Static task
static1
General
-
Target
sh2pc.exe
-
Size
5.9MB
-
MD5
f3f5360298b6d0f6f2e09cf24a0925d1
-
SHA1
9cfb34b42da3a40975a1afa8df92c0335aeef43a
-
SHA256
f067357c3ac7815e900be6c0d3e633d7ae722bb11951a9d62a54368cc208349d
-
SHA512
ba3a19b4f6f753684b3811148e24c6294998ba6157c719b7948fb68d30660896943ef0291e4464394a2a3eabbaf00dca472fbe3986e7adca503dd796155f1484
-
SSDEEP
98304:T+pkCp6kQNhLc19FNVdlt19JO2+muUDjvmqQBu:T+OCp6kyKXeu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource sh2pc.exe
Files
-
sh2pc.exe.exe windows:4 windows x86 arch:x86
dee42612ffbca09e48971aafc579814b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
timeSetEvent
timeKillEvent
timeGetTime
timeBeginPeriod
timeEndPeriod
dinput8
DirectInput8Create
kernel32
LoadLibraryA
GetProcAddress
GetModuleHandleA
WriteFile
GetLastError
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
CreateFileW
WideCharToMultiByte
GetVersionExA
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetDriveTypeA
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetStartupInfoA
ExitProcess
lstrcmpiA
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
CloseHandle
GetFullPathNameA
lstrlenA
GetExitCodeThread
CreateMutexA
FindResourceW
GlobalMemoryStatus
Sleep
ExitThread
GetSystemTimeAsFileTime
SystemTimeToFileTime
CopyFileA
WaitForSingleObject
ReleaseMutex
FindFirstFileA
FindNextFileA
FindClose
GetOverlappedResult
SetFileAttributesA
GetDiskFreeSpaceExA
GetLocalTime
DeleteFileA
OutputDebugStringA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ReadFile
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
GetUserDefaultLangID
ResumeThread
SetThreadPriority
SetFilePointer
lstrcpyA
GetThreadPriority
GetCurrentThread
lstrcatA
SuspendThread
PulseEvent
SetThreadPriorityBoost
CreateThread
ReleaseSemaphore
GetSystemDirectoryA
GetOEMCP
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
SetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetEnvironmentStrings
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
SetPriorityClass
GetPriorityClass
GetCurrentProcess
FreeLibrary
TerminateProcess
DeviceIoControl
CreateSemaphoreA
FreeEnvironmentStringsA
RaiseException
GetTempPathA
SetLastError
GetTimeZoneInformation
GetSystemTime
GetEnvironmentVariableA
RtlUnwind
GetCommandLineA
GetVersion
FlushFileBuffers
GetModuleFileNameA
HeapReAlloc
VirtualFree
VirtualAlloc
IsBadWritePtr
user32
LoadCursorA
wsprintfA
MessageBoxA
RegisterClassExA
UpdateWindow
ShowWindow
CreateWindowExA
DefWindowProcA
SendMessageA
PostQuitMessage
EndPaint
BeginPaint
DispatchMessageA
TranslateMessage
PeekMessageA
GetCursorPos
SetSystemCursor
LoadCursorFromFileA
LoadImageA
CopyImage
gdi32
DeleteObject
advapi32
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
msvcr70
fputs
fprintf
strtoul
strtok
fgets
??_U@YAPAXI@Z
ceil
puts
strncat
_strnicmp
_c_exit
_exit
_XcptFilter
_cexit
_aligned_free
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
_controlfp
_aligned_malloc
_CIasin
??0exception@@QAE@ABV0@@Z
_acmdln
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strncmp
strncpy
??_V@YAXPAX@Z
wcslen
iswascii
strstr
_beginthread
qsort
fseek
ftell
srand
vsprintf
fread
fwrite
fclose
calloc
_finite
_ftol
isspace
isdigit
_setjmp3
longjmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
fopen
exit
malloc
free
sprintf
printf
_CIpow
_CIfmod
floor
_CIacos
_stricmp
__security_error_handler
msvcp70
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
d3d8
Direct3DCreate8
dsound
ord11
binkw32
_BinkCopyToBuffer@28
_BinkPause@8
_BinkSetSoundOnOff@8
_BinkOpen@8
_BinkSetSoundTrack@8
_BinkSetSoundSystem@8
_BinkOpenDirectSound@4
_BinkClose@4
_BinkNextFrame@4
_BinkDoFrame@4
_BinkWait@4
ole32
CoInitialize
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.6MB - Virtual size: 29.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.cms_t Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.cms_d Size: 448KB - Virtual size: 447KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE