Setup[.]exe[.]v

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe.v
Size

5.6MB
MD5

221670bc47fdd6cd700abdeffc776a3c
SHA1

b69c938db45776d97bf3dc5b0b4bea0d45db1d7f
SHA256

61fac55b4e82e517e2bb5645583ffa0c466b72b7ed331794a25569d7abe47eac
SHA512

c1c730948166f5ba0c2bb5009f0019f5c8ab6434086fb664d338a6ac430a915aec196d1f2f6b733f3de6e6cda09277e0bb71b11dffba3ff121c7f42eec38a07d
SSDEEP

49152:KT8IJMqQQFYn9nuVPuPkPypA3HVCicjKFzJhFwdcMjA093yCO+38pUCZl/L1dfLm:KJh7pN5KPDGedegqpNL3Ywo3PU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe.v

Files

Setup.exe.v
.exe windows:4 windows x64 arch:x64

e4e1680aba38642186bffdb4754e110b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

w:\colonist\VistaWall\x64\Windows10FirewallServiceBasic.pdb

Imports

fwpuclnt

FwpmFreeMemory0
FwpmFilterUnsubscribeChanges0
FwpmFilterGetById0
FwpmNetEventDestroyEnumHandle0
FwpmNetEventEnum0
FwpmNetEventCreateEnumHandle0
FwpmFilterSubscribeChanges0
FwpmLayerGetById0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmEngineClose0
FwpmEngineSetOption0
FwpmFilterGetSecurityInfoByKey0
FwpmEngineOpen0
FwpmFilterDeleteById0
FwpmFilterAdd0
FwpmFilterDestroyEnumHandle0
FwpmFilterEnum0
FwpmFilterCreateEnumHandle0
FwpmFilterDeleteByKey0

kernel32

GetStartupInfoW
GetLogicalDrives
VerifyVersionInfoW
VerSetConditionMask
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
CreateSemaphoreW
ReleaseSemaphore
SetEndOfFile
GetFileSize
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
DeleteFileW
FileTimeToLocalFileTime
GetTempPathW
SetUnhandledExceptionFilter
GetDriveTypeW
QueryDosDeviceW
GetLogicalDriveStringsW
TerminateThread
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
GetTickCount
PeekNamedPipe
WaitForMultipleObjects
TlsGetValue
TlsSetValue
SetWaitableTimer
SleepEx
PostQueuedCompletionStatus
QueueUserAPC
GetQueuedCompletionStatus
CreateWaitableTimerW
CreateNamedPipeW
LoadLibraryA
GetCurrentThread
CreateProcessW
GetOverlappedResult
GetVersionExW
ConnectNamedPipe
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
RtlVirtualUnwind
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
GetStringTypeW
ResetEvent
SetLastError
FlushInstructionCache
GetDiskFreeSpaceW
GetVolumeInformationW
DeviceIoControl
GetFileAttributesW
GetCurrentProcessId
GetSystemDirectoryW
ExpandEnvironmentStringsW
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
GetWindowsDirectoryW
lstrlenA
GetCurrentProcess
OpenProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GetLongPathNameW
CreateMutexW
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
SetEvent
CreateEventW
CreateThread
GetCurrentThreadId
WaitForSingleObject
Sleep
CloseHandle
TlsAlloc
FormatMessageA
LocalFree
TlsFree
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
lstrcmpiW
lstrlenW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
__C_specific_handler
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCommandLineA
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetFileType
SetStdHandle
ExitProcess
ResumeThread
ExitThread
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
RtlCaptureContext
IsDebuggerPresent
TerminateProcess
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
WaitNamedPipeW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList

user32

LoadStringW
MsgWaitForMultipleObjects
GetWindowLongPtrW
CallWindowProcW
CreateWindowExW
SetWindowLongPtrW
RegisterClassExW
DefWindowProcW
IsWindow
DestroyWindow
LoadCursorW
GetClassInfoExW
CharLowerW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
CharNextW
UnregisterClassA

advapi32

ImpersonateNamedPipeClient
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
AddAce
InitializeAcl
GetAclInformation
RegQueryInfoKeyW
GetSecurityDescriptorControl
MakeSelfRelativeSD
MakeAbsoluteSD
OpenThreadToken
GetUserNameW
RevertToSelf
GetSecurityDescriptorSacl
SetThreadToken
RegEnumKeyW
RegEnumValueW
CheckTokenMembership
DuplicateToken
GetSecurityInfo
LookupAccountNameW
GetTokenInformation
EqualSid
SetSecurityInfo
SetSecurityDescriptorControl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AuditQuerySystemPolicy
AuditSetSystemPolicy
AuditFree
SetEntriesInAclW
LookupAccountSidW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
ControlService
DeleteService
CreateServiceW
SetSecurityDescriptorDacl
CopySid
IsValidSid
GetLengthSid
OpenSCManagerW
OpenServiceW
SetServiceStatus
CloseServiceHandle
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RegDeleteKeyW

shell32

SHGetFolderPathW
SHGetFileInfoW

ole32

CoGetSystemSecurityPermissions
CoInitializeSecurity
CoResumeClassObjects
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoSuspendClassObjects

oleaut32

SafeArrayDestroy
GetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeType
SafeArrayCreate
VarUI4FromStr
SysStringLen
UnRegisterTypeLi
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SetErrorInfo
VariantCopy
VariantClear
SafeArrayCopy
SafeArrayGetVartype
SysFreeString
SysAllocString
CreateErrorInfo
RegisterTypeLi
SafeArrayUnlock

shlwapi

PathFindFileNameW
SHDeleteKeyW
PathIsUNCW

ws2_32

__WSAFDIsSet
recv
htons
connect
select
WSAGetLastError
htonl
WSASetLastError
WSAAddressToStringW
gethostbyname
recvfrom
inet_ntoa
inet_addr
WSAStringToAddressW
ntohs
ntohl
WSACleanup
WSAStartup
WSAIoctl
socket
WSACreateEvent
WSACloseEvent
closesocket
ioctlsocket
accept
bind
setsockopt
getsockopt
getpeername
getsockname
listen
WSARecv
WSASend
WSASocketW
shutdown
WSAEventSelect
sendto

userenv

UnloadUserProfile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mswsock

AcceptEx
GetAcceptExSockaddrs

crypt32

CertFreeCertificateContext

netapi32

NetUserDel
NetUserAdd
NetLocalGroupAddMembers

psapi

EnumProcesses
GetProcessImageFileNameW

wevtapi

EvtSubscribe
EvtCreateRenderContext
EvtOpenPublisherMetadata
EvtClose
EvtFormatMessage
EvtRender

iphlpapi

GetAdaptersAddresses

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 351KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e1680aba38642186bffdb4754e110b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fwpuclnt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

userenv

version

mswsock

crypt32

netapi32

psapi

wevtapi

iphlpapi

rpcrt4

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 820KB - Virtual size: 820KB

.data Size: 351KB - Virtual size: 368KB

.pdata Size: 227KB - Virtual size: 226KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 820KB - Virtual size: 820KB

.data
Size: 351KB - Virtual size: 368KB

.pdata
Size: 227KB - Virtual size: 226KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB