tsetup-x64[.]exe[.]v

Sharing

Copy URL Twitter E-mail

General

Target

tsetup-x64.exe.v
Size

1007KB
MD5

d02a4a46c43e2f35c034ec98cf407a41
SHA1

a0c4bc5ec1d84b961244badcb1441a392923db00
SHA256

729bb2cf2f31466d665050ddd09f559be35b0b2b58fae632134afa56b0b6ee3b
SHA512

627ceda4262ef7b54ed8efb5547ee9e042520229281646087043a19f4c0b6684569612a12ec793461ae453b3a202d862af1f3dc21f9f8fd212d81bc77360af7e
SSDEEP

24576:TZ5cocIKpajQLilvbaT3g6ymRVzE+DxIkRQVH:TZ56IKpaELilvbcvTzE+DxIkQF

Score

1^/10

Malware Config

Signatures

Files

tsetup-x64.exe.v
.exe windows:5 windows x64 arch:x64

3c1e4ce0c5dc46e0b7ecd168ee73a907

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20/02/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91110105MA005CH48R,CN=北京火绒网络科技有限公司,O=北京火绒网络科技有限公司,ST=Beijing Shi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:49:9d:ff:59:36:ad:e0:f8:05:ca:4f:46:c9:41:9e:69:00:81:15:e6:a9:d7:df:82:36:c9:93:d3:55:cf:06
Signer

Actual PE Digest

a8:49:9d:ff:59:36:ad:e0:f8:05:ca:4f:46:c9:41:9e:69:00:81:15:e6:a9:d7:df:82:36:c9:93:d3:55:cf:06

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Documents\Visual Studio 2008\Projects\007\x64\Release\007.pdb

Imports

kernel32

FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateToolhelp32Snapshot
SetEnvironmentVariableA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapFree
HeapQueryInformation
HeapReAlloc
HeapAlloc
HeapCreate
HeapSetInformation
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
FlsFree
FlsAlloc
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
VirtualQuery
GetSystemInfo
RtlPcToFileHeader
RaiseException
ExitProcess
RtlUnwindEx
IsBadReadPtr
HeapValidate
HeapSize
GetStartupInfoA
GetCommandLineA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileSizeEx
GetTickCount
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
VirtualProtect
GetAtomNameA
GetThreadLocale
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
SetErrorMode
GetModuleFileNameW
lstrcmpW
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
MulDiv
FormatMessageA
LocalFree
MultiByteToWideChar
SetLastError
GlobalAddAtomA
SetEvent
GetLastError
GlobalUnlock
lstrlenA
WritePrivateProfileStringA
FreeResource
GlobalFree
CompareStringA
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetLocaleInfoA
LoadLibraryA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
LoadLibraryW
VirtualFree
VirtualAlloc
CloseHandle
Module32NextW
Module32FirstW
OpenEventA

user32

UnpackDDElParam
GetClipboardFormatNameA
SetRectEmpty
MessageBeep
CopyAcceleratorTableA
CharNextA
DestroyMenu
LoadAcceleratorsA
ReleaseCapture
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SendDlgItemMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
WinHelpA
TrackPopupMenu
GetWindowTextA
GetDlgCtrlID
GetClassLongA
GetClassLongPtrA
GetClassNameA
GetWindowLongPtrA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
SetWindowLongPtrA
RemovePropA
DefWindowProcA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSysColor
LoadMenuA
ModifyMenuA
InsertMenuItemA
GetSubMenu
GetMenuItemInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
EnableMenuItem
CheckMenuItem
AppendMenuA
CharUpperA
IsMenu
CreatePopupMenu
GrayStringA
DrawTextExA
DrawTextA
DrawIcon
FillRect
GetSysColorBrush
LoadIconA
LoadCursorA
PostThreadMessageA
GetForegroundWindow
SetForegroundWindow
IsChild
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
GetCapture
IsWindowVisible
GetWindowTextW
EnumWindows
GetSystemMetrics
PostQuitMessage
ShowOwnedPopups
InvalidateRgn
InvalidateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
TranslateAcceleratorA
ReuseDDElParam
ScreenToClient
ClientToScreen
UnregisterClassA
RegisterClipboardFormatA
IsRectEmpty
GetParent
SetWindowContextHelpId
InflateRect
SetRect
PtInRect
GetWindow
SetWindowPos
MapDialogRect
IsWindowEnabled
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
EnableWindow
IsWindow
SetActiveWindow
GetActiveWindow
GetDesktopWindow
EndDialog
SendMessageA
PostMessageA
TabbedTextOutA
GetFocus
SetMenuItemBitmaps
LoadBitmapA
GetMenuCheckMarkDimensions
DispatchMessageA
TranslateMessage
GetMessageA
ValidateRect
SetWindowsHookExA
GetCursorPos
PeekMessageA
CallNextHookEx
GetKeyState
SetCursor
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
GetSystemMenu
IsIconic
BringWindowToTop
GetWindowRect
GetClientRect
MapWindowPoints

gdi32

GetTextColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
BitBlt
GetPixel
TextOutA
GetTextExtentPoint32A
Escape
GetBkColor
DeleteDC
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
ExtSelectClipRgn
SelectObject
GetDeviceCaps
CreateCompatibleDC
GetRgnBox
CreateRectRgnIndirect
ExtTextOutA
CreateCompatibleBitmap
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
GetObjectType
GetStockObject
GetObjectA
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetThreadToken
OpenThreadToken
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RevertToSelf

shell32

DragFinish
DragQueryFileA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathIsUNCA
PathFindExtensionA
PathStripToRootA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard

oleaut32

SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantInit
OleCreateFontIndirect
SafeArrayDestroy
SysAllocString
VariantCopy
VariantTimeToSystemTime
VariantChangeType

Sections

.text
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c1e4ce0c5dc46e0b7ecd168ee73a907

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fcCertificate

Extended Key Usages

Key Usages

a8:49:9d:ff:59:36:ad:e0:f8:05:ca:4f:46:c9:41:9e:69:00:81:15:e6:a9:d7:df:82:36:c9:93:d3:55:cf:06Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 710KB - Virtual size: 710KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 15KB - Virtual size: 39KB

.pdata Size: 40KB - Virtual size: 39KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 22KB - Virtual size: 21KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

a8:49:9d:ff:59:36:ad:e0:f8:05:ca:4f:46:c9:41:9e:69:00:81:15:e6:a9:d7:df:82:36:c9:93:d3:55:cf:06
Signer

.text
Size: 710KB - Virtual size: 710KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 15KB - Virtual size: 39KB

.pdata
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 22KB - Virtual size: 21KB