SC[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SC.zip
Size

320KB
MD5

4f183d89b4da3237f162cfbb64131a20
SHA1

35f69c27fd88a0b9ba97391de17cf40dacfd0c99
SHA256

dbb1edfbdd76bfbbcedc2093f45086c82994bc0032e8d39bac8123c590b6e023
SHA512

08d41c9b26e7fa8c2d3db784c22b85fc72e3d20757f282104d2f9d210de161ead19bf0b9c004cfd55f1a47026c99f6b3ec0084d9c0a39feb024f418f42d5eb01
SSDEEP

6144:AvhjkGFGkv1zEK1QrivAfoW+n5SWVHrH90flp2FIpenfKJdEms4h:A5jjpaK10ivAQWNWV8lp2FUqKJ3sS

Score

N/A

Malware Config

Signatures

Files

SC.zip
.zip
SDKDLL.dll
.dll windows x64

af1314893a1ddad7a1dee1ad8b690696

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:c3:ac:bf:18:dd:e3:13:38:80:49:50:10:45:1a:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/02/2018, 00:00

Not After

21/02/2021, 23:59

Subject

CN=Cooler Master Technology Inc.,O=Cooler Master Technology Inc.,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:61:b3:b8:cc:ca:2e:33:27:a5:46:f0:98:45:de:64:a6:99:77:d3
Signer

Actual PE Digest

69:61:b3:b8:cc:ca:2e:33:27:a5:46:f0:98:45:de:64:a6:99:77:d3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Cooler Master Technology Inc.,O=Cooler Master Technology Inc.,L=New Taipei City,ST=Taiwan,C=TW

29/09/2022, 18:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlPcToFileHeader
ExitProcess
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsA
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
GetTickCount
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
GetOverlappedResult
CreateEventA
TerminateThread
GetExitCodeThread
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
lstrlenA
GetCurrentProcessId
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetProcAddress
GetVersionExA
SetLastError
GlobalFree
GlobalAlloc
SizeofResource
GlobalLock
GlobalUnlock
LocalFree
lstrlenW
WaitForSingleObject
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
GlobalMemoryStatusEx
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FormatMessageW
CreateThread
Sleep
FindResourceW
LoadResource
LockResource
GetEnvironmentStrings

user32

PostQuitMessage
IsWindowEnabled
ShowWindow
SetWindowTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ValidateRect
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClientRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
GetWindowLongW
SetWindowPos
SystemParametersInfoA
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageW
SetCursor
DefWindowProcA
UnregisterDeviceNotification
UnregisterClassA
PostMessageA
RegisterDeviceNotificationA
SendMessageA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetWindowThreadProcessId
UnregisterClassW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
DestroyMenu
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
KillTimer
SetTimer
PostMessageW
EnableWindow
CheckMenuItem
LoadCursorA

gdi32

SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
DeleteObject
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
SetViewportExtEx
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

pdh

PdhAddCounterW
PdhCollectQueryData
PdhGetRawCounterValue
PdhGetFormattedCounterValue
PdhOpenQueryW

hid

HidD_GetHidGuid
HidD_GetPreparsedData
HidD_GetAttributes
HidD_FreePreparsedData
HidP_MaxUsageListLength
HidP_GetSpecificValueCaps
HidP_GetSpecificButtonCaps
HidP_GetCaps

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

shlwapi

PathFindFileNameW
PathFindExtensionW

Exports

Exports

EnableKeyInterrupt
EnableLedControl
GetCM_SDK_DllVer
GetDeviceLayout
GetNowCPUUsage
GetNowTime
GetNowVolumePeekValue
GetRamUsage
IsDevicePlug
RefreshLed
SetAllLedColor
SetControlDevice
SetFullLedColor
SetKeyCallBack
SetLedColor
SwitchLedEffect

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skillful_chiller.exe
.exe windows x64

b89997f3bb96756c951489f701384fac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

sdkdll

SetKeyCallBack
EnableKeyInterrupt
IsDevicePlug

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
ReleaseMutex
ReleaseSRWLockShared
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentProcess
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
SetHandleInformation
WaitForSingleObject
QueryPerformanceCounter
TryAcquireSRWLockExclusive
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleW
FormatMessageW
IsProcessorFeaturePresent
TlsGetValue
TlsSetValue
GetModuleHandleA
GetConsoleMode
WriteConsoleW
InitializeSListHead
GetCurrentThreadId

ws2_32

WSACleanup
connect
WSASocketW
send
WSAGetLastError
WSAStartup
bind
closesocket

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_initterm
_seh_filter_exe
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_get_initial_narrow_environment
_exit
_configure_narrow_argv
exit
_initialize_narrow_environment
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af1314893a1ddad7a1dee1ad8b690696

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

7c:c3:ac:bf:18:dd:e3:13:38:80:49:50:10:45:1a:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

69:61:b3:b8:cc:ca:2e:33:27:a5:46:f0:98:45:de:64:a6:99:77:d3Signer

Signature Validations

Verification

29/09/2022, 18:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

pdh

hid

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 14KB - Virtual size: 37KB

.pdata Size: 16KB - Virtual size: 16KB

shared Size: 512B - Virtual size: 8B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 16KB - Virtual size: 15KB

b89997f3bb96756c951489f701384fac

Headers

DLL Characteristics

File Characteristics

Imports

sdkdll

kernel32

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 512B - Virtual size: 776B

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 1012B

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

7c:c3:ac:bf:18:dd:e3:13:38:80:49:50:10:45:1a:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

69:61:b3:b8:cc:ca:2e:33:27:a5:46:f0:98:45:de:64:a6:99:77:d3
Signer

29/09/2022, 18:53
Valid: false

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 14KB - Virtual size: 37KB

.pdata
Size: 16KB - Virtual size: 16KB

shared
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 512B - Virtual size: 776B

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 1012B