SAI2-20170119-64bit-en[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

SAI2-20170119-64bit-en.rar
Size

3.4MB
MD5

e31a0e088881d5d0a31be79a147ec5c1
SHA1

2a0f5f3b4e5c29aeb4a829263f55dad756a92e39
SHA256

8cbcdeba580756f969d47c936d63db6e8918370576dda301d21d5fb9270d1d52
SHA512

a363955f16b38c5f90a878dd455938c92618c12b149d6c83012bd43ee67fd3cc522ab3917d360f93ddb560082cd969732bc8ea8ceb7ca5d781969fe86c7ea248
SSDEEP

49152:DyouezjHszxcXYJmKBNz5WnqSKC2ZJI3KoNz0WnqSKp2ZiZNzmWnqSK+2Zv:ftzTIcXlANVSKCgupN2SKprNwSK+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sai2.exe

Files

SAI2-20170119-64bit-en.rar
.rar
blotmap/Blots&Noise.bmp
blotmap/Blots.bmp
blotmap/Fuzystatic.bmp
blotmap/Paper.bmp
blotmap/Water Color 1.bmp
blotmap/Water Color 2.bmp
bristle/Bristle.bmp
bristle/Fine_Flat.bmp
bristle/Fine_Hollow.bmp
bristle/Fine_Pointy.bmp
bristle/Fine_Round_1.bmp
bristle/Fine_Round_2.bmp
bristle/Flat Bristle.bmp
bristle/Flat2.bmp
bristle/Flat3.bmp
bristle/Middle_Flat.bmp
bristle/Middle_Round.bmp
bristle/Rough_Flat.bmp
bristle/Rough_Round_1.bmp
bristle/Rough_Round_2.bmp
bristle/Rough_Vertical.bmp
bristle/Squeze.bmp
bristle/Stringy_L.bmp
bristle/Stringy_M.bmp
bristle/Stringy_R.bmp
bristle/Stringy_S.bmp
bristle/pencil.bmp
bristle/prueba2.bmp
brushtex/Canvas.bmp
brushtex/Fuzystatic.bmp
brushtex/Noise 1.bmp
brushtex/Paper.bmp
brushtex/Water Color 1.bmp
brushtex/Water Color 2.bmp
history.txt
papertex/Canvas.bmp
papertex/Paper.bmp
papertex/Water Color 1.bmp
papertex/Water Color 2.bmp
sai2.exe
.exe windows:5 windows x64

daaef9f6b0c572ddfb83c945880aa4f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetEnvironmentVariableW
SetEvent
ResetEvent
WaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
WaitForMultipleObjects
CreateEventW
CreateSemaphoreW
GlobalUnlock
GlobalLock
SwitchToThread
ReleaseSemaphore
CompareStringW
CompareFileTime
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
SetStdHandle
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleCP
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlPcToFileHeader
GetFileType
SetHandleCount
GetFileSizeEx
FindClose
GetStdHandle
LCMapStringA
LCMapStringW
HeapReAlloc
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
HeapSetInformation
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetConsoleMode
HeapAlloc
VirtualProtect
HeapFree
RtlUnwindEx
ReadFile
SetFilePointerEx
FindFirstFileW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
DeleteFileW
GetFileAttributesW
GetModuleFileNameA
SetEndOfFile
DebugBreak
VirtualFree
VirtualAlloc
GetSystemInfo
GetCPInfo
GetVersionExW
GetCurrentProcess
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
DeviceIoControl
GetModuleHandleW
LocalAlloc
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
RaiseException
LoadLibraryW
FormatMessageW
FlushFileBuffers
GetFileSize
lstrlenA
CreateFileW
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
FreeLibrary
VirtualQuery
RtlLookupFunctionEntry
RtlVirtualUnwind
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetCommandLineW
GetModuleFileNameW
GetPrivateProfileStringW
LocalFree
GetTickCount
Sleep
CreateMutexW
GetLastError
CloseHandle
GetCurrentThread
SetThreadPriority
CreateFileA
GetDiskFreeSpaceExW

