schmedit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

schmedit.exe
Size

1.1MB
MD5

c0ff166b1fcb33d2bb572f87cb2c9f66
SHA1

aae85c4f7780451851325fa58db2cf7a9632c1a5
SHA256

1d6d08f99badafbb539e4378063254289f3b2b4756eb5d30660407e98912dd6a
SHA512

094f2935d201afc9df16ce0da51af53b483f6c2ec98d639ced728374d421ca6d806d1e4a4c98258e8a5fb1203f8ac358367a29d679d504731e719389843f0061
SSDEEP

24576:b1KY25OWGJXd2B+R/JpBbgWkd/ix8y0XNew+G7V:oYtt0WsV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
schmedit.exe

Files

schmedit.exe
.exe windows:5 windows x86

cdc4500f462b7b83c36295afd5e11dd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
LocalAlloc
SetErrorMode
GetCommandLineA
SetLastError
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetUserDefaultLCID
GetACP
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
GetFileAttributesA
GetFileType
ExpandEnvironmentStringsA
TerminateProcess
GetModuleFileNameA
IsValidCodePage
GetCPInfo
GetCurrentProcessId
GetEnvironmentVariableA
GetTempFileNameA
FindFirstFileA
FindClose
GetTempPathA
CreateFileA
OutputDebugStringA
GetStdHandle
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
ExitProcess
GetCurrentProcess
GetProcAddress
TlsAlloc
TlsSetValue
TlsFree
InitializeCriticalSection
GetLastError
LoadLibraryA
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange

user32

GetWindowRect
MessageBoxA
PeekMessageA
CreateWindowExA
MessageBeep
RegisterClassA
PostMessageA
SendMessageA
SetForegroundWindow
PostThreadMessageA
SetMenu
EndPaint
DrawIcon
GetClientRect
BeginPaint
GetUpdateRect
PostQuitMessage
TranslateMessage
DispatchMessageA
ReleaseDC
GetDC
VkKeyScanA
GetAsyncKeyState
GetSystemMetrics
GetKeyState
FillRect
GetWindowLongA
SetWindowLongA
SetWindowPos
SetFocus
EnableWindow
ShowWindow
SetCapture
ReleaseCapture
SetCursorPos
GetScrollInfo
SetScrollInfo
ScrollWindow
GetParent
WindowFromPoint
GetCursorPos
SetParent
RedrawWindow
UpdateWindow
ScreenToClient
ClientToScreen
MoveWindow
DeferWindowPos
CallWindowProcA
IsWindowVisible
IsWindowEnabled
GetFocus
SetWindowTextA
InvalidateRect
EndDeferWindowPos
BeginDeferWindowPos
GetWindow
GetMessageTime
SystemParametersInfoA
GetMenuItemInfoA
GetMenuItemCount
GetActiveWindow
CallNextHookEx
RegisterHotKey
UnregisterHotKey
UnhookWindowsHookEx
GetCapture
PtInRect
IsWindow
TrackPopupMenu
IsDialogMessageA
SetWindowsHookExA
GetSysColor
GetUpdateRgn
InflateRect
CreateDialogParamA
GetDlgItem
BringWindowToTop
IsZoomed
IsIconic
GetDesktopWindow
DrawMenuBar
EnableMenuItem
GetSystemMenu
AdjustWindowRectEx
SetWindowRgn
FlashWindow
UnregisterClassA
CreateDialogIndirectParamA
DrawTextA
CopyRect
DrawFocusRect
OffsetRect
GetMenuState
CheckMenuItem
CheckMenuRadioItem
ModifyMenuA
SetMenuItemInfoA
CreatePopupMenu
DestroyMenu
RemoveMenu
InsertMenuA
AppendMenuA
CreateMenu
GetSubMenu
InsertMenuItemA
GetForegroundWindow
GetWindowDC
DestroyIcon
DefFrameProcA
TranslateMDISysAccel
DefMDIChildProcA
GetMenuStringA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
GetMessageA
ValidateRect
DrawFrameControl
DrawIconEx
DestroyCursor
LoadIconA
LoadBitmapA
GetIconInfo
LoadImageA
CreateIconIndirect
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
keybd_event
CloseClipboard
IsClipboardFormatAvailable
SetTimer
KillTimer
ShowCursor
EnumDisplaySettingsA
ChangeDisplaySettingsA
SetClipboardData
RegisterClipboardFormatA
DrawStateA
DrawEdge
GetMessagePos
MapWindowPoints
ChildWindowFromPoint
UnionRect
HideCaret
LoadCursorA
SetCursor
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleA
DdeClientTransaction
DdeDisconnect
DdeInitializeA
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringA
DdeFreeStringHandle
DestroyWindow
DefWindowProcA
OpenClipboard

gdi32

SetViewportExtEx
SetMapMode
GetBkColor
GetTextColor
Arc
Pie
Polygon
SetPolyFillMode
PolyPolygon
Rectangle
RoundRect
Ellipse
SetBrushOrgEx
CreateCompatibleBitmap
BitBlt
MaskBlt
StretchBlt
StretchDIBits
GetPaletteEntries
CreateBitmap
CreateHatchBrush
CreatePatternBrush
GetNearestPaletteIndex
CreatePalette
LineTo
MoveToEx
GetRgnBox
EqualRgn
SetWindowExtEx
PatBlt
CreateICA
CreateDIBSection
GetDIBits
CreateDIBitmap
GetDIBColorTable
EnumFontFamiliesExA
GetEnhMetaFileA
CopyEnhMetaFileA
DeleteEnhMetaFile
GetSystemPaletteEntries
SetAbortProc
EndDoc
StartPage
EndPage
StartDocA
CreateDCA
SetViewportOrgEx
SetWindowOrgEx
GetTextExtentExPointA
GetCharABCWidthsA
SetROP2
TextOutA
Polyline
PolyBezier
SetPixel
GetPixel
ExtFloodFill
ExtSelectClipRgn
GetClipBox
SetStretchBltMode
DeleteDC
CreateCompatibleDC
GetObjectA
GetStockObject
ExtCreatePen
SaveDC
RestoreDC
SetTextAlign
CreateRectRgnIndirect
CombineRgn
SelectClipRgn
CreateSolidBrush
CreatePen
SetBkMode
SetTextColor
RectInRegion
SetBkColor
GetRegionData
ExtCreateRegion
OffsetRgn
GetDeviceCaps
DeleteObject
CreateFontIndirectA
ExcludeClipRect
CreateRectRgn
GetTextExtentPoint32A
SelectPalette
RealizePalette
GdiFlush
SelectObject
PtInRegion
GetTextMetricsA

comdlg32

PrintDlgA
ChooseFontA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError
PageSetupDlgA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragAcceptFiles
DragQueryPoint
DragFinish
DragQueryFileA
ExtractIconA
ExtractIconExA

ole32

OleGetClipboard
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleInitialize
OleUninitialize
CoCreateInstance

msvcr90

fclose
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
fabs
sqrt
abs
strlen
strcmp
_wassert
_strnicmp
atol
_CIcos
_CIsin
_CIsqrt
_ftime64
feof
clearerr
ftell
fseek
_telli64
_lseeki64
_write
_read
_close
_mktime64
_localtime64
_gmtime64
bsearch
atof
atoi
setlocale
_stricmp
rename
_getcwd
remove
strncmp
_fileno
_get_osfhandle
getenv
_fdopen
?_open@@YAHPBDHH@Z
_open_osfhandle
fprintf
sscanf
fputs
fputc
fflush
strftime
__iob_func
abort
sprintf
strchr
isalnum
calloc
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncpy
_time64
memset
exit
_strdup
strstr
_vsprintf_p
strtod
strtoul
strtol
toupper
isdigit
isalpha
memmove
realloc
malloc
_errno
qsort
??_U@YAPAXI@Z
isspace
tolower
memcpy
memchr
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??2@YAPAXI@Z
_purecall
??_V@YAXPAX@Z
free
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
fwrite
fopen
fread
_timezone
ferror

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

comctl32

ImageList_GetImageCount
ImageList_Create
ImageList_Destroy
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Add
ImageList_EndDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_SetDragCursorImage
ImageList_BeginDrag
ord16
ord6
ord17
ImageList_Draw

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdc4500f462b7b83c36295afd5e11dd4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

msvcr90

msvcp90

comctl32

Sections

.text Size: 788KB - Virtual size: 787KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 34KB - Virtual size: 114KB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 788KB - Virtual size: 787KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 34KB - Virtual size: 114KB

.rsrc
Size: 26KB - Virtual size: 25KB