DigitalSide Threat Intel

setup3.exe

First submission 2024-10-13 13:05:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 288.0 KB (294912 bytes)
Compile time: 2023-12-18 05:14:24
MD5: 5b1dd11863c1347d4c2a4c21d1a47a45
SHA1: 8e5b69e075739ee17dd6fc9298e34144454a4347
SHA256: 1048b6aba5a804ab3ed6aa22950cb76b446ea306eeff4ae2012d197a2178dd8e
Import Hash : 67def8961050d10da5ff74312b7f0aec
Sections 6 .text .rdata .data .zek .lelidi .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 25/77 VT report date: 2024-10-13 12:43:40
Malware Type 3 trojan pua virus
Threat Type 1 convagent

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://erhonics.cc/er1hrthnr/setup3.exe VirusTotal Report erhonics.cc VirusTotal Report 2024-10-13 13:05:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x14eff 86016 39e0a0d98abeeb6a6b81262bf4694a8718b90ad9 b22432fbd0642c5e86d74cf8c4280def
.rdata 0x16000 0x2076 8704 65e59d788a9612e2587457747de5e1d9b91f77e4 46cf41c7a1839cbcb485b4a6636a5d18
.data 0x19000 0x26fff7c 5120 e1dbeb17b6b9ac885445821c5cedb8e636849f30 0182d82aaeeeca1c0fbdff93c0062d2a
.zek 0x2719000 0x4400 14336 ef58a812a81ab14549d8f4fb86e9ecb54a5fb723 b211778b80f6d441b6cf61ada776fc6d
.lelidi 0x271e000 0x2800 10240 34e163be8e43c5631d8b92e9c43ab0bf0fa62b9c 1276481102f218c981e0324180bafd9f
.rsrc 0x2721000 0x29538 169472 51542c14ee79e580d80c1b36906f44aba1a6d317 6a52e3aa1b3fbb6451949275ba9ae810

PE Resources 7

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x273f0a8 2
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x27428e8 9640
RT_ICON LANG_TURKISH SUBLANG_DEFAULT 0x273ebc8 1128
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x274a510 38
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x2744e90 34
RT_GROUP_ICON LANG_TURKISH SUBLANG_DEFAULT 0x2738808 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x2744eb8 436

Meta infos 5

ProductVersion: 45.98.0.21
Translation: 0x0409 0x0548
FileVersions: 40.52.51.70
LegalCopyrights: Stone
CompanyName: Juicet

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 4

GetLastError
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
USER32.dll
MSIMG32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

45.98.0.21
40.52.51.70

Import functions

Function Address Souspicious Anti Debug
ClearEventLogW 0x416000
Function Address Souspicious Anti Debug
OpenJobObjectA 0x416010
ReadConsoleA 0x416014
InterlockedDecrement 0x416018
GlobalSize 0x41601c
SetDefaultCommConfigW 0x416020
QueryDosDeviceA 0x416024
InterlockedCompareExchange 0x416028
GetComputerNameW 0x41602c
SetEvent 0x416030
GetNumaAvailableMemoryNode 0x416034
FreeEnvironmentStringsA 0x416038
GetModuleHandleW 0x41603c
GetConsoleAliasesLengthA 0x416040
SetCommState 0x416044
GetConsoleWindow 0x416048
ReadConsoleOutputW 0x41604c
GetVersionExW 0x416050
GetStringTypeExW 0x416054
HeapDestroy 0x416058
GetFileAttributesA 0x41605c
GetTimeFormatW 0x416060
DeleteVolumeMountPointA 0x416064
GetFileAttributesW 0x416068
GetBinaryTypeA 0x41606c
DisconnectNamedPipe 0x416070
LCMapStringA 0x416074
GetLastError 0x416078
GetProcAddress 0x41607c
MoveFileW 0x416080
SetStdHandle 0x416084
GetNumaHighestNodeNumber 0x416088
LoadLibraryA 0x41608c
LocalAlloc 0x416090
WritePrivateProfileStringA 0x416094
GetModuleFileNameA 0x416098
BuildCommDCBA 0x41609c
FatalAppExitA 0x4160a0
GetShortPathNameW 0x4160a4
SetCalendarInfoA 0x4160a8
FindAtomW 0x4160ac
SearchPathW 0x4160b0
GetConsoleAliasExesLengthA 0x4160b4
SetConsoleMode 0x4160b8
PulseEvent 0x4160bc
HeapAlloc 0x4160c0
MultiByteToWideChar 0x4160c4
Sleep 0x4160c8
ExitProcess 0x4160cc
GetCommandLineA 0x4160d0
GetStartupInfoA 0x4160d4
TerminateProcess 0x4160d8
GetCurrentProcess 0x4160dc
UnhandledExceptionFilter 0x4160e0
SetUnhandledExceptionFilter 0x4160e4
IsDebuggerPresent 0x4160e8
DeleteCriticalSection 0x4160ec
LeaveCriticalSection 0x4160f0
EnterCriticalSection 0x4160f4
HeapFree 0x4160f8
VirtualFree 0x4160fc
VirtualAlloc 0x416100
HeapReAlloc 0x416104
HeapCreate 0x416108
WriteFile 0x41610c
GetStdHandle 0x416110
GetCPInfo 0x416114
InterlockedIncrement 0x416118
GetACP 0x41611c
GetOEMCP 0x416120
IsValidCodePage 0x416124
TlsGetValue 0x416128
TlsAlloc 0x41612c
TlsSetValue 0x416130
TlsFree 0x416134
SetLastError 0x416138
GetCurrentThreadId 0x41613c
InitializeCriticalSectionAndSpinCount 0x416140
GetEnvironmentStrings 0x416144
FreeEnvironmentStringsW 0x416148
WideCharToMultiByte 0x41614c
GetEnvironmentStringsW 0x416150
SetHandleCount 0x416154
GetFileType 0x416158
QueryPerformanceCounter 0x41615c
GetTickCount 0x416160
GetCurrentProcessId 0x416164
GetSystemTimeAsFileTime 0x416168
RtlUnwind 0x41616c
LCMapStringW 0x416170
GetStringTypeA 0x416174
GetStringTypeW 0x416178
GetLocaleInfoA 0x41617c
HeapSize 0x416180
Function Address Souspicious Anti Debug
GetBoundsRect 0x416008