Set-up[.]exe[.]v | Triage

Sharing

General

Target

Set-up.exe.v
Size

5.8MB
MD5

89eeadb0cd832d6612b7889ddedca422
SHA1

06139f8ca43002a93229734eae6edab1cb25599f
SHA256

24990992d5bfd060f9ae55e57076f9a20fc968071c8b74f183572c7bc1cc2fa0
SHA512

2ac67b66e087df0988c79e1a047f99727f82a3141dccfeb58ef95c60e5ede49d93b0f0d55d513a768460c877a19ee5cbc27d121dac06f3e452cf42ecc830a193
SSDEEP

98304:0Ihhvd0ZSAsCEVf9kVQZW0AKwHFoXne5Xfhn91PGjXIMPmpnbK1eh:0Ihhv2GpZWDKCouFJPurI5BG1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Set-up.exe.v

Files

Set-up.exe.v
.exe windows:5 windows x86 arch:x86

800426dd9896526490b7cac3fa1e0b22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

rand

user32

wsprintfW

gdi32

CreateDCA

advapi32

RegGetValueA

shell32

SHFileOperationA

ole32

CoInitializeEx

oleaut32

SysAllocString

shlwapi

ord155

Sections

.MPRESS1
Size: 5.6MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE