359b9bb6943bd6c1a6d0e73d44ed56d4e3eeb4d14d48949adb97e27bf9ada850

Sharing

Copy URL Twitter E-mail

General

Target

359b9bb6943bd6c1a6d0e73d44ed56d4e3eeb4d14d48949adb97e27bf9ada850
Size

15.1MB
MD5

3567639a486c911a999c57e59e7933be
SHA1

d6daeca8e64e06d663b82a5488b6e3306530f511
SHA256

359b9bb6943bd6c1a6d0e73d44ed56d4e3eeb4d14d48949adb97e27bf9ada850
SHA512

9c98df48499d8d3d1b49fb5e1e8fc4b4f10797c432786d10e441f57f4ab423272db560a86a59d7928b1546c2ec22b0edae0005c3851cb5775026894f0ea64fa4
SSDEEP

393216:MwIYcIDo51iHel9fcONv5di47gnAyio0IVFTZnC2Ebi7Rfu4ug:osU59Hv5EA20SCNG7Jz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
359b9bb6943bd6c1a6d0e73d44ed56d4e3eeb4d14d48949adb97e27bf9ada850

Files

359b9bb6943bd6c1a6d0e73d44ed56d4e3eeb4d14d48949adb97e27bf9ada850
.exe windows:5 windows x86 arch:x86

696cc028b2f557ef6d9c06c8cc5d5189

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\qaxProject\tools_script\SkylarTS\skylarts\bin\Release\pdb\SkylarTS.exe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegSetValueW
RegEnumKeyW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegOpenKeyW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathStripToRootW
PathFileExistsA
SHGetValueW
PathIsDirectoryW
PathIsUNCW

ws2_32

bind
getsockopt
ntohs
shutdown
gethostname
ioctlsocket
listen
accept
recvfrom
__WSAFDIsSet
select
WSASetLastError
WSAStartup
socket
closesocket
WSACleanup
htons
connect
WSAGetLastError
getpeername
freeaddrinfo
getaddrinfo
recv
sendto
send
setsockopt
getsockname

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ole32

OleCreateMenuDescriptor
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoUninitialize
CoInitializeEx
OleTranslateAccelerator
IsAccelerator
OleDestroyMenuDescriptor
CoTaskMemFree

kernel32

GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
WriteFile
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
RemoveDirectoryW
GetModuleFileNameW
MoveFileExW
GetStartupInfoW
CreateProcessW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileAttributesW
GetPrivateProfileStringW
GetCommandLineW
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetCurrentProcess
ReadFile
SetFilePointer
lstrlenW
GetFileSize
SetEndOfFile
FlushFileBuffers
FreeResource
InitializeCriticalSection
GetTempFileNameW
GetFileSizeEx
LocalAlloc
LocalFree
lstrcmpA
DeleteFileA
MoveFileExA
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
FormatMessageA
LoadLibraryW
FormatMessageW
GetVersionExW
GetFileAttributesA
GetFileAttributesW
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection
GetCurrentProcessId
GetTempPathA
GetSystemTime
CreateThread
lstrlenA
GetComputerNameExW
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetCurrentThreadId
GetModuleHandleA
GetVersion
GlobalMemoryStatus
FindFirstFileA
FlushConsoleInputBuffer
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpW
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
GetVersionExA
CompareStringW
GlobalFindAtomW
ResumeThread
SetFileTime
GetFileTime
GlobalGetAtomNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetThreadLocale
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentDirectoryW
GlobalFlags
MoveFileW
GetStringTypeExW
lstrcmpiW
DuplicateHandle
GetVolumeInformationW
GetShortPathNameW
LocalFileTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetFileInformationByHandle
GetDriveTypeA
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RtlUnwind
HeapSize
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetConsoleCP
GetTimeFormatA
GetDateFormatA
SetStdHandle
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
AreFileApisANSI
GetFullPathNameW
CreateFileW
LockFileEx

user32

SetWindowRgn
KillTimer
RedrawWindow
SetCursorPos
IsZoomed
DeleteMenu
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DestroyIcon
CharUpperW
GetMenuItemInfoW
UnregisterClassW
CreateMenu
GetTabbedTextExtentA
WindowFromPoint
UpdateWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowTextLengthW
GetWindowTextW
SetFocus
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SendDlgItemMessageW
DrawIcon
GetDlgItem
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
RegisterClipboardFormatW
PostMessageW
PostQuitMessage
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
InflateRect
DrawEdge
LoadCursorW
SetCursor
SetCapture
ReleaseCapture
GetCapture
PtInRect
GetSysColorBrush
InvalidateRect
LoadBitmapW
wsprintfW
GetClientRect
EnableMenuItem
LoadIconW
GetClassInfoW
SetTimer
GetParent
OffsetRect
ReleaseDC
SendMessageW
EnableWindow
MessageBoxW
GetWindowRect
GetDC
ShowWindow
SetForegroundWindow
FindWindowW
IsRectEmpty
SystemParametersInfoW
IsWindowVisible
DestroyCursor
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
ShowOwnedPopups
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetFocus

gdi32

ExtTextOutW
CreateCompatibleBitmap
DeleteObject
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
CreateCompatibleDC
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
BitBlt
GetWindowOrgEx
GetTextExtentPoint32A
GetTextFaceW
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
CreatePen
CreateSolidBrush
DPtoLP
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetViewportOrgEx
Rectangle
PatBlt
CreateRectRgnIndirect
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
GetDeviceCaps

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

oledlg

OleUIBusyW

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

wldap32

ord118
ord41
ord46
ord301
ord167
ord147
ord224
ord97
ord140
ord127
ord27
ord26
ord36
ord208
ord73
ord88
ord14
ord16
ord145

Exports

Exports

libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_signal
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_free
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_scp_recv
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_banner_get
libssh2_session_banner_set
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_timeout
libssh2_session_handshake
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_timeout
libssh2_session_startup
libssh2_session_supported_algs
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_get_channel
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26.8MB - Virtual size: 26.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

696cc028b2f557ef6d9c06c8cc5d5189

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shlwapi

ws2_32

version

ole32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

oledlg

oleaut32

wldap32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 429KB - Virtual size: 429KB

.data Size: 50KB - Virtual size: 76KB

.rsrc Size: 26.8MB - Virtual size: 26.8MB

.reloc Size: 186KB - Virtual size: 185KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 429KB - Virtual size: 429KB

.data
Size: 50KB - Virtual size: 76KB

.rsrc
Size: 26.8MB - Virtual size: 26.8MB

.reloc
Size: 186KB - Virtual size: 185KB