SetupFile_567581[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SetupFile_567581.exe
Size

10.1MB
MD5

50b4f216e9479f1c83094898a372bb06
SHA1

3f534612335ac1bef119273c3020be2f1348f563
SHA256

033a8983f349cf3ac0d7750c042432fb311802b55ad4ba4d355ba64d725bcc1b
SHA512

2b1c863cd269f71c58cc3d09461d1efba47dcc9184a2a296111f22ea9173355d37c70a3a8e2c72d008fc545fd36baf65d7e106d78b07877e69f5c41403d21c0f
SSDEEP

196608:4xkxaIoA8tffTRMN0Ic78rN+QXpFSlrQ0ARkCTDE5iix7KjyYYz76KK744B:HoA8tffTRmc8/XpFSlrQ0ARgiix7Kjyw

Score

1^/10

Malware Config

Signatures

Files

SetupFile_567581.exe
.exe windows:6 windows x86 arch:x86

c41b7ce0a18626d54b85260cde8f9fe3

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:17:33:a4:17:a6:c8:31:37:78:39:94
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 20:57

Not After

02/11/2024, 20:57

Subject

SERIALNUMBER=6176747,CN=Valued Funding\, Inc.,O=Valued Funding\, Inc.,STREET=6300 Riverside Plaza NW Suite 100,L=Albuquerque,ST=New Mexico,C=US,1.2.840.113549.1.9.1=#0c156d70616765406967656e697573706963732e636f6d,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204d657869636f,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:41:fd:e7:4a:64:1a:8e:5e:76:60:20:7f:20:37:4c:b5:b6:04:35:31:31:c4:75:43:eb:4d:fd:5c:58:b8:73
Signer

Actual PE Digest

3e:41:fd:e7:4a:64:1a:8e:5e:76:60:20:7f:20:37:4c:b5:b6:04:35:31:31:c4:75:43:eb:4d:fd:5c:58:b8:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dwrite

DWriteCreateFactory

d2d1

ord1
ord5

kernel32

GetProcAddress
TlsGetValue
GetFileAttributesExW
RtlUnwind
LoadLibraryW
WaitForMultipleObjects
GetFileSize
MulDiv
lstrcatA
FileTimeToSystemTime
RaiseException
LoadLibraryA
AcquireSRWLockExclusive
GetConsoleMode
ReleaseSRWLockExclusive
GetCurrentDirectoryW
DeleteFileW
GetCPInfo
GetDriveTypeW
MoveFileExW
GetConsoleCP
VerSetConditionMask
GetModuleHandleW
SetUnhandledExceptionFilter
FindNextFileA
DeleteCriticalSection
SystemTimeToTzSpecificLocalTime
CloseHandle
GetTimeZoneInformation
LoadLibraryExW
WideCharToMultiByte
QueryPerformanceCounter
IsValidCodePage
ReadConsoleW
CompareStringW
SetFilePointerEx
UnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime
EnumSystemLocalesW
SetEndOfFile
FindFirstFileExA
HeapSize
EnterCriticalSection
SetLastError
OutputDebugStringA
FlushFileBuffers
GetCurrentProcessId
PeekNamedPipe
GetModuleHandleExW
QueryPerformanceFrequency
GetStringTypeW
WaitForSingleObject
CreateThread
OutputDebugStringW
GetLastError
FreeEnvironmentStringsW
GetTickCount64
GetUserDefaultLCID
FormatMessageW
EncodePointer
GetStdHandle
TlsAlloc
WaitForSingleObjectEx
WriteFile
TlsFree
IsProcessorFeaturePresent
GetModuleHandleA
TlsSetValue
GetDateFormatW
GetFileSizeEx
InitializeSListHead
GetTickCount
GetCurrentProcess
VerifyVersionInfoW
LCMapStringEx
CreateFileW
LeaveCriticalSection
HeapAlloc
GetCurrentThreadId
SleepEx
GetModuleFileNameW
DebugBreak
InitializeCriticalSectionEx
GetModuleFileNameA
GetEnvironmentStringsW
GetEnvironmentVariableA
LocalFree
FindClose
FreeLibraryAndExitThread
ExitProcess
HeapReAlloc
ExitThread
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
FreeLibrary
SetEnvironmentVariableA
GetFullPathNameW
GetLocaleInfoW
IsDebuggerPresent
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetOEMCP
LCMapStringW
GetStartupInfoW
GetTimeFormatW
ReadFile
WriteConsoleW
TerminateProcess
GetFileType
HeapFree
GetCurrentThread
GetACP
lstrlenA
GetSystemDirectoryW
IsValidLocale
SetStdHandle
DecodePointer

user32

TranslateMessage
IsChild
SetMenu
PostQuitMessage
GetWindowRect
GetUpdateRect
LoadIconW
AppendMenuW
DispatchMessageW
ValidateRect
UnhookWindowsHookEx
GetScrollInfo
PtInRect
SetWindowPos
GetSystemMetrics
GetWindowTextW
RegisterClassW
SetWindowRgn
SetFocus
SystemParametersInfoW
SetWindowLongA
ShowWindow
IsDialogMessageW
SetParent
AdjustWindowRectEx
SetTimer
BeginPaint
GetMenuItemInfoW
ReleaseDC
UpdateWindow
SetWindowLongW
SetCapture
EnableWindow
MapWindowPoints
KillTimer
MessageBoxA
UnregisterClassW
GetWindowLongW
LoadCursorW
GetMessageTime
ReleaseCapture
GetMessageW
GetActiveWindow
SendMessageA
DefWindowProcW
EndPaint
CreateMenu
GetClassNameW
CreatePopupMenu
GetAncestor
DestroyWindow
GetDC
CallNextHookEx
CreateWindowExW
SetWindowTextW
GetDoubleClickTime
SendMessageW
SetWindowsHookExW
wsprintfA
GetClientRect
GetKeyState
InvalidateRect
GetSysColor
SetScrollInfo
SetMenuItemInfoW
GetWindowLongA

gdi32

CreateCompatibleDC
BitBlt
SetTextColor
GetTextExtentPoint32W
DeleteDC
CreateFontIndirectW
GetStockObject
SetBrushOrgEx
CreatePatternBrush
SetBkMode
DeleteObject
CreateRoundRectRgn
SelectObject
GetTextMetricsW
CreateCompatibleBitmap
GetDeviceCaps

advapi32

CryptImportKey
RegGetValueW
CryptReleaseContext
CloseServiceHandle
RegSetValueExW
CryptAcquireContextW
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyExW
CryptGetHashParam

ole32

CoCreateInstance
CoUninitialize
CoInitialize

bcrypt

BCryptGenRandom

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c41b7ce0a18626d54b85260cde8f9fe3

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

41:17:33:a4:17:a6:c8:31:37:78:39:94Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

3e:41:fd:e7:4a:64:1a:8e:5e:76:60:20:7f:20:37:4c:b5:b6:04:35:31:31:c4:75:43:eb:4d:fd:5c:58:b8:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

dwrite

d2d1

kernel32

user32

gdi32

advapi32

ole32

bcrypt

Sections

.text Size: 9.7MB - Virtual size: 9.7MB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 116KB - Virtual size: 116KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

41:17:33:a4:17:a6:c8:31:37:78:39:94
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

3e:41:fd:e7:4a:64:1a:8e:5e:76:60:20:7f:20:37:4c:b5:b6:04:35:31:31:c4:75:43:eb:4d:fd:5c:58:b8:73
Signer

.text
Size: 9.7MB - Virtual size: 9.7MB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 116KB - Virtual size: 116KB