Set-up[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Set-up.exe
Size

2.7MB
MD5

20c399a8587f80a3ee237de983d22aa2
SHA1

b04b560c92be91bbd0f168873d7cde71254a994e
SHA256

2e696ced3e82be680747bb23f42f8dec8ae305d106646628c5aa86905f0a7a1f
SHA512

dae41e92eafc30b40cd0159ed4b07bbf96e015c3aef4995af8166415fadaa2a3ff01accdf110acc5f0d164e425d53a3bc80eb4d89a85818c01464f40a7df4c7d
SSDEEP

49152:O95UUdwpQaqVt4jrazHXJOKe0pbG4P3fPaZpSbka8lvM2yBgFSMDVXVEULzGRMcG:O9mUdwpQaqr4jr6JOKe0xG4PPS88e2yu

Score

1^/10

Malware Config

Signatures

Files

Set-up.exe
.exe windows:5 windows x86 arch:x86

3b9bad2ff448604f73961b078d4c10f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:37:83:b3:de:cd:5d:bb:16:e3:3c:d3:a6:b3:bf:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/02/2014, 00:00

Not After

21/02/2015, 23:59

Subject

CN=Adobe Systems Incorporated,OU=AAM - Non - EV+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:08:8e:a3:48:ba:02:7e:32:5e:bb:4d:32:b2:1e:cb:9e:7f:7b:b8
Signer

Actual PE Digest

1c:08:8e:a3:48:ba:02:7e:32:5e:bb:4d:32:b2:1e:cb:9e:7f:7b:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

none

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

user32

DrawIcon
GetClientRect
LoadIconW
GetWindowLongW
EnableMenuItem
SetWindowLongW
GetSystemMetrics
GetWindow
SendMessageW
PostMessageW
LoadImageW
IsIconic
GetWindowRect
SetTimer
GetSystemMenu
GetDesktopWindow
ReleaseDC
GetDC
IsRectEmpty
DestroyIcon
IsWindowVisible
IsWindow
InvalidateRect
InflateRect
GetIconInfo
SetRectEmpty
LoadCursorW
GetParent
GetFocus
DrawIconEx
FillRect
SetCursor
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableWindow
wsprintfW
KillTimer
SetMenuItemInfoW
LoadBitmapW
IsWindowEnabled
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
DrawTextW
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
LockWindowUpdate
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
SetParent
UnionRect
GetKeyNameTextW
MapVirtualKeyW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
DrawFocusRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetMenuDefaultItem
CreatePopupMenu
UnregisterClassW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
OffsetRect
CharNextW
CharUpperW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
DeleteMenu
CopyImage
IntersectRect
GetSysColorBrush
RealChildWindowFromPoint
LoadMenuW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
SendDlgItemMessageA
RegisterClipboardFormatW
GetCursorPos
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW

ole32

CoFreeUnusedLibraries
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
OleRun
CoUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitialize
CoInitializeEx
CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
OleCreateFontIndirect
VarBstrFromDate
SafeArrayDestroy

shlwapi

StrFormatKBSizeW
PathIsUNCW
PathRemoveExtensionW
PathFindExtensionW
PathRenameExtensionW
PathAppendW
PathAddExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
PathIsRootW
PathGetDriveNumberW
PathIsNetworkPathW
PathRemoveBackslashW
PathFileExistsW
StrRChrW
PathIsFileSpecW
PathStripToRootW

kernel32

WaitForMultipleObjects
lstrlenA
IsDBCSLeadByteEx
TerminateThread
OpenMutexW
GetLocalTime
SetEnvironmentVariableA
WriteConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetProcessHeap
VirtualQuery
VirtualAlloc
GetSystemInfo
IsProcessorFeaturePresent
IsDebuggerPresent
HeapQueryInformation
HeapSize
ExitThread
GetModuleHandleExW
ExitProcess
RaiseException
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
HeapFree
GetFileType
SetStdHandle
HeapAlloc
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetFileTime
GetFileAttributesExW
SetErrorMode
GetWindowsDirectoryW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetCurrentDirectoryW
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
GlobalGetAtomNameW
InitializeCriticalSection
GlobalFlags
GetTickCount
ResumeThread
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
InterlockedExchange
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
FormatMessageW
GlobalSize
GlobalAlloc
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleA
FreeResource
GetVersion
OutputDebugStringA
GetFileSizeEx
FindNextFileW
lstrcmpiW
FindClose
SetLastError
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesW
GetVersionExW
WriteFile
GetCurrentProcess
MoveFileExW
FindFirstFileW
GetFileSize
CreateDirectoryW
GetUserDefaultUILanguage
GetTempPathW
GetExitCodeProcess
CopyFileW
GetUserDefaultLangID
CreateProcessW
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
CreateThread
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
SetCurrentDirectoryW
CreateEventW
ResetEvent
GetProcAddress
GetStdHandle
GetModuleFileNameW
FreeConsole
LoadLibraryW
GetModuleHandleW
SetEvent
FreeLibrary
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
LocalFree
GetCurrentProcessId
CloseHandle
ReleaseMutex
OpenSemaphoreW
LocalAlloc
CreateSemaphoreW
GetLastError
ReleaseSemaphore
Sleep
WaitForSingleObject
CreateMutexW
InitializeCriticalSectionAndSpinCount

gdi32

GetDeviceCaps
GetObjectW
Rectangle
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateRoundRectRgn
GetTextFaceW
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
OffsetRgn
EnumFontFamiliesExW
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW
GetTextExtentPoint32W
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
DeleteDC
CreateFontIndirectW
CreateBitmap
DeleteObject
SelectObject
GetStockObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
InitializeSecurityDescriptor
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ord680
ShellExecuteW
SHGetDesktopFolder

uxtheme

GetThemeColor
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetWindowTheme
DrawThemeText

oledlg

OleUIBusyW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePalette

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpReceiveResponse

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b9bad2ff448604f73961b078d4c10f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1d:37:83:b3:de:cd:5d:bb:16:e3:3c:d3:a6:b3:bf:dbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1c:08:8e:a3:48:ba:02:7e:32:5e:bb:4d:32:b2:1e:cb:9e:7f:7b:b8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

user32

ole32

oleaut32

shlwapi

kernel32

gdi32

msimg32

winspool.drv

advapi32

shell32

uxtheme

oledlg

oleacc

gdiplus

imm32

winmm

winhttp

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 450KB - Virtual size: 449KB

.data Size: 36KB - Virtual size: 72KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 476KB - Virtual size: 475KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1d:37:83:b3:de:cd:5d:bb:16:e3:3c:d3:a6:b3:bf:db
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1c:08:8e:a3:48:ba:02:7e:32:5e:bb:4d:32:b2:1e:cb:9e:7f:7b:b8
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 450KB - Virtual size: 449KB

.data
Size: 36KB - Virtual size: 72KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 476KB - Virtual size: 475KB