SIHClient[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SIHClient.exe
Size

420KB
MD5

267ed49c584d381868fa13f68701b810
SHA1

01174f0d7597c4395bab2244bea8544cf1947cd4
SHA256

436dd26ed291fcc85662eeffe8f74f6fe38c520e0fce00675b538902f0c3b7a8
SHA512

468b94eb7fb38c3f256453076eae26dd6cadea4b9acf4732e7bcbfdbf7f8fd4b19b24edd0c5dd43a8445bfb5b9799b4409ef623352db0c094d20888b871497fe
SSDEEP

12288:YNE9vyI8sM5CU65dNZcg7/kennfhU0Rhd:FByxGdNZcg7sQnfhU6b

Score

1^/10

Malware Config

Signatures

Files

SIHClient.exe
.exe windows:10 windows x64 arch:x64

2f653d0e9942af4923bac5199d0cef8b

Code Sign

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-02-2024 19:22

Not After

07-02-2025 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:64:b4:24:af:66:13:a7:db:eb:65:86:f2:01:ec:76:3c:af:5f:93:55:68:41:69:c9:60:8b:86:56:a2:42:bc
Signer

Actual PE Digest

6b:64:b4:24:af:66:13:a7:db:eb:65:86:f2:01:ec:76:3c:af:5f:93:55:68:41:69:c9:60:8b:86:56:a2:42:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SIHClient.pdb

Imports

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate
UuidFromStringW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitializeEx
IIDFromString
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
LoadResource
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
RaiseException
GetLastError

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
HeapSetInformation

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
OpenSemaphoreW
ReleaseSemaphore
EnterCriticalSection
OpenMutexW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateMutexW
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
AcquireSRWLockExclusive

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wsplitpath_s
_o__wtoi
_o__wtoi64
_o__wtol
_o_abort
_o_exit
_o_free
_o_iswalnum
_o_iswalpha
_o_malloc
_o_qsort
_o_rand
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcstoul
_o____lc_codepage_func
_o__free_base
_o__exit
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
_o___p___wargv
_o___p___argc
_o__cexit
_o__calloc_base
_o__callnewh

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetSystemTime
GetSystemWindowsDirectoryW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
CreateWellKnownSid
ImpersonateLoggedOnUser
RevertToSelf
SetSecurityDescriptorDacl
IsValidSid
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
DuplicateTokenEx
CopySid
GetLengthSid
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree
FlsAlloc
FlsGetValue

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

iphlpapi

GetNetworkConnectivityHint

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f653d0e9942af4923bac5199d0cef8b

Code Sign

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

6b:64:b4:24:af:66:13:a7:db:eb:65:86:f2:01:ec:76:3c:af:5f:93:55:68:41:69:c9:60:8b:86:56:a2:42:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-apiquery-l2-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

ntdll

api-ms-win-crt-runtime-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

iphlpapi

api-ms-win-core-winrt-l1-1-0

Sections

.text Size: 286KB - Virtual size: 285KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 12KB - Virtual size: 12KB

.didat Size: 1024B - Virtual size: 968B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6b:64:b4:24:af:66:13:a7:db:eb:65:86:f2:01:ec:76:3c:af:5f:93:55:68:41:69:c9:60:8b:86:56:a2:42:bc
Signer

.text
Size: 286KB - Virtual size: 285KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 968B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB