setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.exe
Size

682.5MB
MD5

ff807529cd9a879275822575c0f26fc9
SHA1

17f1ca26ca580261a4e77076c160821b6ea541ad
SHA256

9e25afd02fdee6552a2d2fafe2031c36d297aad90705f7cef6f4820c7dc47511
SHA512

b5ba86273745549f8252a8761517d895f6989cc38836377d89ce2c35c5f3eaa7d94a2a6ca41f76273e536f9f4e835e3ae45359c01c4b0ea26e30827adadd688d
SSDEEP

24576:+wvH+Iuzgi++mL7ZXom3u8nS+h52/pxB2yi0UBPdRbfFeP:+wf+Iv9om3ucSK52/px090UBPBeP

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows:5 windows x86 arch:x86

560a2f0da01f8c7311c3eb57c52e3b16

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-07-2015 00:00

Not After

26-07-2018 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-07-2015 00:00

Not After

13-07-2018 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13-12-2016 07:00

Not After

13-12-2021 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:6c:dc:fd:e2:f7:a5:54:cc:73:af:15:a1:f7:f2:24:ef:aa:28:5b:a5:b8:8f:5b:af:2e:55:29:9a:c6:fa:de
Signer

Actual PE Digest

69:6c:dc:fd:e2:f7:a5:54:cc:73:af:15:a1:f7:f2:24:ef:aa:28:5b:a5:b8:8f:5b:af:2e:55:29:9a:c6:fa:de

Digest Algorithm

sha256

PE Digest Matches

false

b5:c4:bd:0c:0f:aa:3c:b0:06:e9:5c:c8:9c:90:3a:a0:ed:c2:1d:fa
Signer

Actual PE Digest

b5:c4:bd:0c:0f:aa:3c:b0:06:e9:5c:c8:9c:90:3a:a0:ed:c2:1d:fa

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\_programmation\APIOverride\MonitoringFileBuilder\Win32ReleaseUnicode\MonitoringFileBuilderWin32.pdb

Imports

kernel32

Sleep
OpenThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
WriteFile
FormatMessageW
GetLastError
IsBadWritePtr
SetFilePointerEx
SetEndOfFile
WideCharToMultiByte
CreateEventW
GetTickCount
SetEvent
CreateThread
TerminateThread
ResetEvent
GetVersionExW
CreateProcessW
GetCommandLineW
GetWindowsDirectoryW
TerminateProcess
GetExitCodeProcess
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetEnvironmentVariableW
DeactivateActCtx
SearchPathW
ReleaseActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
HeapCreate
HeapDestroy
GetTempFileNameW
GetTempPathW
GetUserDefaultLangID
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
SetLastError
GetProcessHeap
HeapFree
CreateFileA
WaitForSingleObject
IsBadReadPtr
GetSystemDirectoryW
SetFilePointer
IsBadCodePtr
MultiByteToWideChar
CopyFileW
DeleteFileW
FreeLibrary
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
GetProcAddress
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
GetFileSizeEx
ReadFile
CloseHandle
InterlockedDecrement
InterlockedIncrement

user32

GetMenuItemCount
GetIconInfo
CreateIconIndirect
ReleaseDC
GetDC
DrawIconEx
PtInRect
MessageBoxW
SetWindowPos
GetSystemMetrics
GetWindowRect
SendMessageW
SetWindowTextW
GetWindowTextW
GetComboBoxInfo
PostMessageW
GetWindowTextLengthW
CreateWindowExW
DestroyWindow
GetMenuItemRect
IsRectEmpty
TrackPopupMenuEx
SetForegroundWindow
DestroyMenu
InsertMenuItemW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetKeyState
GetParent
RegisterClipboardFormatW
KillTimer
GetClientRect
GetDlgItem
LoadImageW
GetWindowThreadProcessId
GetWindowLongW
ShowWindow
GetAncestor
RedrawWindow
ScreenToClient
GetWindow
EnableWindow
FlashWindowEx
EndDialog
SetWindowLongW
RealGetWindowClassW
GetCursorPos
LoadCursorW
EnumThreadWindows
SetCursor
DialogBoxParamW
GetFocus
GetSysColor
FillRect
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DestroyIcon
ClientToScreen
WindowFromPoint
GetSysColorBrush
IsWindowEnabled
SetDlgItemTextW
SetFocus
CreateDialogIndirectParamW
CreateDialogParamW
DialogBoxIndirectParamW

gdi32

CreatePen
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SetTextColor
SetBkMode
GetTextExtentPoint32W
SetBkColor
DeleteObject
CreateSolidBrush
ExtTextOutW
GetObjectW
SelectObject
BitBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueW
RegQueryValueExW

shell32

SHBrowseForFolderW
DragQueryFileW
DragAcceptFiles
DragQueryPoint
SHGetMalloc
DragFinish
ShellExecuteW
SHGetPathFromIDListW

ole32

StringFromIID
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

LoadTypeLibEx
SysAllocString
QueryPathOfRegTypeLi
SysFreeString

shlwapi

SHAutoComplete

comctl32

ord410
ord412
ord17
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
ord413

wininet

InternetOpenW
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetReadFile

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

560a2f0da01f8c7311c3eb57c52e3b16

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

32:58:e8:ee:54:af:5c:27Certificate

Extended Key Usages

Key Usages

69:6c:dc:fd:e2:f7:a5:54:cc:73:af:15:a1:f7:f2:24:ef:aa:28:5b:a5:b8:8f:5b:af:2e:55:29:9a:c6:fa:deSigner

b5:c4:bd:0c:0f:aa:3c:b0:06:e9:5c:c8:9c:90:3a:a0:ed:c2:1d:faSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

Sections

.text Size: 451KB - Virtual size: 451KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 274KB - Virtual size: 283KB

.tls Size: 8KB - Virtual size: 8KB

.rsrc Size: 197KB - Virtual size: 197KB

.reloc Size: 374KB - Virtual size: 374KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate

69:6c:dc:fd:e2:f7:a5:54:cc:73:af:15:a1:f7:f2:24:ef:aa:28:5b:a5:b8:8f:5b:af:2e:55:29:9a:c6:fa:de
Signer

b5:c4:bd:0c:0f:aa:3c:b0:06:e9:5c:c8:9c:90:3a:a0:ed:c2:1d:fa
Signer

.text
Size: 451KB - Virtual size: 451KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 274KB - Virtual size: 283KB

.tls
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 197KB - Virtual size: 197KB

.reloc
Size: 374KB - Virtual size: 374KB