sai2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sai2.exe
Size

4.8MB
MD5

70063d47d530509b88ffead2ffdd2a74
SHA1

d651f814482e15d07730a37eeb84533c2a4c6edc
SHA256

6a014efb14514fd780fc68c325e618f2fd8d96ead436305fd29ed5ddf0288d51
SHA512

507c30787669211a630b6f7041259cf0f619169afe15837816866d9c6f96f60a10e0cf3f617ed166a6f5fb4e5c323431a0d48073dad2cd9945d20e43e89e7edf
SSDEEP

49152:zkknavbUevcUiNIWVf/xjrUpBI4pjP23uTGtnTJa9c:zzqbUMcUiNIWVf/VrUpJpjPUuTGtF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sai2.exe

Files

sai2.exe
.exe windows:5 windows x86 arch:x86

a18518bf48fcfebd08c1a04292013bee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileW
MapViewOfFile
CreateFileMappingW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
SetEvent
ResetEvent
WaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
WaitForMultipleObjects
CreateEventW
CreateSemaphoreW
GlobalUnlock
GlobalLock
SwitchToThread
ReleaseSemaphore
CompareStringW
GetDiskFreeSpaceExW
CompareFileTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
SetStdHandle
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleCP
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
SetEndOfFile
FindFirstFileW
GetStdHandle
LCMapStringA
LCMapStringW
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapReAlloc
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
RtlUnwind
CreateThread
ExitThread
GetConsoleMode
HeapAlloc
VirtualProtect
InterlockedDecrement
InterlockedIncrement
HeapFree
SetFileTime
ReadFile
RemoveDirectoryW
CreateDirectoryW
MoveFileW
DeleteFileW
GetFileAttributesW
FlushViewOfFile
GetModuleFileNameA
UnmapViewOfFile
SetFilePointerEx
GetFileSizeEx
GetEnvironmentVariableW
DebugBreak
VirtualFree
VirtualAlloc
GetSystemInfo
GetCPInfo
GetVersionExW
GetCurrentProcess
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
DeviceIoControl
GetModuleHandleW
LocalAlloc
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
RaiseException
LoadLibraryW
lstrlenA
FormatMessageW
FlushFileBuffers
GetFileSize
CreateFileW
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetCommandLineW
GetModuleFileNameW
GetPrivateProfileStringW
LocalFree
GetTickCount
Sleep
CreateMutexW
GetLastError
GetCurrentThread
SetThreadPriority
GetProcAddress
CreateFileA
CloseHandle

user32

LoadIconW
GetClassLongW
SetWindowPlacement
SetCapture
ReleaseCapture
EnumThreadWindows
EnumChildWindows
DrawIconEx
WaitMessage
SetActiveWindow
MonitorFromWindow
GetCapture
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
ScreenToClient
GetWindowThreadProcessId
SetWindowPos
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetAncestor
GetFocus
IsChild
GetNextDlgTabItem
EndDeferWindowPos
BeginDeferWindowPos
SetParent
GetDlgItem
SetCaretPos
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
ShowCaret
mouse_event
DestroyCaret
HideCaret
GetMessagePos
SetTimer
PostQuitMessage
DestroyWindow
GetMenuInfo
SetForegroundWindow
ReplyMessage
ShowWindow
IsIconic
SetClipboardData
CloseClipboard
OpenClipboard
DispatchMessageW
TranslateMessage
PeekMessageW
SetFocus
SendMessageW
MsgWaitForMultipleObjects
AppendMenuW
RegisterClipboardFormatW
GetWindow
GetTopWindow
IsZoomed
GetWindowPlacement
MonitorFromRect
GetMonitorInfoW
GetParent
SetCursor
SetWindowRgn
ClientToScreen
CheckMenuItem
EnableMenuItem
SendInput
GetAsyncKeyState
CreateCaret
DeferWindowPos
DestroyIcon
GetMenuItemCount
GetMenuItemInfoW
GetKeyState
SetScrollPos
SetScrollRange
SetScrollInfo
GetScrollPos
CreateMenu
DestroyMenu
InsertMenuItemW
SetMenuInfo
CreatePopupMenu
SetPropW
GetPropW
GetWindowDC
GetClientRect
FrameRect
SetLayeredWindowAttributes
KillTimer
MapWindowPoints
RedrawWindow
GetSysColor
LoadCursorW
RegisterClassExW
EnableWindow
UpdateWindow
GetMessageW
GetWindowLongW
BeginPaint
FillRect
EndPaint
GetDC
DrawTextW
ReleaseDC
GetSystemMetrics
CreateWindowExW
MessageBeep
AdjustWindowRectEx
GetWindowRect
SystemParametersInfoW
MoveWindow
GetSystemMenu
DeleteMenu
SetWindowLongW
DefWindowProcW
PostMessageW
MessageBoxW
ScrollWindowEx

gdi32

CreateCompatibleBitmap
GetCurrentObject
CreateCompatibleDC
CreateRectRgn
CreateRectRgnIndirect
ExtCreateRegion
CombineRgn
GetRegionData
GetTextMetricsW
CreateFontIndirectW
CreateDIBSection
GetGlyphOutlineW
ExtSelectClipRgn
OffsetClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetTextExtentExPointW
ExtTextOutW
RectVisible
CreateDIBitmap
EnumFontFamiliesExW
SetDIBitsToDevice
CreateSolidBrush
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps
SetTextColor
SelectObject
GetStockObject
GetCharacterPlacementW
SetBkMode
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

EqualSid
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegCloseKey

shell32

SHGetSettings
SHFileOperationW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetDataFromIDListW
ord21
CommandLineToArgvW
SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
DragAcceptFiles

ole32

DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleDuplicateData
ReleaseStgMedium
StringFromIID
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

imm32

ImmAssociateContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext
ImmAssociateContextEx
ImmGetCompositionStringW

comctl32

ImageList_GetIcon
ImageList_GetIconSize

shlwapi

StrRetToBufW
PathCanonicalizeW
PathIsRelativeW

rpcrt4

UuidCreate

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.srclibs
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.appskin
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a18518bf48fcfebd08c1a04292013bee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

comctl32

shlwapi

rpcrt4

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.code Size: 2KB - Virtual size: 2KB

.rdata Size: 309KB - Virtual size: 308KB

.data Size: 22KB - Virtual size: 170KB

.shared Size: 512B - Virtual size: 4B

.tls Size: 2KB - Virtual size: 2KB

.srclibs Size: 351KB - Virtual size: 350KB

.appskin Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 550KB - Virtual size: 550KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.code
Size: 2KB - Virtual size: 2KB

.rdata
Size: 309KB - Virtual size: 308KB

.data
Size: 22KB - Virtual size: 170KB

.shared
Size: 512B - Virtual size: 4B

.tls
Size: 2KB - Virtual size: 2KB

.srclibs
Size: 351KB - Virtual size: 350KB

.appskin
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 550KB - Virtual size: 550KB