Sai[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Sai.exe
Size

1.6MB
MD5

f8840c6ce81203775f436c7533a5448a
SHA1

236d89fb9c1517b2aca6c135792ad1d40bb24326
SHA256

91e5c38110ba2dace3d4d20b8f12f62c01af417c4d27873b36aff393cb6df6c3
SHA512

4c0944e883823904800ea99e2ebd8f73616af55f9efdf760e553fa4ee90dd419d6e23b1425609ca57e782c91dcb9cfb2cd6ac8a2c3191c503fbef476c9b14403
SSDEEP

24576:PjNgYD3KIzDlXdXYawBqUqS54iO+QAh76cINTRNCvo5N7QJ:BnHf9+QAYTTAo

Score

N/A

Malware Config

Signatures

Files

Sai.exe
.exe windows x86

b7006ec13967c8724f3605f407b925d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
FlushFileBuffers
GetFileInformationByHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GlobalMemoryStatus
GetCurrentProcess
LocalFree
LocalAlloc
GetSystemDirectoryA
InterlockedDecrement
GetLocalTime
WaitForSingleObject
RaiseException
UnmapViewOfFile
GetLongPathNameA
GetCurrentThread
WaitForMultipleObjects
GetWindowsDirectoryA
MapViewOfFile
SystemTimeToFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
GetSystemInfo
GetDiskFreeSpaceExA
GetFileSize
DeleteFileA
GetTempFileNameA
GetFileAttributesA
ExitProcess
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetDriveTypeA
GlobalUnlock
FindNextFileA
FindClose
CompareFileTime
lstrlenA
GetStartupInfoA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
CreateFileMappingA
WriteFile
LoadLibraryA
GetProcAddress
MultiByteToWideChar
FindResourceA
GlobalLock
GlobalAlloc
GlobalFree
WideCharToMultiByte
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
MoveFileA
ReadFile
DeviceIoControl
CreateFileA
VirtualAlloc
VirtualFree
CloseHandle
GetLogicalDrives
GetVolumeInformationA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateDirectoryA
GetLastError
FindFirstFileA

user32

SetWindowPos
GetPropA
DispatchMessageA
TranslateMessage
GetMessageA
LoadMenuA
SetFocus
GetWindow
GetKeyState
GetFocus
GetAncestor
GetParent
GetDC
SendMessageA
ScreenToClient
EnumChildWindows
wsprintfA
ReleaseDC
EnumThreadWindows
ClientToScreen
SetForegroundWindow
PostMessageA
MessageBeep
PeekMessageA
LoadImageA
DrawIconEx
ReleaseCapture
SetCapture
ScrollWindowEx
DestroyMenu
GetCursorPos
AppendMenuA
CreatePopupMenu
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
CreateCaret
GetWindowPlacement
SetWindowPlacement
GetCursor
GetWindowThreadProcessId
DestroyWindow
SystemParametersInfoA
IsIconic
ScrollDC
IsWindowVisible
EndPaint
BeginPaint
GetUpdateRgn
EnableMenuItem
GetWindowRect
ShowWindow
GetSystemMetrics
GetDlgItem
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SetMenuItemInfoA
GetMenuItemInfoA
CheckMenuItem
DeleteMenu
IsClipboardFormatAvailable
ReplyMessage
IsWindowEnabled
IsZoomed
InsertMenuA
GetSystemMenu
CreateMenu
SetPropA
RemovePropA
WindowFromPoint
GetClipboardData
MessageBoxA
SetCursor
GetCapture
LoadCursorA

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetObjectA
GetTextExtentPoint32A
GetTextMetricsA
LineTo
MoveToEx
SetBkColor
SetBkMode
CreatePen
SetDIBitsToDevice
CreateCompatibleBitmap
OffsetRgn
CreateRectRgn
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

GetUserNameA
GetNamedSecurityInfoA
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragAcceptFiles
SHGetFileInfoA
SHGetPathFromIDListA
DragFinish
SHFileOperationA
DragQueryFileA
SHGetDataFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderPathA
SHBrowseForFolderA

ole32

DoDragDrop
CoTaskMemFree
CoCreateInstance
CoUninitialize
RevokeDragDrop
CoInitializeSecurity
CoInitializeEx
CoInitialize
RegisterDragDrop
CoSetProxyBlanket
ReleaseStgMedium
OleDuplicateData

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

sfl

splitbar_setrange
splitbar_create
win_tooltip
label
win_deferpos
win_getdwp
splitbar_getnewrc
win_getwd
imgbtn_create
checkbox_getstate
treebox_showitem
treebox_openitem
treebox_setsel
ti_tnext
ti_top
ti_destroy
ti_additemex
ti_additem
ti_create
ui_setproc
gc_unlock
gc_strsz
bs_lock
gc_fill_rc
gc_putsex
gc_puts
trackbar_getval
trackbar_setval
trackbar_setrange
win_move
win_getsrc
reg_delval
li_additemex
reg_getdfp
reg_setdfp
tab_allok
tab_allcancel
editbox_getint
win_tabmode
win_tabbtnmap
win_tabprsmin
editbox_getstr
reg_getstr
reg_setstr
thread_stop
thread_start
win_setwrc
dblclk_test
da_calloc_x
_unlock@4
_lock@4
event_set
event_create
_lock_open@4
da_create_x
listbox_redraw
event_wait
da_destroy_x
_lock_close@4
event_destroy
listbox_setdragdist
win_setdragscroll
sflSetScrollPos
treebox_setindent
treebox_setdragdist
ui_setdata
treebox_hititem
gc_box_se
gc_fill_se
sflTrackPopupMenu
listbox_hititem
listbox_showitem
gc_box
ui_sethitrc
checkbox_push
droplist_select
checkbox_setimage
imgbtn_setstate
gc_bltex
gc_setfont
bm_circle
gc_lock
rect_copy
vm_malloc_x
drag_start
rect_hit
bit_tst
label_fgcol
bm_pset
bit_set
bm_line
bm_erase
bit_clr
rect_nrmdir
bm_unmap
bm_map
bm_inneredge
bm_box
bm_fill
drag_init
drag_test
radio_clr
performance_e
bm_contract
bm_or
bm_expand
performance_s
bm_destroy
bm_create
treebox_redraw
mem_setq
mem_setb
gm_or
gm_xor
gc_vas
gm_vas
gm_destroy
apr_adjustrect
apr_metrics
gc_resize
gm_resize
vm_calloc_x
tmpstrm_create
tmpstrm_close
tmpstrm_awb_start
tmpstrm_awb_stop
tmpstrm_geteof
tmpstrm_seek
tmpstrm_read
tmpstrm_settof
tmpstrm_seteof
tmpstrm_write
tmpstrm_getpos
rect_offset
vm_map_x
vm_free_x
g_tid_wintab
except_setwin
except_getlist
bit_sets
bit_scan0clr
splitbar_setpos
bit_scan1
gm_fill
win_redraw_wh
apr_setexstyle
apr_setstyle
menubar_setmdichild
win_getdata
sflSetScrollInfo
apr_isactive
sflGetScrollInfo
win_timer
win_tabdata
win_tabfilter
win_tabrecv
gc_blt_rc
rgn_extract
win_enablechild
radio_set
imgbtn_setimgpos
fini_sfl
apr_destroy
thread_priority
apr_load_menu
apr_load_menubar
apr_load_vsb
apr_load_hsb
apr_load_client
apr_load_frame
mpu_info
init_sfl
except_setlogproc
mutex_create
treebox_setitemsize
label_settext
label_bgcol
wintab_dispchg
wintab_disable
wintab_enable
apr_getmaxrect
apr_getstyle
win_quit
tooltip_fini
wintab_close
splitbar_setorg
menubar_getht
apr_getcrc
menubar_create
wintab_open
tooltip_init
menubar_setmenu
gc_patfill
apr_setmaxsize
radio_settoggle
ui_format
win_defershow
win_iscurthread
tooltip_show
tooltip_hide
win_getht
gc_halftone
apr_isenabled
editbox_getdfp
editbox_setdfp
droplist_setdirection
reg_getbin
reg_setbin
editbox_setint
win_gettext
droplist_getsel
editbox_selall
droplist_setsel
sflDefWindowProc
sflGetWindowLong
win_enable
win_update
win_post
win_destroy
apr_monrc
win_create_ex
button_create
label_create
editbox_create
treebox_create
droplist_create
droplist_setitemsize
trackbar_create
checkbox_create
radio_create
groupbox_create
tab_create
ui_create
da_free_x
rect_wh
rect_and
mem_setw
mem_setd
rect_or
gc_destroy
mem_malloc_x
gc_pixmap
gm_pixmap
str_get
li_remove
li_append
li_free
checkbox_setstate
slider_setcol
sflGetScrollPos
win_getcrc
win_deferpos_begin
win_getwrc
win_deferwrc
win_defermove
win_deferpos_end
ui_detach
li_destroy
reg_getint
apr_setminsize
listbox_create
li_create
li_additem
listbox_setsel
picture_create
picture_setscale
picture_setpm
picture_setscroll
slider_create
slider_readonly
slider_setrange
slider_setval
win_show
win_send
reg_setint
win_redraw
win_settext
uih
ui_attach
radio_push
rect_se
mem_calloc_x
da_malloc_x
mem_free
except_filter
splitbar_getpos
editbox_setstr
win_size
tab_getselhwnd
listbox_setcols
listbox_setrows
gc_blt
gc_fill
tab_getsel
gc_loadbmp
tab_update
bit_scan0
tab_setsel
bm_ptr
listbox_setitemsize

msvcrt

floor
strncat
_strnicmp
qsort
fputws
fputwc
fgetwc
_vsnprintf
fgets
fprintf
_stricmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
rand
calloc
sscanf
ftell
_seh_longjmp_unwind
_setjmp3
malloc
free
_filelength
fread
fseek
_ftol
fopen
fwrite
fclose
_makepath
_hypot
_CIpow
_copysign
srand
time
atoi
fputs
fgetws
strtol
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
_splitpath
_snprintf
strncpy
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
_memicmp
abort
_iob
longjmp
fflush
strtod
_CxxThrowException
_initterm
_except_handler3
sprintf
??1type_info@@UAE@XZ

shlwapi

PathAddBackslashA
PathCanonicalizeA
PathStripPathA
PathRemoveBackslashA
PathRemoveFileSpecA
StrFormatByteSizeA
PathIsRelativeA

comctl32

ImageList_Draw
ImageList_DrawEx
ord17

imm32

ImmAssociateContext

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 752KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7006ec13967c8724f3605f407b925d0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

sfl

msvcrt

shlwapi

comctl32

imm32

imagehlp

Sections

.text Size: 752KB - Virtual size: 749KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 96KB - Virtual size: 3.9MB

.rsrc Size: 700KB - Virtual size: 699KB

.text
Size: 752KB - Virtual size: 749KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 96KB - Virtual size: 3.9MB

.rsrc
Size: 700KB - Virtual size: 699KB