SkuZ[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SkuZ.exe
Size

116KB
MD5

e4764a7594668f222b75f5e8f50d60bc
SHA1

062b1cb71364e44f75a5e4c617b62c05e2e57222
SHA256

34490ea4c1b5e274d6d4e8b14c2edf01c6c0746613c24d14a3df192de00a3883
SHA512

85d4f13fb8a0c4178ada7c9f80eab308ae4630251a79b9d5fbb045627822c08516512cf8a952e5fe1499b7d0814c610cff383924f9bcfcec64d5af376befa4db
SSDEEP

3072:/UG+nC2L7jzD6GgR1/ytWj2TuDVsk+f32ipMGtINrGXdsoNwTYVKjGZUK:/gnxWjNBsk+zWVGXecwTv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SkuZ.exe

Files

SkuZ.exe
.exe windows x86

1a18b668284dbadcaf9f6749815ce74e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_strdup
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcmp
fseek
mbstowcs
wcslen
??2@YAPAXI@Z
time
tolower
fflush
_vsnprintf
fwrite
strtok
strchr
strcpy
strncmp
fgets
strtoul
fprintf
remove
printf
_splitpath
strstr
__p___argc
__p___argv
atoi
fopen
realloc
fread
fclose
srand
sscanf
strncpy
strrchr
strncat
_access
rand
strcmp
sprintf
strcat
wcscat
_snprintf
_ftol
free
malloc
memset
memcpy
strlen

ws2_32

inet_addr
WSACleanup
socket
setsockopt
ioctlsocket
bind
listen
select
__WSAFDIsSet
closesocket
WSAStartup
connect
send
recv
htons
accept

kernel32

FindFirstFileA
GetStartupInfoA
GenerateConsoleCtrlEvent
WaitForMultipleObjects
GetLogicalDrives
TerminateProcess
FileTimeToLocalFileTime
FindNextFileA
FindClose
ExpandEnvironmentStringsA
GetFileTime
SetFileTime
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalUnlock
FormatMessageA
SetConsoleCtrlHandler
GetLocalTime
GetFileSize
SetFilePointer
ReadFile
TerminateThread
GetTempPathA
MoveFileA
CreateMutexA
WaitForSingleObject
ExitProcess
GetSystemDirectoryA
GetFileAttributesA
SetFileAttributesA
GetCurrentProcessId
OpenProcess
CreateProcessA
DeleteFileA
GetVersionExA
GetLocaleInfoA
GetComputerNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetTickCount
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetModuleFileNameA
CreateThread
WideCharToMultiByte
CopyFileA
GetLastError
CreateFileA
TransactNamedPipe
WriteFile
CloseHandle
MultiByteToWideChar
Sleep
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
GlobalMemoryStatus

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a18b668284dbadcaf9f6749815ce74e

Headers

File Characteristics

Imports

msvcrt

ws2_32

kernel32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 36KB - Virtual size: 340KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 36KB - Virtual size: 340KB