Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

252KB
MD5

7df5e87056a4001b690c889cf194531b
SHA1

d4506dd1fa781ac343f93a8710d38c86a3e863eb
SHA256

bc599f97740d6221f36c64234c5b476cbca8ad2a0117f101e9ca9ae74bf41c47
SHA512

6481579e5d8a413c58e1689e5bff55c3af2fbb69eade00b23026b6723178eb8421cac29fc939851a060e1bbb0d815c61281a4b9fb0acfb0ee8b354827e86fd6d
SSDEEP

6144:DCMkFT/LVxBA0PLDjgvQZBVzdI/INiNYuz9AX37uk:DC/LnBA0PLD8vmBZdKy4suk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:6 windows x64 arch:x64

1788fcf006732f6774428e20ed3e9fcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

A:\CODE\Game\ProjectLoader\x64\Release\Setup.pdb

Imports

kernel32

GetCurrentProcessId
VirtualProtect
HeapFree
SetLastError
LoadLibraryA
GetNativeSystemInfo
LoadLibraryW
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
CreateDirectoryW
ReadFile
GetCommandLineW
CloseHandle
GetModuleFileNameW
SetFilePointer
CreateFileW
GetFileAttributesW
DeleteFileW
GetFileSize
GetCurrentProcess
GetLastError
FindFirstFileExW
FindNextFileW
FindClose
LocalFree
GetModuleHandleW
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
Sleep
VirtualAlloc
WriteFile
VirtualFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
MultiByteToWideChar
FormatMessageA
GetStringTypeW
WideCharToMultiByte
GetCurrentDirectoryW
GetLocaleInfoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwind

user32

MessageBoxA

shell32

CommandLineToArgvW

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1788fcf006732f6774428e20ed3e9fcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ntdll

wininet

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB