a17f5b126f39a73b86bec5384ad84486

Sharing

Copy URL Twitter E-mail

General

Target

a17f5b126f39a73b86bec5384ad84486
Size

919KB
MD5

a17f5b126f39a73b86bec5384ad84486
SHA1

67da419d0e1486589a93793b3784897c09bd51a4
SHA256

da39fb6da5e5768cd68e649cf74ce342932001770c757408269a7e7a4f1030f6
SHA512

27a3ddfcfc1a0bc49aec2e2fe244ab33749ff019defe6eb22373d35155a6da19ffacfcd2e156580987447269aca8a042551fd420c8ded918f299d97429471c04
SSDEEP

24576:xpy/rEGBrku2BfHnLQROlXaeKeOo3JV+KiMnRx7cJAdYVnC:q/rh2peOlXdvJV+anbDYVC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Skinchanger 2.0.8.exe

Files

a17f5b126f39a73b86bec5384ad84486
.rar
Skinchanger 2.0.8.exe
.exe windows:6 windows x64 arch:x64

df6d5b1859cb07fde9d123a5b571338b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
GetNativeSystemInfo
RaiseException
DecodePointer
lstrcmpiW
GetModuleFileNameA
CreateFileA
MultiByteToWideChar
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetThreadLocale
GetLocaleInfoEx
LCIDToLocaleName
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
FormatMessageW
SetEvent
TerminateThread
TlsAlloc
QueueUserAPC
CreateWaitableTimerA
LocalFree
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
FormatMessageA
CreateIoCompletionPort
GetModuleHandleA
GetFileAttributesW
InitializeCriticalSectionEx
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
SetLastError
FindClose
HeapReAlloc
GetTimeZoneInformation
GetFileAttributesExW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
GetStdHandle
ExitProcess
ExitThread
CreateDirectoryW
GetTickCount64
GetCurrentThread
GetLastError
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetCurrentProcess
DeleteCriticalSection
CloseHandle
CreateFileW
InitializeCriticalSection
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
SwitchToThread
WaitForSingleObjectEx
TryEnterCriticalSection
GetModuleHandleExW
QueueUserWorkItem
RtlUnwind
IsProcessorFeaturePresent
LeaveCriticalSection
DeviceIoControl
FindFirstFileExW
EnterCriticalSection
RtlPcToFileHeader
GetSystemInfo
OpenThread
GetThreadTimes
SuspendThread
FreeLibrary
LoadLibraryW
VirtualQueryEx
SetThreadContext
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
VirtualFree
VirtualAlloc
TerminateProcess
ResumeThread
CreateProcessW
GetExitCodeProcess
CreateActCtxW
WriteFile
GetTempPathW
UnmapViewOfFile
DeleteFileW
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
GetWindowsDirectoryW
DuplicateHandle
ResetEvent
GetTickCount
Thread32Next
Thread32First
GetCurrentThreadId
GetCurrentProcessId
ReadFile
CreateNamedPipeW
CreateThread
GetExitCodeThread
IsWow64Process
WriteProcessMemory
VirtualProtectEx
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx

user32

GetDesktopWindow
PostQuitMessage
SetCapture
CreateWindowExA
DispatchMessageA
DefWindowProcA
RegisterClassA
SetWindowPos
LoadCursorA
GetWindowRect
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
MessageBoxW
IsChild
ClientToScreen
ScreenToClient
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
ShowWindow
SetFocus
TranslateMessage
UpdateWindow
SetForegroundWindow
wsprintfW
UnregisterClassA
MessageBoxA
GetForegroundWindow
PeekMessageA

advapi32

RegSetValueExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW

shell32

SHFileOperationW
ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

d3dx9_43

D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

shlwapi

SHDeleteKeyW

ws2_32

closesocket
bind
accept
WSACleanup
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
htonl
shutdown
WSARecv
WSAAddressToStringW
connect
getpeername
getaddrinfo
WSASocketW
WSASetLastError
ntohl
select
WSASend
WSAIoctl
__WSAFDIsSet
listen
WSAStartup
inet_addr
getsockname
send
socket
ntohs
getsockopt
htons

xinput1_3

ord4
ord2

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpen
WinHttpReadData

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df6d5b1859cb07fde9d123a5b571338b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

d3dx9_43

d3d9

shlwapi

ws2_32

xinput1_3

imm32

winhttp

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 611KB - Virtual size: 611KB

.data Size: 63KB - Virtual size: 77KB

.pdata Size: 63KB - Virtual size: 62KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 611KB - Virtual size: 611KB

.data
Size: 63KB - Virtual size: 77KB

.pdata
Size: 63KB - Virtual size: 62KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 9KB - Virtual size: 8KB