Setup.exe

First submission 2024-07-08 21:07:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 7439.85 KB (7618408 bytes)
Compile time: 2010-11-18 17:27:35
MD5: 59a192a7b85f4bb5796c53cc450caf2c
SHA1: 1f329b3b015e418ebbc3a9f04a368175f9bd43e6
SHA256: 8c9f30c5ff0cd331a91ca2b8ae77c7c97b5fc9aac4847c852327fb9edde62864
Import Hash : 3786a4cf8bfee8b4821db03449141df4
Sections 5 .text .rdata .data .sxdata .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 28/78 VT report date: 2024-07-08 17:25:15
Malware Type 2 trojan adware
Threat Type 3 fragtor neoreklami lolbas

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.208.158.220/Setup.exe VirusTotal Report 185.208.158.220 VirusTotal Report 2024-07-08 21:07:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x199ea 104960 b89caf4e5d6b26ae7c31f5883bd6f65b800c62ec 8c9346b8cd91e8d7aa2e1586eb1a1b30
.rdata 0x1b000 0x4494 17920 8e65f609c6e46e1579e4425c2a811297bff84fce 5e256dc61db6deff01801e77de19d038
.data 0x20000 0x5a48 12800 3565d4fb3481e36dff2b69d356a4d6d0ad3506c5 1d347e5500f0d4c5672ba18282b866f7
.sxdata 0x26000 0x4 512 1f070e9dfbda0054d1a843e803e1a254701be02a 35925cfdc1176bd9ffc634a58b40ec17
.rsrc 0x27000 0xa60 3072 32fa54f71be865fcda3f2b82b6038fb0bcaac31e 15b778458bddf6a5e737deb25d49987d

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x27788 296
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x278d8 184
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x27a28 52
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x278b0 34
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x271e0 700

Meta infos 9

LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
InternalName: 7zS.sfx
FileVersion: 9.20
CompanyName: Igor Pavlov
ProductVersion: 9.20
FileDescription: 7z Setup SFX
Translation: 0x0409 0x04b0
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 4

GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
SHELL32.dll
KERNEL32.dll
USER32.dll
OLEAUT32.dll

Import functions

Name Latest seen MD5
setup.exe 2022-11-27 18:47:02 abe1184a91bfc02228607e5106d763bf
setup.exe 2022-12-17 10:03:03 4e52588190d37aed06491ad181127297
setup.exe 2022-12-29 09:38:04 1b1ace6ab23624a26497452da6b638a3
setup.exe 2023-01-19 14:27:04 69d127fcb2857e43c2db4087ef778cad
setup.exe 2023-01-27 15:40:03 3f0479c88a072eeef99a3590a29a6ca6
setup.exe 2023-01-30 14:00:03 92c0996c97527b791426e1f3b4145350
setup.exe 2023-02-02 07:33:02 29b35e7b8ce6e9d4994548b6ae9d7e61
setup1.exe 2023-02-11 13:40:21 077be46122f96f02e6469f0b6c5b45f6
setup.exe 2023-03-06 03:23:03 6c90f326b77edcf77d13883968067754
setup.exe 2023-05-11 17:54:02 54e5447517c883ded154b44a07b4eb95
setup.exe 2023-05-15 13:11:05 b12b179341e1602735bb761f6aea1bd7
setup.exe 2024-05-30 14:17:03 08063da816c5db77ce64807c4ec2f7e8
setup.exe 2024-05-31 21:26:02 661cb52bd795368ede863c2617c82d8c
setup.exe 2024-06-01 06:46:02 164c148b75b53629c32ba292b3e7f607
setup.exe 2024-06-01 08:22:03 c1db57a8c24f06ba61cff417fe53aefb
setup.exe 2024-06-26 17:33:03 cfbb24b1560d315b0900d64e87f63ae0
setup.exe 2024-07-04 14:01:03 b8ba3a8fd9caf2b99b258b53b6e69419
setup.exe?ex=66896d11&is=66881b91&hm=8f3be60d274c9335372b415fa45591ec0592ad2ad287c8a8906543da864f51b9& 2024-07-05 18:48:02 6b189fc6ddde33cba5c63e1dfec82b2a
setup.exe?ex=66896860&is=668816e0&hm=b19b39845a6b7195b6efc5079e481e8b8c6dd57523526e9436cd1a7136e8e38b& 2024-07-05 19:49:07 0bab6b8674a4543a3621987e444e6825