soh[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

soh.exe
Size

20.2MB
MD5

09c18813fbe786dadc23322462d178cb
SHA1

327dda256e835c1f8d78473ad9f31892b9ac7615
SHA256

edae1a0cd8c98599693ccefa787cc50570e464c7037c8b32e6bb368116d51340
SHA512

83b99c9ac11b551e0a3216b7c0dfdcdab73bef233b0eef60bf206e9c5430d8412fe3bec0c65b0f5072ac608311de83aeac33e5d8be3281da4fcbe09b5eb953ea
SSDEEP

196608:dWF07NctGbsQNDrWdg3bVzcHBWwmcKzYR:ds0so9WdOVczIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
soh.exe

Files

soh.exe
.exe windows x64

fc4eab0a9754b5a1c8ae1deb46baa472

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextW
waveOutGetDevCapsW
waveOutGetNumDevs
timeEndPeriod
timeBeginPeriod

imm32

ImmGetIMEFileNameA
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Device_IDA
CM_Get_Parent
CM_Locate_DevNodeA

opengl32

glBindTexture
glDepthFunc
glClearColor
glClear
glDeleteTextures
glBlendFunc
glDepthMask
glDisable
wglGetProcAddress
wglGetCurrentDC
glGetString
glViewport
glTexParameteri
glTexImage2D
glScissor
glReadPixels
glPolygonOffset
glGetIntegerv
glGenTextures
glFlush
glEnable
glDrawArrays

wininet

InternetGetConnectedState
HttpSendRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpOpenRequestA
HttpQueryInfoA
HttpAddRequestHeadersA

user32

CreateWindowExW
GetWindowPlacement
GetKeyNameTextA
UpdateWindow
InvalidateRect
AdjustWindowRect
ShowCursor
SetWindowLongPtrA
LoadCursorA
MonitorFromWindow
GetMonitorInfoA
TrackMouseEvent
GetMessageW
DispatchMessageW
PeekMessageW
GetMessageExtraInfo
PostMessageW
CallWindowProcW
RegisterClassExW
UnregisterClassW
GetClassInfoExW
IsIconic
GetKeyState
GetAsyncKeyState
SetTimer
KillTimer
GetSystemMetrics
wsprintfA
WindowFromPoint
IsWindowUnicode
GetCapture
BringWindowToTop
IsChild
DefWindowProcA
SetWindowLongA
GetWindowLongA
SystemParametersInfoA
DrawTextW
PostQuitMessage
EndDialog
DialogBoxIndirectParamW
PostThreadMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetDesktopWindow
SetWindowRgn
MonitorFromRect
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
IntersectRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
RegisterClassW
AttachThreadInput
SendMessageW
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
CopyImage
LoadCursorW
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetDlgItem
GetKeyboardLayout
GetMenu
DefWindowProcW
GetForegroundWindow
GetDC
GetUpdateRect
ValidateRect
MessageBoxA
ShowWindow
GetMonitorInfoW
MonitorFromPoint
SetWindowPos
GetMessageA
TranslateMessage
DispatchMessageA
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ReleaseDC
MapVirtualKeyW
ToUnicode
GetKeyboardState
GetPropW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetDoubleClickTime
RegisterWindowMessageA
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
IsRectEmpty
FillRect
ClipCursor
ScreenToClient
ClientToScreen
GetClipCursor
GetCursorPos
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateRectRgn
CombineRgn
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileW
CreateBitmap
GetDIBits
GetDeviceCaps
CreateDCW
SwapBuffers
CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetStockObject
BitBlt
CreateFontIndirectW
GetTextExtentPoint32A
CreateCompatibleBitmap
GetTextMetricsW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CLSIDFromString
PropVariantClear
CoUninitialize

oleaut32

SysFreeString

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
ExtractIconExW
DragFinish
DragQueryFileW
DragAcceptFiles
DragQueryFileA
CommandLineToArgvW
SHGetFolderPathW

ws2_32

socket
setsockopt
send
recv
listen
ioctlsocket
connect
closesocket
bind
WSACleanup
WSAStartup
gethostbyname
inet_addr
WSAGetLastError
WSASetLastError
__WSAFDIsSet
select

kernel32

GetSystemTime
SystemTimeToFileTime
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
GetModuleFileNameA
GetModuleHandleExA
GetProcAddress
LoadLibraryW
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
VerSetConditionMask
GetFileType
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetConsoleOutputCP
ReadConsoleW
FreeLibraryAndExitThread
ExitThread
TlsFree
RtlUnwind
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEvent
GetStringTypeW
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
GetNativeSystemInfo
GetExitCodeThread
TryAcquireSRWLockExclusive
MultiByteToWideChar
ReleaseSRWLockExclusive
InitializeSRWLock
GetFileInformationByHandleEx
FreeEnvironmentStringsW
MoveFileExW
CopyFileW
AreFileApisANSI
SetConsoleTextAttribute
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
CloseHandle
FindFirstFileA
FindNextFileA
GetConsoleWindow
AllocConsole
GetFileAttributesA
FreeLibrary
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
SetEndOfFile
GetFileTime
GetFileSize
SetLastError
GetModuleHandleA
GlobalFree
GetLocaleInfoA
GetSystemPowerStatus
WideCharToMultiByte
GetModuleHandleExW
CompareStringA
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryExW
TlsSetValue
TlsGetValue
TlsAlloc
FormatMessageW
LocalFree
CreateEventW
ResetEvent
CancelIo
GetOverlappedResult
DeviceIoControl
CreateFileA
SetThreadPriority
CreateThread
RaiseException
IsDebuggerPresent
SetEnvironmentVariableA
GetEnvironmentVariableA
CreateSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
GetSystemInfo
GlobalMemoryStatusEx
TerminateProcess
ExitProcess
Sleep
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleA
WriteFile
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetConsoleMode
QueryPerformanceFrequency
GetCurrentProcessId
QueryPerformanceCounter
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
HeapReAlloc
HeapSize
DeleteFileW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
AcquireSRWLockExclusive
GetEnvironmentStringsW
SetThreadExecutionState
MulDiv
GetModuleFileNameW
GetTickCount
SetErrorMode
SetFilePointerEx
SetFilePointer
GetModuleHandleW
VerifyVersionInfoW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
LoadLibraryA
OutputDebugStringW
CreateFileW
GetFileSizeEx
ReadFile
GetLastError

comdlg32

CommDlgExtendedError
GetOpenFileNameA

shlwapi

PathFindExtensionA

dbghelp

SymFunctionTableAccess64
SymGetModuleBase64
SymSetOptions
StackWalk64
SymInitialize
SymFromAddr
SymGetLineFromAddr64

d3dcompiler_47

D3DCompile

Sections

.text
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc4eab0a9754b5a1c8ae1deb46baa472

Headers

DLL Characteristics

File Characteristics

Imports

winmm

imm32

version

setupapi

opengl32

wininet

user32

gdi32

ole32

oleaut32

advapi32

shell32

ws2_32

kernel32

comdlg32

shlwapi

dbghelp

d3dcompiler_47

Sections

.text Size: 15.2MB - Virtual size: 15.2MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 1.2MB - Virtual size: 5.0MB

.pdata Size: 762KB - Virtual size: 761KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 130KB - Virtual size: 129KB

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 15.2MB - Virtual size: 15.2MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 1.2MB - Virtual size: 5.0MB

.pdata
Size: 762KB - Virtual size: 761KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 130KB - Virtual size: 129KB

.reloc
Size: 73KB - Virtual size: 72KB