set-up[.]rar | Triage

Sharing

General

Target

set-up.rar
Size

5.7MB
MD5

fa9d8831acd6b8d57a84cc0e7f5b4fca
SHA1

103660232c33dc6473461b4dfeb3d2eb88e2e428
SHA256

b3b54d959998990b64af8b55ebcbdcb93618f8d09f910b2d257aa4f87f2496d2
SHA512

57fde6c4fdefcc501f8588c0b6b1973e4d5c15f3565dbff97607ac737dada80c080f2c61f4b8e56435e45a0c994504b05e94b7cc03fb9dc1c762876ded5c5daa
SSDEEP

98304:fntv0oZEMN9C0sC1jbg6wfVP3gqEDWMvwnrlZ7XcFGt3YBru9k7zXog8loqz+t6K:ftvGMN98C1MJxwFW3nZZ7XMGyiC7zYMF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Set-up.exe

Files

set-up.rar
.rar

Password: infected
Set-up.exe
.exe windows:5 windows x86 arch:x86

Password: infected

800426dd9896526490b7cac3fa1e0b22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

rand

user32

wsprintfW

gdi32

CreateDCA

advapi32

RegGetValueA

shell32

SHFileOperationA

ole32

CoInitializeEx

oleaut32

SysAllocString

shlwapi

ord155

Sections

.MPRESS1
Size: 5.6MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE