sai2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sai2.exe
Size

4.8MB
MD5

51a97091a6b0da5899cab7cb4697b133
SHA1

1f43a3347f72315cd849aaca9fa291ef4de47f19
SHA256

43a0eada0695f79c1ad63a3777e0ef65faa47b0b7cbc5851ddd071c4cba9cfe8
SHA512

d8a88e14924c670026c0e779792435cd1d5a8d8e8c43ea4fd4e973cfe32fe31768d2eea5fd1f55e4195792f6361771460f876e78f289a2cbbdcabc68389b5e16
SSDEEP

49152:CZHFiH8PNDpo7nw35ue0O9pXC7f8gk3G4il7qTu0c:QHFicPNDpo7nw35JFoIG4il7H

Score

N/A

Malware Config

Signatures

Files

sai2.exe
.exe windows x86

007d8d91a63150d7823269613e11aec4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
DeleteFileW
CreateFileW
Sleep
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
FileTimeToSystemTime
GetFileAttributesW
CompareFileTime
CompareStringW
GetPrivateProfileIntW
ReleaseSemaphore
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
FileTimeToLocalFileTime
SwitchToThread
GetPrivateProfileStringW
CreateMutexW
GetLastError
GetProcAddress
CloseHandle
GetDiskFreeSpaceExW
lstrlenA
ReadFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentProcess
SetPriorityClass
GlobalLock
GlobalUnlock
GetTickCount
GetCurrentThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointerEx
WriteFile
FlushFileBuffers
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
SetEvent
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualAlloc
VirtualFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualQuery
FreeLibrary
SetFilePointer
GetFileSize
FormatMessageW
LoadLibraryW
RaiseException
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GlobalMemoryStatusEx
SetThreadAffinityMask
ResetEvent
GetProcessAffinityMask
WaitForMultipleObjects
ResumeThread
CreateEventW
CreateSemaphoreW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
DeviceIoControl
SetFileTime
SetEndOfFile
FlushViewOfFile
MoveFileW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
GetDriveTypeW
DebugBreak
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetVersionExW
GetCPInfo
GetSystemInfo
HeapFree
RtlUnwind
GetCommandLineA
GetStartupInfoA
VirtualProtect
HeapAlloc
ExitThread
CreateThread
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

ReleaseCapture
DrawIconEx
DestroyIcon
DefWindowProcW
SetWindowLongW
GetSystemMenu
MoveWindow
SystemParametersInfoW
GetWindowRect
AdjustWindowRectEx
CreateWindowExW
GetSystemMetrics
DrawTextW
FillRect
GetWindowLongW
GetMessageW
EnableWindow
RegisterClassExW
GetSysColor
RedrawWindow
MapWindowPoints
SetLayeredWindowAttributes
FrameRect
GetClientRect
GetPropW
SetPropW
MonitorFromWindow
CreatePopupMenu
SetMenuInfo
CreateMenu
GetScrollPos
SetScrollInfo
SetScrollRange
SetScrollPos
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
CheckMenuItem
ClientToScreen
SetWindowRgn
GetMonitorInfoW
MonitorFromRect
IsZoomed
GetNextDlgTabItem
IsChild
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
EnumChildWindows
SetWindowPlacement
SetParent
GetClassLongW
ScreenToClient
GetDC
LoadIconW
SendInput
PostThreadMessageW
mouse_event
MessageBoxW
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
CreateCaret
LoadCursorW
GetAncestor
GetWindowDC
ReleaseDC
GetWindowPlacement
GetKeyState
DestroyMenu
SetCursor
SetWindowPos
MessageBeep
GetParent
SetActiveWindow
BeginPaint
EndPaint
RegisterClipboardFormatW
SetFocus
ShowWindow
ReplyMessage
SetForegroundWindow
GetMenuInfo
IsIconic
DestroyWindow
PostQuitMessage
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
DeleteMenu
AppendMenuW
InsertMenuItemW
GetCapture
GetFocus
SendMessageW
GetAsyncKeyState
SetTimer
KillTimer
PeekMessageW
TranslateMessage
DispatchMessageW
EnumThreadWindows
UpdateWindow
PostMessageW
MsgWaitForMultipleObjects
SetCapture
WaitMessage
ScrollWindowEx
ChildWindowFromPointEx
GetDlgItem

gdi32

CreateRectRgn
BitBlt
ExtSelectClipRgn
OffsetClipRgn
SelectClipRgn
DeleteDC
DeleteObject
CreateSolidBrush
SelectObject
CreateDIBSection
CreateCompatibleBitmap
GetCurrentObject
CreateCompatibleDC
SetTextColor
GetDeviceCaps
ExtTextOutW
GetCharacterPlacementW
GetGlyphOutlineW
GetTextMetricsW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextExtentExPointW
CreateRectRgnIndirect
ExtCreateRegion
CombineRgn
GetRegionData
CreateDIBitmap
EnumFontFamiliesExW
GetStockObject
RectVisible
SetBkMode
SetBkColor
SetDIBitsToDevice

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetSpecialFolderLocation
ord21
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHGetSettings
SHGetFileInfoW
DragQueryFileW
DragFinish
DragAcceptFiles
SHFileOperationW
SHGetDataFromIDListW

ole32

CoTaskMemFree
StringFromIID
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
RegisterDragDrop
RevokeDragDrop
DoDragDrop

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx

comctl32

ImageList_GetIconSize
ImageList_GetIcon

shlwapi

PathCanonicalizeW
StrRetToBufW
PathIsRelativeW

rpcrt4

UuidCreate

advapi32

FreeSid
RegQueryValueExW
RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegOpenKeyExW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.appskin
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.srclibs
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

007d8d91a63150d7823269613e11aec4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

imm32

comctl32

shlwapi

rpcrt4

advapi32

oleaut32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.code Size: 2KB - Virtual size: 2KB

.rdata Size: 407KB - Virtual size: 407KB

.data Size: 22KB - Virtual size: 172KB

.shared Size: 512B - Virtual size: 4B

.appskin Size: 1.9MB - Virtual size: 1.9MB

.tls Size: 2KB - Virtual size: 2KB

.srclibs Size: 390KB - Virtual size: 390KB

.rsrc Size: 289KB - Virtual size: 288KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.code
Size: 2KB - Virtual size: 2KB

.rdata
Size: 407KB - Virtual size: 407KB

.data
Size: 22KB - Virtual size: 172KB

.shared
Size: 512B - Virtual size: 4B

.appskin
Size: 1.9MB - Virtual size: 1.9MB

.tls
Size: 2KB - Virtual size: 2KB

.srclibs
Size: 390KB - Virtual size: 390KB

.rsrc
Size: 289KB - Virtual size: 288KB