GetStdHandle

user32

DialogBoxParamW
GetDlgItem
SetTimer
CharUpperW
SetWindowTextA
KillTimer
DialogBoxParamA
SendMessageA
PostMessageA
SetWindowLongA
MessageBoxA
CharUpperA
EndDialog
GetWindowLongA
LoadStringW
MessageBoxW
LoadIconA
wsprintfA
SetWindowTextW
DestroyWindow
LoadStringA
ShowWindow

shell32

ShellExecuteExA

oleaut32

VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptEncrypt

crypt32

CertEnumCertificatesInStore
CryptStringToBinaryW
CertAddCertificateContextToStore
PFXImportCertStore
CertOpenStore
CertFindExtension
CryptDecodeObjectEx
CertCreateCertificateChainEngine
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetNameStringW
CertCloseStore

wldap32

ord216
ord301
ord145
ord219
ord46
ord14
ord147
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133

ws2_32

gethostname
htons
getsockopt
send
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
WSACreateEvent
freeaddrinfo
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
ioctlsocket
setsockopt
getaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
WSAWaitForMultipleEvents
WSAIoctl
recvfrom
sendto
getpeername

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05ab4c8442338eca44d155cf7c7529e8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

oleaut32

bcrypt

advapi32

crypt32

wldap32

ws2_32

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 72KB - Virtual size: 72KB