Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

14.4MB
MD5

db63171e8f58f0e78f588471154b3c27
SHA1

de940ecab24a000a64f27ca6b0fe93c7d5e9f866
SHA256

5451f776144a83c4fbf47d9dc455f4ba2751dc20a36b4022fadb9f5fdfad32ec
SHA512

1dc070e460628eab8b4efb40e1dd3cba77d8c05930fb970adb426812561e112c13b21cdbd00dc5b5b78657e160ac3a18b0ae6329f203f174a6fb4610133e024d
SSDEEP

196608:Ywa/A5/A3Pg2LkIJmgLpY/iLNooeoc+k88MkEQx4enDtJ+fmPOSAWiH5m+6h7MnC:qP1JtpQd8S+fiz+bC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:6 windows x86 arch:x86

957c84221d28ab5f63e61e79dfff86c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\kit\hashing\url\proxy\A7\M\bit\Q\auth\Cybersecurit\x64\drive\terab.pdb

Imports

kernel32

GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeZoneInformation
SetFilePointerEx
WriteConsoleW
GetACP
VirtualAlloc
SetStdHandle
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
SetEnvironmentVariableW
SetEnvironmentVariableA
GetModuleHandleExW
ExitProcess
PeekNamedPipe
GetFileType
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
RtlUnwind
CreateMutexA
LoadLibraryExA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
MoveFileExA
CreateSemaphoreA
CreateEventA
GetCPInfo
LCMapStringW
GetStringTypeW
GetNativeSystemInfo
SwitchToThread
OutputDebugStringW
FreeEnvironmentStringsW
GetThreadTimes
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
WaitForSingleObjectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SearchPathW
GetProfileIntW
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentDirectoryW
SetErrorMode
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
lstrcpyW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateSemaphoreW
ReleaseSemaphore
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GlobalFlags
GlobalGetAtomNameW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetVersionExW
GetThreadLocale
GetStringTypeExW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
EncodePointer
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
FreeResource
SetLastError
OutputDebugStringA
SetVolumeLabelW
GetDiskFreeSpaceW
GetDriveTypeW
GlobalSize
lstrcpynW
FlushViewOfFile
GetFileSize
SuspendThread
ResumeThread
GetSystemTimeAsFileTime
MoveFileExW
FlushFileBuffers
OpenEventW
GetExitCodeProcess
CreateProcessW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
GetModuleHandleW
GetPrivateProfileSectionNamesW
lstrcmpA
GetFullPathNameW
GetTempPathW
SetCurrentDirectoryW
CompareStringA
GlobalFree
CreateMutexW
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount64
SetFilePointer
ReadFile
HeapUnlock
HeapWalk
HeapLock
GetModuleFileNameW
SizeofResource
GetShortPathNameW
GetLongPathNameW
WideCharToMultiByte
GetDiskFreeSpaceExW
VirtualQuery
GetComputerNameW
FormatMessageW
lstrlenW
GetPrivateProfileStringW
GetPrivateProfileIntW
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
OpenProcess
TerminateProcess
SetFileTime
GetFileAttributesExW
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesW
LoadLibraryW
FreeLibrary
GetProcAddress
GlobalMemoryStatusEx
GetSystemInfo
IsProcessorFeaturePresent
FindClose
FindNextFileW
FindFirstFileW
GlobalAlloc
LocalFree
LocalAlloc
GlobalUnlock
GlobalLock
MulDiv
GetTickCount
ReleaseMutex
WritePrivateProfileStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetPriorityClass
GetCurrentThread
SetThreadAffinityMask
GetCurrentProcess
GetProcessAffinityMask
MoveFileW
GetSystemDirectoryW
GetWindowsDirectoryW
ResetEvent
FindNextChangeNotification
FindCloseChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
GetCurrentProcessId
SetFileAttributesW
CopyFileW
DeleteFileW
Sleep
SetEvent
CreateEventW
GetLastError
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
CloseHandle
WriteFile
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource

