8608d7b68678f8f30d7417e8a64f448f

Sharing

Copy URL

Twitter E-mail

General

Target

8608d7b68678f8f30d7417e8a64f448f
Size

890KB
MD5

8608d7b68678f8f30d7417e8a64f448f
SHA1

258c17625eb470a8d1ab2e2decf8246d6d29781f
SHA256

d461c8315542fa6f831cf5bb155e44e393a25e3daf8a97d1d92722d6c164e993
SHA512

faefad689dc5701669f95a28edfae29450725ffbcb4bb3f00e7cc5795eeeb67ebacd52d061456dfd7cefefc70e6ec8e3bcebaaf9f63be172fa3caaf4fb69163f
SSDEEP

24576:7y0Ci87/phjCUwWFbF6ix/TDXrb+7jBEijCotPA:7yvnDWUwWFkiDXrb+7h+SPA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Skinchanger.exe

Files

8608d7b68678f8f30d7417e8a64f448f
.zip
Skinchanger.exe
.exe windows:6 windows x86 arch:x86

d10dbe178ac40ea5076dd1979f11a4f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Source Main\SkinChangerLauncher\Release\Skinchanger.pdb

Imports

kernel32

Sleep
GetTickCount64
Process32NextW
Process32FirstW
RaiseException
DecodePointer
GetProcAddress
DeleteCriticalSection
ExitProcess
lstrcmpiW
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateToolhelp32Snapshot
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
FormatMessageW
SetEvent
TerminateThread
TlsAlloc
QueueUserAPC
CreateWaitableTimerA
LocalFree
VerSetConditionMask
WideCharToMultiByte
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
FormatMessageA
CreateIoCompletionPort
GetModuleHandleA
InitializeCriticalSectionEx
GetModuleFileNameA
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
CreateFileA
GetQueuedCompletionStatus
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WriteConsoleW
GetFileType
GetStdHandle
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
VirtualFree
GetCurrentProcess
VirtualAlloc
TerminateProcess
InitializeCriticalSection
ResumeThread
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
GetModuleHandleW
CreateActCtxW
WriteFile
GetTempPathW
CreateFileW
UnmapViewOfFile
DeleteFileW
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
GetWindowsDirectoryW
DuplicateHandle
GetCurrentThread
ResetEvent
GetTickCount
Thread32Next
Thread32First
GetCurrentThreadId
GetCurrentProcessId
ReadFile
CreateNamedPipeW
CreateThread
GetExitCodeThread
OpenProcess
GetNativeSystemInfo
IsWow64Process
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
LoadLibraryW
FreeLibrary
SuspendThread
GetThreadTimes
OpenThread
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetStringTypeW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
DeviceIoControl

user32

MessageBoxA
RegisterClassA
DefWindowProcA
ShowWindow
DispatchMessageA
LoadCursorA
CreateWindowExA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
ReleaseCapture
GetClientRect
SetCursor
TranslateMessage
SetWindowPos
SetCapture
wsprintfW
GetWindowRect
GetKeyState
UpdateWindow
GetDesktopWindow
PostQuitMessage
UnregisterClassA
PeekMessageA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

ws2_32

inet_addr
getsockname
send
socket
ntohs
__WSAFDIsSet
WSAIoctl
WSASend
select
WSAStartup
shutdown
closesocket
bind
accept
WSACleanup
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
WSARecv
WSAAddressToStringW
connect
getpeername
getaddrinfo
WSASocketW
WSASetLastError
ntohl
listen

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

shlwapi

SHDeleteKeyW

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpReadData

advapi32

RegEnumValueW
RegOpenKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
OpenThreadToken
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Инструкция.txt

Sharing

General

Malware Config

Signatures

Files

d10dbe178ac40ea5076dd1979f11a4f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

ws2_32

d3d9

d3dx9_43

shlwapi

winhttp

advapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 487KB - Virtual size: 486KB

.data Size: 36KB - Virtual size: 60KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 57KB - Virtual size: 57KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 487KB - Virtual size: 486KB

.data
Size: 36KB - Virtual size: 60KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 57KB - Virtual size: 57KB