Setup_631577[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Setup_631577.exe
Size

28.6MB
MD5

75a296926d21b2e1c18b87d19b3db434
SHA1

ad1e59743e69fcb718dd49beea6f26007a5357e0
SHA256

d6e052c9445c451e1996d502db25acf07a11422669346305deed555609873d2f
SHA512

2de27cb04987bb93e5329b52b2ebccffe0fbc933f3244280103614617e89ba3afc7d74febcf8e543e49c0b36d3e32f548884a88178691ccc1bb5d5c78fa78346
SSDEEP

786432:XTEQBxEyYj1czwFwHIxwjRowPdFG7d90ukIBT2:XTEQbWjGTIxwjRoSk7d1Pt2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup_631577.exe

Files

Setup_631577.exe
.exe windows:5 windows x86 arch:x86

9e5a9a20c885c7c0bc903b2191258906

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetCPInfo
CloseHandle
CreateFileW
EncodePointer
GetTickCount64
FreeLibrary
GetVersionExW
HeapSize
RemoveDirectoryW
VirtualQuery
HeapCreate
GlobalUnlock
SetEvent
SetUnhandledExceptionFilter
GetProcessAffinityMask
TlsAlloc
FormatMessageW
DeleteFileA
VerSetConditionMask
GetEnvironmentVariableA
SetHandleCount
InterlockedIncrement
SetEndOfFile
GetCurrentDirectoryW
HeapSetInformation
IsDebuggerPresent
MoveFileExW
GetModuleFileNameW
GetFileInformationByHandle
GetStdHandle
GetACP
GetModuleFileNameA
CreateThread
CreateDirectoryW
GetVersion
GetConsoleCP
Sleep
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
EnterCriticalSection
GetDateFormatA
SleepEx
TlsGetValue
GetCurrentProcess
GetCommandLineA
IsValidLocale
GetLocaleInfoA
InterlockedExchange
WriteFile
ExitProcess
HeapAlloc
GetEnvironmentStringsW
GetTimeZoneInformation
InitializeCriticalSection
GetCommandLineW
QueryPerformanceCounter
WaitForSingleObject
WaitForMultipleObjects
GetFileSizeEx
SetFilePointer
FindFirstFileW
DeleteFileW
GetSystemDirectoryW
ReleaseSemaphore
WriteConsoleW
SetLastError
GetLogicalDriveStringsW
RaiseException
GlobalLock
GetOEMCP
FileTimeToLocalFileTime
GetSystemInfo
GetProcessHeap
TlsFree
QueryPerformanceFrequency
LCMapStringW
FileTimeToSystemTime
GetLocaleInfoW
ReadFile
GetTickCount
CreateSemaphoreW
GetTimeFormatA
GetConsoleMode
MultiByteToWideChar
TerminateProcess
GetFileAttributesW
SetFileAttributesW
HeapFree
InitializeCriticalSectionAndSpinCount
MoveFileW
VirtualFree
GetFileType
GlobalAlloc
CompareStringW
HeapReAlloc
lstrlenA
GetCurrentProcessId
FindFirstFileExW
FindClose
PeekNamedPipe
IsProcessorFeaturePresent
GetStartupInfoW
LeaveCriticalSection
UnhandledExceptionFilter
SetPriorityClass
FlushFileBuffers
IsValidCodePage
GetStringTypeW
RtlUnwind
GetFileSize
GetModuleHandleA
SetFileTime
FreeEnvironmentStringsW
VerifyVersionInfoW
GetLastError
GetUserDefaultLCID
GlobalFree
GetCurrentThreadId
EnumSystemLocalesA
GlobalMemoryStatus
CreateEventW
LocalFree
GetDriveTypeW
GetFullPathNameW
SetStdHandle
SetEnvironmentVariableA
ResetEvent
LoadLibraryExW
GetSystemTimeAsFileTime
ExitThread
InterlockedDecrement
LoadLibraryA
TlsSetValue
VirtualAlloc
CompareFileTime
LoadLibraryW
DecodePointer
WideCharToMultiByte

user32

ScreenToClient
SendMessageW
ShowWindow
CloseClipboard
MoveWindow
SystemParametersInfoW
IsDlgButtonChecked
GetWindowTextLengthW
KillTimer
wsprintfA
GetParent
DialogBoxParamW
SetWindowLongW
EndDialog
GetDlgItem
EmptyClipboard
MessageBoxW
EnableWindow
SetDlgItemTextW
InvalidateRect
SetClipboardData
SetCursor
GetMonitorInfoA
MapDialogRect
GetWindowRect
PostMessageW
SetFocus
GetWindowTextW
GetKeyState
LoadStringW
CheckDlgButton
OpenClipboard
GetFocus
SetTimer
MonitorFromWindow
LoadCursorW
SetWindowTextW
GetWindowLongW
CharUpperW
LoadIconW

advapi32

CryptReleaseContext
CryptGenRandom
CryptCreateHash
CloseServiceHandle
CryptImportKey
CryptGetHashParam
CryptEncrypt
CryptDestroyHash
CryptAcquireContextW
CryptHashData
CryptDestroyKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
OleInitialize
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString

ws2_32

WSACreateEvent
freeaddrinfo
WSAWaitForMultipleEvents
WSAIoctl
WSAResetEvent
getaddrinfo
WSAStartup
recvfrom
WSACleanup
WSAGetLastError
send
closesocket
gethostname
ioctlsocket
__WSAFDIsSet
select
recv
WSACloseEvent
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
socket
connect
WSASetLastError
WSAEventSelect
WSAEnumNetworkEvents
accept
listen
sendto
htonl

crypt32

CertOpenStore
CryptQueryObject
PFXImportCertStore
CryptDecodeObjectEx
CertFreeCertificateContext
CertFindExtension
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertGetCertificateChain
CryptStringToBinaryW
CertFindCertificateInStore
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateChain

wldap32

ord147
ord216
ord46
ord41
ord27
ord301
ord167
ord79
ord142
ord127
ord133
ord26
ord208
ord145
ord219
ord14
ord117
ord73

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e5a9a20c885c7c0bc903b2191258906

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

crypt32

wldap32

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 211KB - Virtual size: 210KB

.data Size: 10KB - Virtual size: 34KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 211KB - Virtual size: 210KB

.data
Size: 10KB - Virtual size: 34KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 92KB - Virtual size: 92KB