user32

SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetScrollPos
SetScrollPos
SendDlgItemMessageA
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CheckDlgButton
SetDlgItemTextW
TranslateMDISysAccel
LoadAcceleratorsW
CreatePopupMenu
DestroyMenu
GetWindowRect
EnableWindow
SendMessageW
GetClientRect
IsWindow
PostMessageW
GetSysColorBrush
MoveWindow
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
UnhookWindowsHookEx
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ShowCursor
PostQuitMessage
CreateWindowExW
DestroyWindow
LoadIconW
SetParent
UnregisterClassW
SendMessageTimeoutW
RegisterWindowMessageW
FindWindowExW
CallWindowProcW
SetCursorPos
ShowScrollBar
WindowFromPoint
IsClipboardFormatAvailable
PeekMessageW
GetCaretPos
DrawIconEx
DestroyIcon
DestroyCursor
LoadImageW
GetSystemMenu
GetTopWindow
TrackMouseEvent
GetWindowDC
BringWindowToTop
GetAsyncKeyState
InsertMenuW
ScrollWindow
SetScrollRange
GetScrollRange
InsertMenuItemW
SetPropW
GetPropW
RemovePropW
AdjustWindowRectEx
MessageBoxW
MapWindowPoints
SetWindowsHookExW
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
GetMenuStringW
GetMenuState
AppendMenuW
DispatchMessageW
RemoveMenu
DrawMenuBar
DeleteMenu
GetMenuItemCount
MonitorFromPoint
EnumDisplayMonitors
SetMenu
GetMenu
GetActiveWindow
SetWindowPlacement
SetActiveWindow
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
SetWindowLongW
GetMessageTime
DefWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsMenu
IsChild
TrackPopupMenuEx
GetForegroundWindow
BeginPaint
EndPaint
GetLastActivePopup
GetDC
ReleaseDC
MapDialogRect
IsWindowVisible
GetKeyState
GetFocus
GetClassNameW
KillTimer
SetTimer
GetWindow
IsIconic
GetWindowPlacement
CopyRect
GetDlgItem
SetWindowPos
GetDlgCtrlID
EqualRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassLongW
SetClassLongW
IsZoomed
LoadBitmapW
GetSysColor
LoadCursorW
GetParent
SetCursor
OffsetRect
DrawFocusRect
InflateRect
FillRect
GetWindowLongW
InvalidateRect
RedrawWindow
FrameRect
DrawFrameControl
GetSystemMetrics
DrawEdge
SystemParametersInfoW
SetCapture
GetCapture
PtInRect
GetMessagePos
SetRect
SetRectEmpty
MonitorFromWindow
GetMonitorInfoW
ReleaseCapture
DrawTextW
TabbedTextOutW
DrawTextExW
GrayStringW
GetDesktopWindow
UnionRect
ScreenToClient
ClientToScreen
UpdateWindow
MessageBeep
FlashWindowEx
GetCursorInfo
MonitorFromRect
SetFocus
GetTabbedTextExtentW
LoadMenuW
GetSubMenu
SetForegroundWindow
IntersectRect
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
GetMenuItemInfoW
GetWindowRgn
ShowOwnedPopups
DrawIcon
GetKeyNameTextW
MapVirtualKeyW
GetWindowThreadProcessId
GetMessageW
TranslateMessage
GetCursorPos
CharUpperW
TranslateAcceleratorW
DefFrameProcW
SetWindowRgn
IsRectEmpty
ValidateRect
SetWindowContextHelpId
RegisterClipboardFormatW
CopyImage
PostThreadMessageW
CopyAcceleratorTableW
CreateMenu
CharNextW
InvalidateRgn
GetNextDlgGroupItem
GetMenuDefaultItem
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
DrawStateW
CopyIcon
LockWindowUpdate
WaitMessage
UpdateLayeredWindow
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
GetUpdateRect
SubtractRect
DefMDIChildProcW

gdi32

StretchDIBits
GetDIBits
GetEnhMetaFileW
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
CreateDIBitmap
GetDIBColorTable
SetBkMode
CopyMetaFileW
CreateHatchBrush
CreatePatternBrush
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
IntersectClipRect
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
StartDocW
SetDIBitsToDevice
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetRectRgn
CreateEllipticRgn
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetCharWidthW
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetRgnBox
GetSystemPaletteEntries
EnumFontFamiliesW
GetTextCharsetInfo
SetDIBColorTable
CreatePolygonRgn
Polyline
CreateRoundRectRgn
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
Ellipse
StretchBlt
SetStretchBltMode
SetTextColor
SetBkColor
CreateBitmap
GetPixel
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
CreateDIBSection
GetWindowOrgEx
PatBlt
GetViewportOrgEx
GdiFlush
GetNearestPaletteIndex
SetPixel
GetCurrentObject
GetPaletteEntries
LineTo
MoveToEx
CreateFontW
DeleteDC
CreateDCW
GetTextExtentPoint32W
GetObjectW
CreateSolidBrush
CreatePen
Polygon
CreateFontIndirectW
CreatePalette
GetDeviceCaps
RealizePalette
Rectangle
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
BitBlt
SelectObject
DeleteObject
GetStockObject
SelectPalette
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
EnumFontFamiliesExW
GetTextMetricsW
GetTextColor

msimg32

TransparentBlt
AlphaBlend

winspool.drv

EnumPrintersW
GetJobW
DeviceCapabilitiesW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
ord203

advapi32

RegEnumKeyExW
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
GetLengthSid
InitializeAcl
CryptAcquireContextA
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW
GetFileSecurityW
RegQueryValueW
RegSetValueW
CryptGenRandom
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
InitializeSecurityDescriptor
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
ExtractIconW
SHAddToRecentDocs
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
ShellExecuteW
DragAcceptFiles
DragFinish

comctl32

ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_BeginDrag
ImageList_DragEnter
ImageList_Add
ImageList_GetImageInfo
ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_ReplaceIcon
InitCommonControlsEx

shlwapi

UrlUnescapeW
PathRemoveFileSpecW
PathFindFileNameW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
StrCmpLogicalW
PathIsDirectoryEmptyW
PathFindOnPathW
PathFindExtensionW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
GetWindowTheme
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
IsAppThemed
DrawThemeParentBackground
DrawThemeText

windowscodecs

WICConvertBitmapSource

ole32

StgCreateDocfileOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoDisconnectObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject
StgOpenStorageOnILockBytes
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
OleGetClipboard
OleLockRunning
CoInitializeEx
CoLockObjectExternal
DoDragDrop
RegisterDragDrop
RevokeDragDrop

oleaut32

SafeArrayDestroy
SysStringLen
LoadTypeLi
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreatePropertyFrame
SysFreeString
VarBstrFromDate
OleCreateFontIndirect
VariantCopy
VariantChangeType

oledlg

OleUIBusyW

ws2_32

accept
bind
connect
getsockopt
listen
ntohl
setsockopt
socket
gethostname
__WSAFDIsSet
ioctlsocket
gethostbyname
inet_addr
ntohs
getpeername
WSAConnect
WSASocketW
htons
WSACloseEvent
WSACreateEvent
WSACleanup
WSAStartup
WSASend
WSAGetLastError
WSARecv
WSAGetOverlappedResult
WSAEnumNetworkEvents
WSAResetEvent
shutdown
WSAEventSelect
closesocket
send
getsockname
select
getaddrinfo
sendto
freeaddrinfo
getnameinfo
recvfrom
recv

gdiplus

GdipAlloc
GdipDeleteEffect
GdipSetEffectParameters
GdipCreateEffect
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapApplyEffect
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipFree
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusStartup
GdipGetImagePalette
GdiplusShutdown

mpr

WNetGetConnectionW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetGetLastResponseInfoW
InternetOpenW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

powrprof

GetPwrCapabilities
PowerGetActiveScheme
PowerReadACValueIndex

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

waveInUnprepareHeader
waveInReset
waveInGetNumDevs
waveInGetDevCapsW
timeSetEvent
waveInOpen
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInClose
timeKillEvent
PlaySoundW

Sections

.text
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

957c84221d28ab5f63e61e79dfff86c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

windowscodecs

ole32

oleaut32

oledlg

ws2_32

gdiplus

mpr

rpcrt4

wininet

version

powrprof

msvfw32

oleacc

imm32

winmm

Sections

.text Size: 9.8MB - Virtual size: 9.8MB

.rodata Size: 29KB - Virtual size: 28KB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 63KB - Virtual size: 4.2MB

_RDATA Size: 5KB - Virtual size: 4KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 428KB - Virtual size: 428KB

.text
Size: 9.8MB - Virtual size: 9.8MB

.rodata
Size: 29KB - Virtual size: 28KB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 63KB - Virtual size: 4.2MB

_RDATA
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 428KB - Virtual size: 428KB