schemer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

schemer.exe
Size

2.7MB
MD5

e07846dbbda19c10a39735e3e9bf353f
SHA1

ce173c23a62746f6d09d4acfa827b3368730e433
SHA256

b0afb2d57cce17940b4ea23c39f2f3c452fb7c6a1e6ac7dbceece153f782f6ca
SHA512

e29d0549c291f18ca7baa33675d168ae344b2804e21b07145bd6085159c9a857b9549f014d6b86a28894f624284d1980e9acee8153e60d22b5b2cbd9ad194948
SSDEEP

49152:bd/5ZZ8BBEUfDzZdnhHkCwh6PUUOmR3tgq+dTxzP++YoGWR:1wRZthECwmUUOmRdgqQP++YoGWR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
schemer.exe

Files

schemer.exe
.exe windows:4 windows x64

dab4788f8293f876780d448ab5c4b009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetHandleInformation
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount64
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VerSetConditionMask
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_chdir
_commode
_endthreadex
_environ
_errno
_exit
_findclose
_findfirst64
_findnext64
_fmode
_fstat64
_fullpath
_getcwd
_hypot
_initterm
_lock
_onexit
_open
_putenv_s
_read
_setjmp
_stat64
_stricmp
_strnicmp
_time64
_ultoa
_unlock
_wassert
abort
acos
asin
atan
calloc
clearerr
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
getenv_s
islower
isspace
isupper
isxdigit
localeconv
log10
malloc
mbstowcs
memcmp
memcpy
memmove
memset
printf
putc
qsort
rand
realloc
rename
setlocale
signal
sinh
srand
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
system
tan
tanh
tmpnam
tolower
toupper
ungetc
vfprintf
wcscmp
wcscpy
wcslen
wcstombs
_time64
longjmp
_nextafter
_yn
_jn
_write
_unlink
_tempnam
_strdup
_rmdir
_open
_mkdir
_lseek
_isatty
_getcwd
_fileno
_dup2
_dup
_creat
_close
_chmod
_chdir
_access
_stricmp

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint

user32

AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
FlashWindow
GetActiveWindow
GetClassLongPtrW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetLayeredWindowAttributes
GetMessageTime
GetMonitorInfoW
GetPropW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetWindowLongW
GetWindowPlacement
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadImageW
MapVirtualKeyW
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterDeviceNotificationW
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetRect
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WaitMessage
WindowFromPoint

winmm

timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 862KB - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/116
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/132
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/148
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dab4788f8293f876780d448ab5c4b009

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

shell32

user32

winmm

Sections

.text Size: 862KB - Virtual size: 862KB

.data Size: 430KB - Virtual size: 429KB

.rdata Size: 322KB - Virtual size: 321KB

/4 Size: 512B - Virtual size: 4B

.pdata Size: 29KB - Virtual size: 29KB

.xdata Size: 31KB - Virtual size: 30KB

.bss Size: - Virtual size: 60KB

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

/14 Size: 6KB - Virtual size: 6KB

/29 Size: 320KB - Virtual size: 319KB

/41 Size: 52KB - Virtual size: 51KB

/55 Size: 107KB - Virtual size: 106KB

/67 Size: 38KB - Virtual size: 37KB

/80 Size: 5KB - Virtual size: 4KB

/91 Size: 252KB - Virtual size: 252KB

/102 Size: 16KB - Virtual size: 15KB

/116 Size: 7KB - Virtual size: 7KB

/132 Size: 3KB - Virtual size: 3KB

/148 Size: 512B - Virtual size: 358B

.text
Size: 862KB - Virtual size: 862KB

.data
Size: 430KB - Virtual size: 429KB

.rdata
Size: 322KB - Virtual size: 321KB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 29KB - Virtual size: 29KB

.xdata
Size: 31KB - Virtual size: 30KB

.bss
Size: - Virtual size: 60KB

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB

/14
Size: 6KB - Virtual size: 6KB

/29
Size: 320KB - Virtual size: 319KB

/41
Size: 52KB - Virtual size: 51KB

/55
Size: 107KB - Virtual size: 106KB

/67
Size: 38KB - Virtual size: 37KB

/80
Size: 5KB - Virtual size: 4KB

/91
Size: 252KB - Virtual size: 252KB

/102
Size: 16KB - Virtual size: 15KB

/116
Size: 7KB - Virtual size: 7KB

/132
Size: 3KB - Virtual size: 3KB

/148
Size: 512B - Virtual size: 358B