rasppp.pdb
Behavioral task
behavioral1
Sample
Setup-pass-2024/Setup.exe
Resource
win7-20240508-en
windows7-x64
38 signatures
120 seconds
Behavioral task
behavioral2
Sample
Setup-pass-2024/Setup.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
38 signatures
120 seconds
General
-
Target
Setup-pass-2024.zip
-
Size
220.1MB
-
MD5
4492dd761c82f68cd73b6251526cfa2f
-
SHA1
369ec52dbaa9bb23239a72da30e05dcba44ec1ee
-
SHA256
0f03e2c3dd7ee9b656858db0aa799d3488dcce581d3f0ca03ee76b198f900432
-
SHA512
dff81194294aeb055e9deae39a0da4d21baba9b8eb9fd8a206980c206a5f56931795b2afc603711f2cfb092332136b92b62d4b6d1f1765f1540c99678cbf3d9a
-
SSDEEP
6291456:AtpmBQZgKhVsT38T19Ml6SmxXpco3IB6pMfvVqmM:+pmBOgQiTu2Arx513IB6MvVqmM
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/Setup-pass-2024/Setup.exe themida -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Setup-pass-2024/Engine.dll unpack001/Setup-pass-2024/Setup.exe unpack001/Setup-pass-2024/data0.bin
Files
-
Setup-pass-2024.zip.zip
-
Setup-pass-2024/Engine.dll.dll windows:10 windows x86 arch:x86
36f8d9de1f40b0b25d61ecca3a798822
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
memcpy
_except_handler4_common
memcmp
_initterm
malloc
free
_amsg_exit
_XcptFilter
atol
_ltoa
wcschr
atoi
memcpy_s
mbstowcs
strtok
isdigit
_stricmp
_vsnprintf
iswctype
_vsnwprintf
strstr
rand
time
srand
_itoa_s
wcsstr
_wcslwr
strchr
_wcsicmp
_strnicmp
memset
ntdll
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlIpv6StringToAddressA
RtlTimeToSecondsSince1970
RtlLocalTimeToSystemTime
RtlTimeFieldsToTime
RtlGetVersion
RtlGetNtProductType
RtlNtStatusToDosError
RtlQueueWorkItem
RtlInitUnicodeString
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
HeapCreate
HeapFree
api-ms-win-core-heap-l2-1-0
LocalReAlloc
LocalFree
LocalAlloc
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
WaitForMultipleObjectsEx
CreateEventA
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
SetEvent
EnterCriticalSection
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventWriteTransfer
api-ms-win-core-registry-l1-1-0
RegQueryValueExA
RegEnumKeyExA
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExA
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetProcAddress
LoadLibraryExA
DisableThreadLibraryCalls
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsA
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-processthreads-l1-1-0
ExitThread
TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess
api-ms-win-core-sysinfo-l1-1-0
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetWindowsDirectoryA
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
dsrole
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
Sleep
ws2_32
htonl
ntohl
inet_addr
rpcrt4
UuidCreate
netutils
NetApiBufferFree
wkscli
NetWkstaTransportEnum
crypt32
CryptProtectData
CryptUnprotectData
dnsapi
DnsSetConfigDword
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameA
api-ms-win-core-registry-l2-1-0
RegCreateKeyW
RegOpenKeyA
api-ms-win-core-string-obsolete-l1-1-0
lstrlenA
lstrlenW
cryptsp
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
rasapi32
RasSetEapUserDataAEx
rtutils
TraceDeregisterExA
TraceDeregisterA
LogEventW
TraceVprintfExA
RouterLogEventA
RouterLogEventStringA
RouterLogDeregisterA
RouterLogEventW
RouterLogRegisterA
TraceRegisterExA
eappcfg
EapHostPeerGetMethods
EapHostPeerQueryUIBlobFromInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields
EapHostPeerFreeErrorMemory
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerFreeMemory
eappprxy
EapHostPeerBeginSession
EapHostPeerFreeEapError
EapHostPeerEndSession
EapHostPeerProcessReceivedPacket
EapHostPeerSetUIContext
EapHostPeerSetResponseAttributes
EapHostPeerGetSendPacket
EapHostPeerGetUIContext
EapHostPeerGetResponseAttributes
EapHostPeerClearConnection
EapHostPeerGetResult
rasman
RasPortSend
RasGetBuffer
RasInitializeNoWait
RasBundleGetPort
RasPortGetStatisticsEx
RasDeAllocateRoute
RasPortGetBundle
RasSendProtocolResultToRasman
RasGetPortUserData
RasPortSetFramingEx
RasGetFramingCapabilities
RasSetConnectionUserData
RasActivateRoute
RasPortGetProtocolCompression
RasGetTimeSinceLastActivity
RasCompressionGetInfo
RasGetInfo
RasPortCancelReceive
RasPortSetProtocolCompression
RasFreeBuffer
RasGetConnectInfo
RasAllocateRoute
RasAllocInterfaceLuidIndex
RasUpdateDefaultRouteSettings
RasPortBundle
RasSetEapInfo
RasPortConnectComplete
RasPortDisconnect
RasPortClose
RasProtocolStart
RasPortSetFraming
RasCompressionSetInfo
RasFreeInterfaceLuidIndex
RasProtocolStarted
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
iphlpapi
GetAdaptersInfo
GetPerAdapterInfo
GetIpForwardTable
DeleteIpForwardEntry
SetIpForwardEntry
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetIpAddrTable
GetCurrentThreadCompartmentId
ConvertIpv4MaskToLength
SetCurrentThreadCompartmentId
api-ms-win-security-lsapolicy-l1-1-0
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LsaFreeMemory
nsi
NsiGetParameterEx
NsiGetParameter
NsiSetAllParametersEx
NsiGetAllParametersEx
dhcpcsvc
DhcpRequestParams
Exports
Exports
InitializeProtocolEngine
InitializeServerProtocolEngine
PppStop
RasCpEnumProtocolIds
RasCpGetInfo
SendMessageToProtocolEngine
UninitializeProtocolEngine
UninitializeServerProtocolEngine
Sections
.text Size: 252KB - Virtual size: 251KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Setup-pass-2024/Setup.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 382KB - Virtual size: 716KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 59KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 16KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 81KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
Setup-pass-2024/Setup.ini
-
Setup-pass-2024/SxsMigPlugin.dll
-
Setup-pass-2024/addins/FXSEXT.ecf
-
Setup-pass-2024/bcastdvr/KnownGameList.bin
-
Setup-pass-2024/bcastdvr/broadcastpause720.h264
-
Setup-pass-2024/data0.bin.exe windows:5 windows x86 arch:x86
75e9596d74d063246ba6f3ac7c5369a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Imports
kernel32
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
oleaut32
SysAllocString
SysFreeString
VariantClear
gdiplus
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree
Sections
.text Size: 209KB - Virtual size: 209KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didat Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Setup-pass-2024/sxs.dll