Overview

overview

10

Static

static

7

setup_2.exe

windows7-x64

10

setup_2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    setup_2.exe.vir

  • Size

    149.8MB

  • MD5

    ac727ab7ec322f9864262b4d04449450

  • SHA1

    dca460d6eb9daecd26f0d784d2a1a21501f057c3

  • SHA256

    9cb372f91aacf03b1c8f6210d59cc76edb2b9df4d6151430720e798aa8db7bc4

  • SHA512

    02c14ab026adc505e668d8c4e2db976ad836a40180db56669b12130a68b36065b20a0437c7fea51f07f7cae408aba5c638e6c33dff8660d6817ac031981586c5

  • SSDEEP

    3145728:1/3Y6om/lbztZbI5hPMBrYuLU0ctbJdbLMoMDLn6Qp:dtomdbztPY90ct5sOQp

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • setup_2.exe.vir
    .exe windows:4 windows x86 arch:x86

    f4639a0b3116c2cfc71144b88a929cfd


    Headers

    Imports

    Sections

  • $PLUGINSDIR/INetC.dll
    .dll windows:4 windows x86 arch:x86

    163fdad7b5f915e3a0ca7ad1d08b4ff8


    Headers

    Imports

    Exports

    Sections

  • sogou_pinyin.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ImageMagik.dll
    .dll windows:6 windows x86 arch:x86

    f204f2299a0324f196a8576faef59e72


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:5 windows x86 arch:x86

    cd90e33ffbc335413a25300c682c83df


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupFlash.swf
  • $PLUGINSDIR/SetupLib.dll
    .dll windows:6 windows x86 arch:x86

    b7d3cc98eeef23680dc67f5bf5f2b60f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupLibNew.dll
    .dll windows:6 windows x86 arch:x86

    67f9b2c634636449e612e5569d89aff9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupUi.cupf
  • $PLUGINSDIR/SogouPY.ime
    .dll windows:6 windows x86 arch:x86

    71178e1c78bcd4cde4b4c9633d1227c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SogouPY64.ime
    .dll windows:6 windows x64 arch:x64

    36f69c31821e031700c418fe9577cb11


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/setuppage.zip
    .zip
  • font.xml
  • img/bg_hole.png
    .png
  • img/browseclick.svg
  • img/browsedisable.svg
  • img/browsehover.svg
  • img/browsenormal.svg
  • img/buttoninstallclick.svg
  • img/buttoninstalldisable.svg
  • img/buttoninstallhover.svg
  • img/buttoninstallnormal.svg
  • img/closeclick.svg
  • img/closedisable.svg
  • img/closehover.svg
  • img/closenormal.svg
  • img/closenormalclick.svg
  • img/closenormaldisable.svg
  • img/closenormalhover.svg
  • img/closenormalnormal.svg
  • img/customizebuttonclick.svg
  • img/customizebuttondisable.svg
  • img/customizebuttonhover.svg
  • img/customizebuttonnormal.svg
  • img/filebg.svg
  • img/gouxuanselected.svg
  • img/icon.svg
  • img/installbg1.svg
  • img/installbg2.svg
  • img/installfinish.svg
  • img/installfinish_no_yyb.svg
  • img/itemuse_hover.svg
    .xml
  • img/itemuse_normal.svg
    .xml
  • img/itemuse_push.svg
    .xml
  • img/logo_bg_1.png
    .png
  • img/logo_bg_1.svg
    .xml
  • img/miniclick.svg
  • img/minidisable.svg
  • img/minihover.svg
  • img/mininormal.svg
  • img/miniprogressclick.svg
  • img/miniprogressdisable.svg
  • img/miniprogresshover.svg
  • img/miniprogressnormal.svg
  • img/packupclick.svg
  • img/packupdisable.svg
  • img/packuphover.svg
  • img/packupnormal.svg
  • img/pathinputactive.svg
  • img/pathinputdisable.svg
  • img/pathinputhover.svg
  • img/pathinputnormal.svg
  • img/popup_close_disable.svg
    .xml
  • img/popup_close_hover.svg
    .xml
  • img/popup_close_normal.svg
    .xml
  • img/popup_close_push.svg
    .xml
  • img/popup_ok_hover.svg
    .xml
  • img/popup_ok_normal.svg
    .xml
  • img/popup_ok_push.svg
    .xml
  • img/process.svg
  • img/progressbar.svg
  • img/search_suggest_tip_hover.svg
  • img/search_suggest_tip_normal.svg
  • img/search_suggest_tips_bak.svg
  • img/slideshow/1.svg
  • img/slideshow/2.svg
  • img/slideshow/3.svg
  • img/slideshow/4.svg
  • img/slideshow/5.svg
    .xml
  • img/slideshow/6.svg
  • img/slideshow/7.svg
  • img/tipsbg.svg
  • img/ungouxuanclick.svg
  • img/ungouxuanhover.svg
  • img/ungouxuannormal.svg
  • img/warning_popup_icon.svg
    .xml
  • searchsuggesttips.xml
  • setuppage.xml
  • slideshow.xml
  • sogoumessage.xml
  • style.xml
  • $SYSDIR/SogouPY.ime
    .dll windows:6 windows x86 arch:x86

    71178e1c78bcd4cde4b4c9633d1227c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/SogouPY.ime~
    .dll windows:6 windows x86 arch:x86

    71178e1c78bcd4cde4b4c9633d1227c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.7.0.9739/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.7.0.9739/ImageMagik.dll
    .dll windows:6 windows x86 arch:x86

    f204f2299a0324f196a8576faef59e72


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.7.0.9739/SetupUi.cupf
  • SogouExe/HWSignatureEx.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections