Setup2.exe
First submission 2024-09-02 04:35:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 6495.34 KB (6651227 bytes) |
Compile time: | 2024-08-16 16:43:57 |
MD5: | 37263ede84012177cab167dc23457074 |
SHA1: | 5905e3b2db8ff152a7f43f339c053e1d43b44dfc |
SHA256: | 9afd9e70b6f166cfc6de30e206dff5963073a6faeff5bcc93ee131df79894fc2 |
Import Hash : | 92a00f4d0a4448266e9c638fdb1341b9 |
Sections 18 | .text .data .rdata /4 .bss .edata .idata .CRT .tls .reloc /14 /29 /41 /55 /67 /80 /91 /102 |
Directories 4 | import export tls relocation |
File features detected
Signed
XOR
OSINT Enrichments
Virus Total: | 53/79 VT report date: 2024-08-26 09:36:57 |
Malware Type 1 | trojan |
Threat Type 3 | cryptbot stealer cryptnot |
URLs, FQDN and IP indicators 1
PE Sections 3 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x47da24 | 4709376 | 1ca9d52ce1a8eb456ff4085b3da6f2ef3f95cb02 | 46f0747e5398871426bb7b18008cac90 | |
.data | 0x47f000 | 0x1988 | 6656 | 9b4b3f742c659157257f1dbdfd586435f5b51ba0 | 88750a2553822943af47dce6f7e6678a | |
.rdata | 0x481000 | 0x9858 | 39424 | 1426f8d86303ee917d12654ab8cf11fc6c8bf00a | d91b0819aecfd62617b80a163864c649 | |
/4 | 0x48b000 | 0x3a89c | 240128 | dcafffdfac79e310c300ee7da14fc798155dd375 | 60605cc7e9299d6194231fce078de3b2 | |
.bss | 0x4c6000 | 0x66e1b4 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.edata | 0xb35000 | 0x42 | 512 | b2deb4cacfc1cd3e627efcb2163e53be9cc528f4 | 2bc92a4aaa9233fcf652e9c1284b341a | |
.idata | 0xb36000 | 0x9e4 | 2560 | 654d4f5bf4b87060b12cc2f67b1ea5597eb477d5 | b1228e1778cee4a27a9695b10b9a20a3 | |
.CRT | 0xb37000 | 0x34 | 512 | a58d8ce3769756dea67f6f84aec3ba938c6103a7 | 732f396854e5023ba4e2913660c241cd | |
.tls | 0xb38000 | 0x8 | 512 | 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 | bf619eac0cdf3f68d496ea9344137e8b | |
.reloc | 0xb39000 | 0xe253c | 927232 | 079ddf49428a535f8546ed8cc67dda7c47c47b0e | 044015bc9b143b81499d125973bdeeea | |
/14 | 0xc1c000 | 0x690 | 2048 | 50d3857e0b5bcd4200030177ffe4231a197f5f29 | 94ca038fad4664166af1196f0a717029 | |
/29 | 0xc1d000 | 0x1a7c4 | 108544 | 50826c3ea5d56b312586935e21981cb61d836bb8 | 56ba4804c4d83a56337ff28318d29d21 | |
/41 | 0xc38000 | 0x4c58 | 19968 | fb6ead9a0e642a028053a8961438bfa38bf25b29 | c272f07e704eb90e2b6c4c9bad844e11 | |
/55 | 0xc3d000 | 0xe342 | 58368 | 16543d4b2ae4aba5aa329892c3e2a316683d1a94 | d39686b489a93cc4870fb4b0f4cf3c09 | |
/67 | 0xc4c000 | 0x1d54 | 7680 | 894587ed6d3d8572dc6af48c7c44cb5591ea6fa5 | 88ca0279c1622da4e6e9d7fbccb1d09b | |
/80 | 0xc4e000 | 0x961 | 2560 | 5f2f92f9b72b2e930692b83babedcc49bf76f473 | 9109961d3d1231997c8aa80b9ef91e44 | |
/91 | 0xc4f000 | 0x18b05 | 101376 | 4e16e7e77ef3736928886a32c2a4472f5fa9f104 | 61331789fad328be2cd11ec960abac21 | |
/102 | 0xc68000 | 0x11c0 | 4608 | 00bbc1be3808524e04d2188a8e429639cf719222 | acb9037b7b793eae32ab82637f1d257e |
Anti debug functions 1
GetLastError |
Anti debug functions 1
VMCheck.dll |
Strings analysis - File found
Data |
wallet.dat |
Database |
key4.db |
key3.db |
Library |
MSVCRT.dll |
emsvcrt.dll |
SHELL32.dll |
KERNEL32.dll |
libgcc_s_dw2-1.dll |
gdhiseUGdkaaPtjfUmTn.dll |
Strings analysis - Possible URLs found 1
https://update-ledger.net/update |
Import functions
PE Exports 1 suspicious
Function | Address |
---|---|
Main | 0x53814a |
Name | Latest seen | MD5 |
---|---|---|
1111.exe | 2024-08-25 13:19:03 | d2f4d9f256c7535760e18337e4076d9c |
Set-up.exe | 2024-08-25 18:47:06 | ee1442544088c8a6ac94e0a849cbcce2 |
channel.exe | 2024-08-25 20:41:08 | 51dd8d9912686daa950d583dad0aa631 |
S%D0%B5tu%D1%80111.exe | 2024-08-26 13:24:05 | 9436c63eb99d4933ec7ffd0661639cbe |
Channel1.exe | 2024-08-27 11:03:04 | 703bea610f53655fa0014b93f0fa4b7e |
clcs.exe | 2024-08-27 11:24:04 | 5f5eb3caf593e33ff2fd4b82db11084a |
joffer2.exe | 2024-08-31 16:14:04 | 243fc7bd91c9718a35f0d32303055695 |