setup[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.rar
Size

1.0MB
MD5

e8e1d8d6e75f387bd1aeb9f8f8b1d25a
SHA1

a9bce8dccef304ae165e44444bb391fe788b18e1
SHA256

bda1e39b1dbd2a03ed62df0124e3a5f5876a0a94c8f6b5e6f0ff5c802b23fe92
SHA512

564ad8cf8e9659d6c193df5da0848e714e80ef449c47c01ae5e249552a78806d4fb2096b815dce6f35040101af80b8c592149f0def74b7a1f402a3b7e86f1f53
SSDEEP

24576:S30HbcZcn9Niw0CAe2lasjcvKAqZp3zYQTbEwWbJ72clRylD1OUKss:S307t9Niwqe2dpdZp3PnELJ7TkfM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

setup.rar
.rar
setup.exe
.exe windows:4 windows x86 arch:x86

fe42871ff8912bb928dd62980b167abf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateEventW
SetEvent
ResetEvent
WaitForMultipleObjectsEx
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
LocalFileTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetFileAttributesW
GetFileSize
FindClose
FindFirstFileW
CreateFileW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcess
GetSystemDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
CreateDirectoryW
MoveFileW
FindNextFileW
WritePrivateProfileStringW
GetShortPathNameW
MoveFileExW
RemoveDirectoryW
ReadFile
WriteFile
FlushFileBuffers
UnmapViewOfFile
SetFilePointer
SetEndOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetFileTime
LocalFree
GetCurrentProcessId
TerminateProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateMutexW
FormatMessageW
GlobalUnlock
GlobalLock
SetLastError
GetModuleFileNameW
LocalAlloc
LockResource
SizeofResource
LoadResource
FindResourceExW
MulDiv
GlobalFree
GlobalAlloc
GetCommandLineW
GetSystemDefaultLangID
GetUserDefaultLangID
GetThreadSelectorEntry
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
GetPrivateProfileStringW
GetVolumeInformationW
GetModuleFileNameA
lstrcpyA
GetTimeZoneInformation
GetVersion
SetFileAttributesA
CreateFileA
GetVolumeInformationA
GetFullPathNameA
FindFirstFileA
FindNextFileA
SetVolumeLabelA
lstrlenA
GetDriveTypeA
GetLocaleInfoA
GetFileAttributesA
GetFileTime
FileTimeToDosDateTime
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
RaiseException
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
CompareStringA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetStdHandle
SetEnvironmentVariableA
DeleteFileW
GetExitCodeThread
TerminateThread
CreateThread
OpenProcess
GetModuleHandleW
CloseHandle
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetThreadLocale
GetStringTypeExW
CompareStringW
MultiByteToWideChar
DeleteFileA
CreateDirectoryA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
GetCurrentThreadId
ExitThread
ExpandEnvironmentStringsW
GetLocaleInfoW
GetTickCount
GetLastError
lstrlenW
Sleep

user32

PtInRect
AdjustWindowRectEx
CreateIconIndirect
GetDC
ReleaseDC
FrameRect
DrawFocusRect
RegisterWindowMessageW
EqualRect
EndPaint
DrawEdge
BeginPaint
CopyRect
DrawMenuBar
SetMenu
RemoveMenu
GetMenuItemCount
GetWindowDC
GetMenu
RegisterClipboardFormatW
GetDlgCtrlID
GetSysColorBrush
DrawFrameControl
RegisterClassExW
LoadIconW
LoadAcceleratorsW
IsDialogMessageW
TranslateAcceleratorW
TranslateMDISysAccel
GetMessageW
DefFrameProcW
DefWindowProcW
SetMenuInfo
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
DeleteMenu
GetSubMenu
LoadMenuW
LoadMenuIndirectW
CreatePopupMenu
DestroyMenu
TrackPopupMenu
GetMenuState
SetMenuDefaultItem
WindowFromPoint
LoadBitmapW
GetWindowTextLengthW
OemToCharA
CharToOemA
ScreenToClient
FillRect
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
InvalidateRect
MapWindowPoints
GetKeyState
SetDlgItemTextW
LoadCursorW
SetCursor
AttachThreadInput
UnhookWindowsHookEx
SetWindowsHookExW
IsWindowVisible
IsWindow
EnumWindows
GetDesktopWindow
GetWindowLongW
GetClassNameW
GetWindowTextW
GetParent
GetClassLongW
MsgWaitForMultipleObjects
PeekMessageW
PostQuitMessage
MsgWaitForMultipleObjectsEx
MoveWindow
SetFocus
CreateWindowExW
SetClassLongW
GetForegroundWindow
CharNextW
PostMessageW
CallNextHookEx
SendMessageW
RedrawWindow
EndDialog
DestroyWindow
CreateDialogIndirectParamW
CreateDialogParamW
DialogBoxIndirectParamW
DialogBoxParamW
UpdateWindow
LoadStringW
MapDialogRect
BringWindowToTop
SetForegroundWindow
keybd_event
SetActiveWindow
GetFocus
SetWindowPlacement
GetDoubleClickTime
GetWindowThreadProcessId
ShowWindow
KillTimer
SystemParametersInfoW
GetWindowRect
SetWindowPos
GetClientRect
TranslateMessage
DispatchMessageW
DrawIconEx
DestroyIcon
DrawTextW
CopyIcon
GetSystemMetrics
LoadImageW
SendDlgItemMessageW
SetTimer
EnableWindow
GetDlgItemTextW
SetWindowTextW
GetMessagePos
GetCapture
ReleaseCapture
InflateRect
SetCapture
GetCursorPos
GetSysColor
CallWindowProcW
GetPropW
SetPropW
RemovePropW
SetWindowLongW
GetWindowPlacement
MessageBoxW
GetWindow

gdi32

CreateCompatibleDC
Ellipse
BitBlt
StretchBlt
SelectObject
SetTextColor
SetBkMode
GetObjectW
SetStretchBltMode
CreateSolidBrush
CreateDIBSection
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetStockObject
RoundRect
SetPolyFillMode
ExcludeClipRect
GdiFlush
CreatePen
Polyline
GetPixel
Polygon
GetDeviceCaps
RestoreDC
CreateFontW
GetTextFaceW
GetTextMetricsW
SaveDC
CreateFontIndirectW
EnumFontFamiliesExW
GetTextExtentPoint32W
Rectangle
SetROP2
CreateHatchBrush
GetBkColor
GetTextColor
SetBkColor

ole32

ReleaseStgMedium
CoCreateGuid
CoInitialize
OleSetMenuDescriptor
CoCreateInstance
CoTaskMemAlloc
OleInitialize
OleUninitialize
OleSave
StringFromGUID2
OleRun
CLSIDFromProgID
OleSetContainedObject
CoTaskMemFree
OleDraw
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayCreate
SafeArrayPtrOfIndex

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ord17

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
PlaySoundW

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptGenRandom
CryptAcquireContextW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptDecrypt
GetUserNameW
RegSetKeySecurity
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext

shell32

DragQueryFileW
SHAppBarMessage
Shell_NotifyIconW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW

Sections

.text
Size: 468KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe42871ff8912bb928dd62980b167abf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

comctl32

version

winmm

comdlg32

advapi32

shell32

Sections

.text Size: 468KB - Virtual size: 464KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 80KB - Virtual size: 119KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 468KB - Virtual size: 464KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 80KB - Virtual size: 119KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB