w1qKM1s1Xyb4l2u
Overview
overview
10Static
static
3Shxdow/Shxdow.exe
windows7-x64
10Shxdow/Shxdow.exe
windows10-1703-x64
10Shxdow/Shxdow.exe
windows10-2004-x64
10Shxdow/Shxdow.exe
windows11-21h2-x64
10Shxdow/data.dll
windows7-x64
1Shxdow/data.dll
windows10-1703-x64
1Shxdow/data.dll
windows10-2004-x64
1Shxdow/data.dll
windows11-21h2-x64
1Shxdow/mac...47.dll
windows7-x64
1Shxdow/mac...47.dll
windows10-1703-x64
1Shxdow/mac...47.dll
windows10-2004-x64
1Shxdow/mac...47.dll
windows11-21h2-x64
1Shxdow/recsist.dll
windows7-x64
1Shxdow/recsist.dll
windows10-1703-x64
1Shxdow/recsist.dll
windows10-2004-x64
1Shxdow/recsist.dll
windows11-21h2-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Shxdow/Shxdow.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Shxdow/Shxdow.exe
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
Shxdow/Shxdow.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral4
Sample
Shxdow/Shxdow.exe
Resource
win11-20231222-en
Behavioral task
behavioral5
Sample
Shxdow/data.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Shxdow/data.dll
Resource
win10-20231215-en
Behavioral task
behavioral7
Sample
Shxdow/data.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral8
Sample
Shxdow/data.dll
Resource
win11-20231215-en
Behavioral task
behavioral9
Sample
Shxdow/macro3dcompiler_47.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
Shxdow/macro3dcompiler_47.dll
Resource
win10-20231215-en
Behavioral task
behavioral11
Sample
Shxdow/macro3dcompiler_47.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral12
Sample
Shxdow/macro3dcompiler_47.dll
Resource
win11-20231222-en
Behavioral task
behavioral13
Sample
Shxdow/recsist.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
Shxdow/recsist.dll
Resource
win10-20231215-en
Behavioral task
behavioral15
Sample
Shxdow/recsist.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral16
Sample
Shxdow/recsist.dll
Resource
win11-20231222-en
General
-
Target
Shxdow.rar
-
Size
1.8MB
-
MD5
8091fc4661df5172fc82439449a796d5
-
SHA1
f4d536f2e083fff59b94ba84ea836ae705f825c7
-
SHA256
768841c79c0b8775e1937aac5dc90d0f8d56bf6eece590244666dafbb315d8fd
-
SHA512
579b165e7f7d853d0ba0521019099b860dd8603f7406a444e9a61371ae0c422007faa7b425e98323948c5f670b225f659930c010c354ff9d28830662a9d3dc9d
-
SSDEEP
49152:D7xLJ6N8CoWez0L6ug5HNLcejIvioq95BpkFTPeRH:DFU2Cc0e5eejB7qFjeZ
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Shxdow/Shxdow.exe unpack001/Shxdow/data.ini unpack001/Shxdow/macro3dcompiler_47.dll
Files
-
Shxdow.rar.rar
Password: Shxdow
-
Shxdow/README.txt
-
Shxdow/Shxdow.exe.exe windows:6 windows x86 arch:x86
Password: Shxdow
e752126f7ead8b7c9b1a7360355346dc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualAlloc
LoadLibraryA
GetProcAddress
VirtualProtect
lstrlenW
CreateThread
Sleep
WaitForSingleObject
FreeConsole
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
EncodePointer
DecodePointer
InitializeCriticalSectionEx
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
HeapSize
WriteConsoleW
Exports
Exports
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 300KB - Virtual size: 303KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.ukkM Size: 68KB - Virtual size: 72KB
IMAGE_SCN_MEM_READ
-
Shxdow/data.ini.dll windows:6 windows x64 arch:x64
Password: Shxdow
f143e2868efde0fcb493bd3051708a62
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
api-ms-win-crt-runtime-l1-1-0
terminate
abort
api-ms-win-crt-heap-l1-1-0
calloc
malloc
free
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
api-ms-win-crt-convert-l1-1-0
atol
kernel32
GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
RtlUnwindEx
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
Exports
Exports
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr
Sections
.text Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 396B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Shxdow/macro3dcompiler_47.dll.dll windows:10 windows x64 arch:x64
Password: Shxdow
4004e7f7eff525b82926d9696cb4db19
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
msvcrt
_unlock
_lock
??1type_info@@UEAA@XZ
strncpy_s
malloc
_strnicmp
atoi
isdigit
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
_isnan
_purecall
__isascii
_clearfp
_controlfp
_strdup
_mbstrlen
_vsnwprintf
strtoul
isxdigit
isalpha
atof
strchr
setlocale
strnlen
__dllonexit
modf
isspace
wcsncmp
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
bsearch
qsort
strcat_s
strstr
_onexit
memcmp
strcmp
_snwprintf_s
__unDName
fread
fseek
_wfsopen
wcstoul
_fileno
sscanf_s
_filelengthi64
towlower
_wcsnicmp
_wsplitpath_s
wcscpy_s
wcsncat_s
wcsrchr
swprintf_s
_wfullpath
_wmakepath_s
_time64
_chsize_s
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
_wcsdup
wcscat_s
ftell
_mbscmp
_memicmp
_wgetenv
toupper
_atoi64
_errno
strtod
__CxxFrameHandler3
_strtoui64
?terminate@@YAXXZ
_CxxThrowException
tan
strrchr
tolower
_finite
_fpclass
memmove
strcpy_s
memcpy_s
isalnum
getenv
free
_stricmp
sprintf_s
_vsnprintf
strncmp
_wsopen
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
floorf
fmod
log
pow
sin
sinh
sqrt
tanh
kernel32
GetModuleFileNameA
GetEnvironmentVariableA
HeapCreate
lstrcmpiA
CreateFileA
SetLastError
FlushViewOfFile
MapViewOfFileEx
SetFilePointer
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
DeviceIoControl
SetFilePointerEx
SetEndOfFile
GetFileType
DeleteFileW
SetFileAttributesW
LCMapStringW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
LoadLibraryExW
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
advapi32
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
CryptDestroyHash
RegCloseKey
rpcrt4
UuidCreate
Exports
Exports
D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 868KB - Virtual size: 867KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 38KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Shxdow/recsist.dll