sems[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sems.exe
Size

1.2MB
MD5

b16eefa3049bb3cb0fcdd35bbdac5439
SHA1

9ed1c415699fc4cd0c74ea9fc1fe97d7af847ca0
SHA256

59bb9d0838882ec12d28eae3ef9b02ad58cd83ddffeecec4b938f7a58bed50ee
SHA512

db853fe16abd015ca93be71869a7b8df2c257c4b57553f8b2613ce1c1e259b9082e0e5f61c559d25a80787bef2e61a67f1b9d032501dbed06a40e9874bcd5d82
SSDEEP

12288:UOK6QBRpuJv8BgpSazznnfKDuggznQkZpM3BHEcPAF4eWsmug2Ex83dq4+ANiKIt:4WFXZpCC4eWwgf8RJNiKfEYzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sems.exe

Files

sems.exe
.exe windows x86

1ecd31b65e7b4467e4bbbc20e93f379e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
FindResourceW
CreateFileA
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetComputerNameW
LoadResource
Process32FirstW
Process32NextW
lstrcmpiA
SetEnvironmentVariableA
CreateFileW
GetLastError
LocalFree
LocalAlloc
LockResource
LoadLibraryA
CloseHandle
GetCurrentProcessId
OpenProcess
GetProcAddress
GetFileAttributesExW
GetTimeZoneInformation
CreateToolhelp32Snapshot
GetModuleHandleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
FreeLibrary
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
GetModuleHandleExW
DuplicateHandle
GetCurrentProcess
CreateProcessA
HeapValidate
GetSystemInfo
LoadLibraryExW
GetCommandLineA
FatalAppExitA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
WriteFile
ExitProcess
AreFileApisANSI
GetCurrentThread
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
GetFileType
OutputDebugStringA
WriteConsoleW
ReadFile
GetConsoleMode
ReadConsoleW
SetStdHandle
GetConsoleCP
WaitForSingleObject
GetExitCodeProcess
CreatePipe
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetModuleFileNameA
HeapAlloc
GetProcessHeap
FlushFileBuffers
SetFilePointerEx
SetEndOfFile

user32

FindWindowA

advapi32

RegQueryValueExA
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyA

wininet

InternetCheckConnectionW

iphlpapi

GetAdaptersInfo

mpr

WNetGetProviderNameA

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

Sections

.textbss
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 989KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ecd31b65e7b4467e4bbbc20e93f379e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

iphlpapi

mpr

psapi

Sections

.textbss Size: - Virtual size: 468KB

.text Size: 989KB - Virtual size: 989KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 12KB - Virtual size: 22KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 41KB - Virtual size: 40KB

.textbss
Size: - Virtual size: 468KB

.text
Size: 989KB - Virtual size: 989KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 12KB - Virtual size: 22KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 41KB - Virtual size: 40KB