user32

LoadIconW
GetClassLongPtrW
SetWindowPlacement
SetCapture
EnumThreadWindows
EnumChildWindows
DrawIconEx
WaitMessage
SetActiveWindow
MonitorFromWindow
GetCapture
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
ScreenToClient
GetParent
GetWindowThreadProcessId
SetWindowPos
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
GetAncestor
GetFocus
IsChild
GetNextDlgTabItem
SetFocus
ScrollWindowEx
mouse_event
SetParent
GetDlgItem
SetCaretPos
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
ShowCaret
CreateCaret
DestroyCaret
HideCaret
GetMessagePos
MsgWaitForMultipleObjects
SetTimer
PostQuitMessage
DestroyWindow
GetMenuInfo
SetForegroundWindow
ReplyMessage
ShowWindow
IsIconic
SetClipboardData
CloseClipboard
OpenClipboard
DispatchMessageW
TranslateMessage
PeekMessageW
SendMessageW
EndPaint
GetAsyncKeyState
AppendMenuW
RegisterClipboardFormatW
IsWindowVisible
GetWindowPlacement
MonitorFromRect
GetMonitorInfoW
SetCursor
SetWindowRgn
ClientToScreen
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GetMenuItemInfoW
GetWindow
GetTopWindow
DestroyIcon
IsZoomed
GetKeyState
SetScrollPos
SetScrollRange
SetScrollInfo
GetScrollPos
CreateMenu
DestroyMenu
InsertMenuItemW
SetMenuInfo
CreatePopupMenu
SetPropW
GetPropW
GetWindowDC
GetClientRect
FrameRect
SetLayeredWindowAttributes
KillTimer
MapWindowPoints
RedrawWindow
GetSysColor
LoadCursorW
RegisterClassExW
EnableWindow
UpdateWindow
GetMessageW
GetWindowLongPtrW
FillRect
GetDC
DrawTextW
ReleaseDC
GetSystemMetrics
CreateWindowExW
MessageBeep
AdjustWindowRectEx
GetWindowRect
SystemParametersInfoW
MoveWindow
GetSystemMenu
DeleteMenu
SetWindowLongPtrW
DefWindowProcW
PostMessageW
MessageBoxW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
BeginPaint
ReleaseCapture

gdi32

CreateCompatibleBitmap
GetCurrentObject
CreateCompatibleDC
CreateRectRgn
CreateRectRgnIndirect
ExtCreateRegion
CombineRgn
GetRegionData
GetTextMetricsW
CreateFontIndirectW
CreateDIBSection
GetGlyphOutlineW
ExtSelectClipRgn
OffsetClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetTextExtentExPointW
ExtTextOutW
RectVisible
CreateDIBitmap
EnumFontFamiliesExW
SetDIBitsToDevice
CreateSolidBrush
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps
SetTextColor
SetBkMode
SetBkColor
GetCharacterPlacementW
GetStockObject
SelectObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

EqualSid
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
SHGetSettings
SHFileOperationW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetDataFromIDListW
ord21
CommandLineToArgvW
DragAcceptFiles

ole32

DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleDuplicateData
ReleaseStgMedium
StringFromIID
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

SysFreeString
SysAllocString

imm32

ImmAssociateContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetContext
ImmAssociateContextEx
ImmSetCompositionFontW

comctl32

ImageList_GetIcon
ImageList_GetIconSize

shlwapi

PathIsRelativeW
StrRetToBufW
PathCanonicalizeW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.srclibs
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.appskin
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sai2.ini
sai2x64_patcher.rar
.rar

Sharing

General

Malware Config

Signatures

Files

daaef9f6b0c572ddfb83c945880aa4f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

comctl32

shlwapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.code Size: 2KB - Virtual size: 2KB

.rdata Size: 399KB - Virtual size: 398KB

.data Size: 23KB - Virtual size: 181KB

.pdata Size: 92KB - Virtual size: 92KB

.shared Size: 512B - Virtual size: 8B

.tls Size: 4KB - Virtual size: 4KB

.srclibs Size: 352KB - Virtual size: 352KB

.appskin Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 171KB - Virtual size: 170KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.code
Size: 2KB - Virtual size: 2KB

.rdata
Size: 399KB - Virtual size: 398KB

.data
Size: 23KB - Virtual size: 181KB

.pdata
Size: 92KB - Virtual size: 92KB

.shared
Size: 512B - Virtual size: 8B

.tls
Size: 4KB - Virtual size: 4KB

.srclibs
Size: 352KB - Virtual size: 352KB

.appskin
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 171KB - Virtual size: 170KB