setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

197KB
MD5

ced0da9196864b3092036f648662de6d
SHA1

0748683fbe533d14dde8215b42281c129b588959
SHA256

bd05efa3376a6cb0ec289e51c07c42f34fc192ead86b9d9488bb03e5d9707439
SHA512

6a111941a73b2d77fb6f8a4862c0f8e672d9ef1c5b12c0817443def2eccc1049144f46d5330853ff24dfab04a63f63c88ec7b40dd057cae7390f8483ee9d2a0b
SSDEEP

3072:gDtAK2g8lewoo0nT7e/2Pjohbjs29qBk9fZARr8H4en4H8T7qQdZ6sR6msUaxIII:gDtA48lv0nTSVzor8HBnrZZTR6msj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows:5 windows x86 arch:x86

3062e50d2fa67f7426fb01fd27779682

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

DrawIcon

gdi32

BitBlt

advapi32

RegCloseKey

shell32

ExtractIconA

shlwapi

StrToIntA

winmm

PlaySoundW

ws2_32

connect

urlmon

URLDownloadToFileW

gdiplus

GdipFree

wininet

InternetOpenW

Sections

.MPRESS1
Size: 175KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE