SCEWIN_64[.]exe

Resubmissions

12/06/2023, 03:35

230612-d5dgzaaf63 3

12/06/2023, 03:32

230612-d3p3zsaf59 3

Sharing

Copy URL Twitter E-mail

General

Target

SCEWIN_64.exe
Size

446KB
MD5

d3201407f3a843a47eb888cadb46d0de
SHA1

a9d05828b99a7629c9f37cfd325eb7be3b2f07d9
SHA256

bde64f2faa469561d33df2bdf971eb88c712da1a58b94a1ff981e3f7345254fe
SHA512

ddeb27999f60408385e8c58fc53284075e5e30655adc6fd455f7160aaeabf73bb8cc52e5923d10ef3a208bf1f66dfb00b890bb46996a49ab692ac2fa4d600f85
SSDEEP

6144:MNutgK1BrgOS9ycAA1Dx4zDH1EZAwGTH/JxTTw:HqOrgOcAAb4zT1EZ6nw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SCEWIN_64.exe

Files

SCEWIN_64.exe
.exe windows x64

657fd2b8054c3b5174c542139616d773

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
DeviceIoControl
SetConsoleMode
ReadConsoleInputA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
CreateFileA
GetLastError
GetVersionExA
FreeLibrary
GetCurrentProcess
SetThreadAffinityMask
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
ExitProcess
WideCharToMultiByte
HeapReAlloc
MultiByteToWideChar
GetLocalTime
RtlLookupFunctionEntry
RtlUnwindEx
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
HeapSetInformation
HeapCreate
RtlVirtualUnwind
WriteFile
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetFilePointer
HeapSize
ReadFile
FlushFileBuffers
LCMapStringA
LCMapStringW
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
SetEndOfFile

user32

wsprintfA
MessageBoxA
ExitWindowsEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

657fd2b8054c3b5174c542139616d773

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 11KB - Virtual size: 26KB

.pdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 11KB - Virtual size: 26KB

.pdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 176B