DigitalSide Threat Intel

setup2.exe

First submission 2024-10-12 22:56:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 237.5 KB (243200 bytes)
Compile time: 2023-12-17 18:15:13
MD5: f0342947877c844a5c82cb4bb5fdadad
SHA1: c460f35ed9f2b3fd6172f38c70b6073fffe70f17
SHA256: e93bc7594d1fc8ca1eff0e522b8547e74b3ac33840c55b4f50f69278e4cd8242
Import Hash : 636068238a0ab0df9c8e341eee8428d0
Sections 6 .text .rdata .data .vugud .fay .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 30/77 VT report date: 2024-10-12 22:31:21
Malware Type 2 trojan pua
Threat Type 2 stealerc pwsx

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://di-nai.com/25r43te22tsqsdf/setup2.exe VirusTotal Report di-nai.com VirusTotal Report 2024-10-12 22:56:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x14f6f 86016 427d61a30be02aae351d26b37b90b8c819ae96de f8d0a9d4becd8846b657e5f44f1141fd
.rdata 0x16000 0x2026 8704 4bde3fad66ee62821e5ec826578ca93ca1a53345 6da4b7c2534b0027fef7635e158ee334
.data 0x19000 0x26fff7c 5120 eef7bc15c3a18deaa279059c3fd48f0d97f650e9 50c0dd9d406b2697a593034cdc3cf287
.vugud 0x2719000 0x4400 14336 ef58a812a81ab14549d8f4fb86e9ecb54a5fb723 b211778b80f6d441b6cf61ada776fc6d
.fay 0x271e000 0x2800 10240 34e163be8e43c5631d8b92e9c43ab0bf0fa62b9c 1276481102f218c981e0324180bafd9f
.rsrc 0x2721000 0x1cac0 117760 fc82fcaf35ec366c6a4e47327becd8f8fc6175b0 0267d5c30b13ca618b1ccdaa9189f178

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_TURKISH SUBLANG_DEFAULT 0x2737f60 1128
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x273da98 38
RT_GROUP_ICON LANG_TURKISH SUBLANG_DEFAULT 0x2731ba0 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x2738440 436

Meta infos 5

ProductVersion: 4.50.87.53
Translation: 0x0409 0x0548
FileVersions: 40.52.51.70
LegalCopyrights: Stone
CompanyName: Juicet

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 4

GetLastError
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
USER32.dll
MSIMG32.dll

Strings analysis - Possible IPs found 2

40.52.51.70
4.50.87.53

Import functions

Function Address Souspicious Anti Debug
ClearEventLogW 0x416000
Function Address Souspicious Anti Debug
GetConsoleAliasExesLengthA 0x416008
DeleteVolumeMountPointA 0x41600c
OpenJobObjectA 0x416010
ReadConsoleA 0x416014
InterlockedDecrement 0x416018
GlobalSize 0x41601c
SetDefaultCommConfigW 0x416020
InterlockedCompareExchange 0x416024
GetComputerNameW 0x416028
SetEvent 0x41602c
GetNumaAvailableMemoryNode 0x416030
FreeEnvironmentStringsA 0x416034
GetModuleHandleW 0x416038
GetConsoleAliasesLengthA 0x41603c
SetCommState 0x416040
GetConsoleWindow 0x416044
ReadConsoleOutputW 0x416048
GetVersionExW 0x41604c
GetStringTypeExW 0x416050
HeapDestroy 0x416054
GetFileAttributesA 0x416058
GetTimeFormatW 0x41605c
SearchPathW 0x416060
GetBinaryTypeA 0x416064
DisconnectNamedPipe 0x416068
LCMapStringA 0x41606c
GetLastError 0x416070
GetProcAddress 0x416074
MoveFileW 0x416078
SetStdHandle 0x41607c
GetNumaHighestNodeNumber 0x416080
LoadLibraryA 0x416084
LocalAlloc 0x416088
WritePrivateProfileStringA 0x41608c
QueryDosDeviceW 0x416090
GetModuleFileNameA 0x416094
BuildCommDCBA 0x416098
FatalAppExitA 0x41609c
GetShortPathNameW 0x4160a0
SetCalendarInfoA 0x4160a4
FindAtomW 0x4160a8
SetConsoleMode 0x4160ac
PulseEvent 0x4160b0
HeapAlloc 0x4160b4
MultiByteToWideChar 0x4160b8
Sleep 0x4160bc
ExitProcess 0x4160c0
GetCommandLineA 0x4160c4
GetStartupInfoA 0x4160c8
TerminateProcess 0x4160cc
GetCurrentProcess 0x4160d0
UnhandledExceptionFilter 0x4160d4
SetUnhandledExceptionFilter 0x4160d8
IsDebuggerPresent 0x4160dc
DeleteCriticalSection 0x4160e0
LeaveCriticalSection 0x4160e4
EnterCriticalSection 0x4160e8
HeapFree 0x4160ec
VirtualFree 0x4160f0
VirtualAlloc 0x4160f4
HeapReAlloc 0x4160f8
HeapCreate 0x4160fc
WriteFile 0x416100
GetStdHandle 0x416104
GetCPInfo 0x416108
InterlockedIncrement 0x41610c
GetACP 0x416110
GetOEMCP 0x416114
IsValidCodePage 0x416118
TlsGetValue 0x41611c
TlsAlloc 0x416120
TlsSetValue 0x416124
TlsFree 0x416128
SetLastError 0x41612c
GetCurrentThreadId 0x416130
InitializeCriticalSectionAndSpinCount 0x416134
GetEnvironmentStrings 0x416138
FreeEnvironmentStringsW 0x41613c
WideCharToMultiByte 0x416140
GetEnvironmentStringsW 0x416144
SetHandleCount 0x416148
GetFileType 0x41614c
QueryPerformanceCounter 0x416150
GetTickCount 0x416154
GetCurrentProcessId 0x416158
GetSystemTimeAsFileTime 0x41615c
RtlUnwind 0x416160
LCMapStringW 0x416164
GetStringTypeA 0x416168
GetStringTypeW 0x41616c
GetLocaleInfoA 0x416170
HeapSize 0x416174