SkinChanger-776882[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SkinChanger-776882.zip
Size

22.6MB
MD5

9a1c7001bbe2ee62971cb35d9cf07409
SHA1

91b777ff8b0beec3225d94a89b4c11e62fa4527e
SHA256

933100483a5c51ccafa818814d5a6501aebc692389cd226251827bb21d3e2766
SHA512

788e13fa2f9a919aadbbf384cf61be38e1af8768bea6ac618003aeb0e8b93adc08c0d34847de35f5c7b559bc5574a2a7b51f316353c1d725a9cc81c58912c3dc
SSDEEP

393216:4xdANeeWMYIv8XsIS4vpHMQdHJWGokv95gX3G+L2Fu6KdQr8oaz7bHu8fGiy/TWh:SAfp9UcIXMQ1oOq2+CM6KdIaz7jjfc/O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/StartSetup_20221.exe

Files

SkinChanger-776882.zip
.zip

Password: 123
StartSetup_20221.exe
.exe windows:6 windows x86 arch:x86

Password: 123

cf81c58d07122f8f934a5c4b8d16a214

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
CreateFiber
InitializeCriticalSectionEx
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetLogicalDriveStringsW
EnumSystemLocalesW
HeapAlloc
CreateThread
TlsSetValue
GetCurrentProcessId
ConvertThreadToFiber
GetSystemTimeAsFileTime
SetConsoleCursorPosition
GlobalHandle
GetFileAttributesExW
SizeofResource
SetErrorMode
GetTempFileNameW
GetCommandLineA
GetFileType
ExitProcess
GetCPInfo
ReleaseSRWLockExclusive
MulDiv
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
WriteConsoleA
GetCommandLineW
SetLastError
RtlUnwind
GetFileInformationByHandle
MultiByteToWideChar
ConvertFiberToThread
IsValidLocale
CloseHandle
FindResourceW
GetFileSizeEx
LeaveCriticalSection
GetUserDefaultUILanguage
CopyFileW
SetThreadPriority
TerminateProcess
lstrcatA
SetCurrentDirectoryW
FreeLibraryAndExitThread
IsValidCodePage
GetLocaleInfoW
TlsAlloc
SystemTimeToFileTime
ReadConsoleOutputCharacterA
FreeLibrary
ReadConsoleA
GetTickCount64
DecodePointer
GetModuleHandleA
AttachConsole
GetTickCount
GetUserDefaultLCID
MoveFileExW
FileTimeToSystemTime
Sleep
WaitForSingleObject
GetStdHandle
GetProcessHeap
GetExitCodeProcess
WriteFile
RaiseException
GetLastError
SetFilePointerEx
TlsFree
GlobalLock
AcquireSRWLockExclusive
LCMapStringEx
FindFirstFileExW
lstrlenA
EncodePointer
SetNamedPipeHandleState
GetTimeFormatW
IsProcessorFeaturePresent
GetModuleHandleExW
CreateFileW
ExitThread
ResetEvent
VerSetConditionMask
SetEvent
GetTimeZoneInformation
LockResource
SetConsoleMode
FindFirstFileW
GetStringTypeW
GetConsoleOutputCP
GetNativeSystemInfo
ResumeThread
ReadConsoleW
FindNextFileW
ExpandEnvironmentStringsW
GetStartupInfoW
GetEnvironmentVariableA
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetCurrentThreadId
CreateProcessW
GetTempPathW
FlushFileBuffers
CreateMutexW
ReadFile
FindClose
CompareFileTime
FreeEnvironmentStringsW
GetModuleHandleW
WriteConsoleW
GlobalAlloc
GetACP
CompareStringW
HeapSize
OutputDebugStringW
GetFileAttributesW
WaitForMultipleObjects
GetLongPathNameW
DeleteFileW
LoadLibraryA
WaitForSingleObjectEx
SetHandleInformation
GetCurrentProcess
GetVersionExW
InitializeCriticalSection
UnhandledExceptionFilter
GetEnvironmentStringsW
LocalFree
VerifyVersionInfoW
SleepEx
QueryPerformanceCounter
GetConsoleScreenBufferInfo
QueryPerformanceFrequency
GetEnvironmentVariableW
TlsGetValue
EnterCriticalSection
SetEnvironmentVariableW
LCMapStringW
FormatMessageW
DeleteCriticalSection
GetSystemTime
GetCurrentThread
HeapFree
GetOEMCP
SetStdHandle
GetProcAddress
FillConsoleOutputCharacterW
PeekNamedPipe
GetDriveTypeW
SetEndOfFile
GetConsoleMode
SwitchToFiber
CreatePipe
GlobalSize
WideCharToMultiByte
GlobalUnlock
DeleteFiber
CreateEventW
LoadResource
LoadLibraryW
InitializeSListHead
FreeConsole
GetDateFormatW
GlobalFree
GetSystemDirectoryW

user32

FindWindowExW
ChangeDisplaySettingsExW
SetCapture
DdeFreeDataHandle
GetWindow
EndDeferWindowPos
UnregisterHotKey
SetRect
DestroyWindow
MonitorFromPoint
ChildWindowFromPoint
GetUserObjectInformationW
EnumDisplaySettingsW
BeginDeferWindowPos
DdeGetLastError
ClientToScreen
DdeGetData
DdeCreateDataHandle
CreateDialogParamW
IsWindow
CreateWindowExW
CallNextHookEx
SetWindowTextW
InsertMenuItemW
GetFocus
IsRectEmpty
SetWindowLongW
EnableMenuItem
GetWindowRect
PostMessageW
MessageBoxW
ReleaseCapture
IsDialogMessageW
DrawEdge
DestroyCursor
MapVirtualKeyW
DrawFrameControl
GetScrollInfo
SetForegroundWindow
UpdateWindow
keybd_event
ValidateRgn
ReleaseDC
SetMenuInfo
DestroyMenu
GetSysColorBrush
InvalidateRect
GetWindowPlacement
CheckMenuRadioItem
UnregisterClassW
GetClientRect
SetParent
SetCursor
RegisterWindowMessageW
GetSystemMenu
GetMenuItemID
GetMenuItemInfoW
FlashWindowEx
AnimateWindow
ChildWindowFromPointEx
DispatchMessageW
EndPaint
RemoveMenu
DdeUninitialize
GetCaretBlinkTime
GetClassNameW
PostThreadMessageW
CreateMenu
DdeDisconnect
GetMessageW
GetComboBoxInfo
UnionRect
BringWindowToTop
DrawFocusRect
GetProcessDefaultLayout
GetIconInfo
CheckMenuItem
MessageBeep
GetMessageTime
EnumDisplayMonitors
IsWindowVisible
CreateIconIndirect
IsWindowEnabled
GetKeyState
MoveWindow
GetWindowTextW
SetMenuItemInfoW
SystemParametersInfoW
DrawMenuBar
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
GetWindowDC
MonitorFromWindow
SetFocus
DdeFreeStringHandle
RedrawWindow
TranslateMessage
IsIconic
InflateRect
ShowWindow
SetTimer
SetCursorPos
IsZoomed
DdePostAdvise
GetUpdateRgn
GetMessagePos
ScrollWindow
GetWindowLongW
GetDlgItem
DdeInitializeW
VkKeyScanW
PeekMessageW
DestroyIcon
CreateDialogIndirectParamW
SetWindowPos
GetClipboardFormatNameW
GetMenuState
PtInRect
DefWindowProcW
InsertMenuW
ScreenToClient
RegisterHotKey
DdeClientTransaction
TranslateAcceleratorW
GetParent
DrawStateW
GetProcessWindowStation
GetMonitorInfoW
CopyRect
SetWindowRgn
RegisterClipboardFormatW
SendMessageW
SetLayeredWindowAttributes
CreateAcceleratorTableW
CallWindowProcW
TrackPopupMenu
GetMenuItemCount
ModifyMenuW
EnableScrollBar
DdeConnect
RegisterClassW
CreatePopupMenu
MsgWaitForMultipleObjects
MapWindowPoints
PostQuitMessage
SetRectEmpty
SetScrollInfo
SetWindowsHookExW
DrawTextW
LoadIconW
OffsetRect
LoadBitmapW
IsMenu
DrawIconEx
KillTimer
HideCaret
LoadCursorW
DdeCreateStringHandleW
SetMenu
DeferWindowPos
UnhookWindowsHookEx
GetCursorPos
GetSubMenu
GetDesktopWindow
GetActiveWindow
IsClipboardFormatAvailable
AppendMenuW
GetCapture
wsprintfA
GetAsyncKeyState
EnableWindow
WaitForInputIdle
DdeNameService
GetSystemMetrics
DdeQueryStringW
WindowFromPoint
LoadImageW
ValidateRect
GetDC
BeginPaint
FillRect
GetDialogBaseUnits
GetDoubleClickTime

comctl32

ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ImageList_Create
ord16
ord17
ImageList_GetImageInfo

oleacc

LresultFromObject

uxtheme

GetThemeBackgroundExtent
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
IsAppThemed
OpenThemeData
IsThemeActive
GetThemePartSize
GetThemeInt
GetThemeSysFont
DrawThemeBackground
CloseThemeData
GetThemeBackgroundContentRect
DrawThemeParentBackground
GetThemeFont
GetThemeMargins
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent

ws2_32

WSAEnumNetworkEvents
WSACleanup
__WSAFDIsSet
select
accept
freeaddrinfo
listen
getnameinfo
WSACloseEvent
recvfrom
sendto
ioctlsocket
gethostname
shutdown
WSAEventSelect
WSAIoctl
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
send
WSASetLastError
getaddrinfo
htonl
WSAStartup

wldap32

ord127
ord27
ord26
ord117
ord301
ord142
ord147
ord79
ord133
ord167
ord208
ord46
ord219
ord145
ord41
ord216
ord14

crypt32

CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertCloseStore
CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

shlwapi

SHAutoComplete

msimg32

GradientFill
AlphaBlend

bcrypt

BCryptGenRandom

gdi32

Arc
GdiFlush
GetDeviceCaps
LPtoDP
EndDoc
GetLayout
CreatePen
DeleteDC
SetPolyFillMode
Ellipse
Pie
GetGraphicsMode
GetOutlineTextMetricsW
PlayEnhMetaFile
DeleteEnhMetaFile
CreateRectRgnIndirect
GetTextExtentPoint32W
CreatePatternBrush
RealizePalette
RoundRect
SelectClipRgn
CreateRectRgn
GetObjectW
MaskBlt
Polyline
GetTextExtentExPointW
ExtFloodFill
CreateHatchBrush
GetCharABCWidthsW
OffsetRgn
SetPixel
PtInRegion
CreateBitmapIndirect
SetGraphicsMode
ExtCreatePen
SetBkColor
MoveToEx
GetNearestPaletteIndex
GetDIBColorTable
EqualRgn
CreateICW
GetViewportExtEx
GetSystemPaletteEntries
CombineRgn
SetTextColor
SetWorldTransform
ExcludeClipRect
CreateCompatibleDC
GetStockObject
EnumFontFamiliesExW
LineTo
CreatePalette
SetBkMode
Polygon
CreateFontIndirectW
DeleteObject
DPtoLP
CreateBitmap
CreateDIBSection
SetWindowOrgEx
GetClipBox
RectInRegion
ExtCreateRegion
PolyPolygon
GetEnhMetaFileW
CloseEnhMetaFile
StretchDIBits
SetViewportOrgEx
SetROP2
CreateCompatibleBitmap
GetTextMetricsW
EndPage
CreateEnhMetaFileW
ModifyWorldTransform
CreateSolidBrush
StartDocW
GetPaletteEntries
GetWindowExtEx
SetDIBColorTable
SetLayout
CreateDCW
GetWorldTransform
StretchBlt
GetObjectType
GetBkColor
Rectangle
GetRegionData
BitBlt
SetMapMode
GetPixel
ExtTextOutW
SetStretchBltMode
SelectObject
StartPage
SetBrushOrgEx
GetRgnBox
GetDIBits
SetWindowExtEx
ExtSelectClipRgn
CreateDIBitmap
GetEnhMetaFileHeader
SetViewportExtEx
PolyBezier
SelectPalette
SetAbortProc

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

PageSetupDlgW
CommDlgExtendedError
ChooseFontW
PrintDlgW

advapi32

CryptCreateHash
CryptEnumProvidersW
GetUserNameW
CryptDecrypt
RegDeleteKeyW
RegEnumValueW
CryptReleaseContext
RegisterEventSourceW
RegQueryValueExW
RegDeleteValueW
CryptAcquireContextW
CryptExportKey
DeregisterEventSource
CryptSignHashW
CryptSetHashParam
CryptGetProvParam
RegEnumKeyW
CryptDestroyHash
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
CryptGetUserKey
CryptDestroyKey
RegSetValueExW
ReportEventW

shell32

CommandLineToArgvW
SHGetFolderPathW
DragQueryPoint
ExtractIconExW
DragFinish
ExtractIconW
DragAcceptFiles
DragQueryFileW
ord6
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
ReleaseStgMedium
RevokeDragDrop
CoCreateInstance
CoLockObjectExternal
OleGetClipboard
OleFlushClipboard
CoTaskMemAlloc
OleIsCurrentClipboard
OleSetClipboard
RegisterDragDrop

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 346KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

cf81c58d07122f8f934a5c4b8d16a214

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

oleacc

uxtheme

ws2_32

wldap32

crypt32

shlwapi

msimg32

bcrypt

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 9.2MB - Virtual size: 9.2MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 346KB - Virtual size: 415KB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 245KB - Virtual size: 244KB

.text
Size: 9.2MB - Virtual size: 9.2MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 346KB - Virtual size: 415KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 245KB - Virtual size: 244KB