Static task
static1
Behavioral task
behavioral1
Sample
SkinChanger.exe_953268.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
SkinChanger.exe_953268.exe
Resource
win10v2004-20240709-en
General
-
Target
SkinChanger.exe_953268.exe
-
Size
24.2MB
-
MD5
5bf35743e8d95bf6a58a783f7186f5ff
-
SHA1
35c1e3468577dceda6e2691adee9642e1df5e348
-
SHA256
56cf9c4fc2a8ec81c9e5e5737f43da14ff95c3c19e06c2b006389626bb63ae06
-
SHA512
9dfde0ce2091ebbfdac581c918cda5ac4589aa60a0130f82655a6feba078cff0666446f6582f612031d7244f5481388c304ae33b0e3b3277d7871fcac3eb0d7f
-
SSDEEP
786432:h+r4Outm8Fg6L6eakPnjlMJAuCZDDZTK7Q:hm0/iJAVDt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource SkinChanger.exe_953268.exe
Files
-
SkinChanger.exe_953268.exe.exe windows:6 windows x86 arch:x86
Password: infected
bc285e9d6ae92fa72681bd568018af9b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
RaiseException
GetCurrentThreadId
FindFirstFileExA
GetStringTypeW
GetFullPathNameW
GetFileAttributesExW
IsProcessorFeaturePresent
GetSystemInfo
GetOEMCP
CompareStringW
RtlUnwind
WaitForMultipleObjects
GetModuleFileNameA
CreateEventW
GlobalUnlock
TlsAlloc
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
CreateDirectoryW
CreateFileW
DecodePointer
ExitThread
DeleteCriticalSection
LCMapStringEx
InitializeSListHead
GetEnvironmentStringsW
RemoveDirectoryW
GetDriveTypeW
IsValidCodePage
MoveFileExW
SetFileTime
GetTimeFormatW
GetEnvironmentVariableA
ReadFile
GetCurrentDirectoryW
FileTimeToSystemTime
GetFileType
CloseHandle
FreeLibraryAndExitThread
GetProcessAffinityMask
MoveFileW
ReleaseSRWLockExclusive
SetLastError
GetCPInfo
WriteConsoleW
GetVersionExW
GetProcessHeap
GetUserDefaultLCID
GetCurrentProcessId
GetModuleFileNameW
GlobalLock
SetEnvironmentVariableA
GetStartupInfoW
GlobalMemoryStatus
CompareFileTime
GetCommandLineW
GetSystemDirectoryW
PeekNamedPipe
MultiByteToWideChar
WaitForSingleObjectEx
SetPriorityClass
GetModuleHandleW
GetDateFormatW
FreeLibrary
SetFileAttributesW
EnumSystemLocalesW
IsValidLocale
EncodePointer
FileTimeToLocalFileTime
GetModuleHandleA
FlushFileBuffers
GetFileAttributesW
GetLastError
IsDebuggerPresent
QueryPerformanceFrequency
VirtualFree
HeapSize
SetFilePointer
SetStdHandle
CreateSemaphoreW
FindNextFileW
InitializeCriticalSectionEx
lstrlenA
LoadLibraryW
GetTickCount
TlsFree
SystemTimeToTzSpecificLocalTime
DeleteFileW
GetConsoleMode
GetTimeZoneInformation
QueryPerformanceCounter
GetACP
TerminateProcess
LocalFree
HeapReAlloc
GetConsoleCP
SetEvent
GetTickCount64
CreateThread
InitializeCriticalSection
GetFileInformationByHandle
GlobalAlloc
HeapFree
AcquireSRWLockExclusive
Sleep
LoadLibraryA
FormatMessageW
SetUnhandledExceptionFilter
SetEndOfFile
TlsSetValue
GetCommandLineA
GetFileSize
SleepEx
LeaveCriticalSection
FindClose
GetLogicalDriveStringsW
FindNextFileA
TlsGetValue
GetFileSizeEx
LCMapStringW
GlobalFree
WaitForSingleObject
ReleaseSemaphore
ReadConsoleW
VerifyVersionInfoW
FreeEnvironmentStringsW
ExitProcess
UnhandledExceptionFilter
GetStdHandle
GetProcAddress
GetVersion
WriteFile
GetModuleHandleExW
LoadLibraryExW
VerSetConditionMask
GetSystemTimeAsFileTime
FindFirstFileW
VirtualAlloc
ResetEvent
WideCharToMultiByte
SetFilePointerEx
EnterCriticalSection
HeapAlloc
user32
LoadCursorW
GetParent
GetKeyState
CharUpperW
ScreenToClient
GetFocus
ShowWindow
IsDlgButtonChecked
GetWindowTextLengthW
LoadIconW
SetDlgItemTextW
GetWindowTextW
SystemParametersInfoW
SetTimer
GetDlgItem
MapDialogRect
OpenClipboard
PostMessageW
MonitorFromWindow
EnableWindow
GetWindowRect
InvalidateRect
GetWindowLongW
wsprintfA
CheckDlgButton
EmptyClipboard
CloseClipboard
KillTimer
DialogBoxParamW
EndDialog
SetWindowLongW
SendMessageW
SetFocus
SetCursor
MessageBoxW
GetMonitorInfoA
SetWindowTextW
LoadStringW
SetClipboardData
MoveWindow
advapi32
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
CryptImportKey
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
shell32
SHGetPathFromIDListW
SHGetFileInfoW
SHBrowseForFolderW
ole32
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleInitialize
oleaut32
SysFreeString
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
ws2_32
__WSAFDIsSet
select
accept
connect
getsockname
htonl
setsockopt
recv
socket
freeaddrinfo
WSACloseEvent
recvfrom
sendto
getpeername
ioctlsocket
gethostname
htons
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAResetEvent
WSAEnumNetworkEvents
WSACreateEvent
WSAEventSelect
getaddrinfo
WSAWaitForMultipleEvents
WSAIoctl
send
listen
getsockopt
bind
crypt32
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CryptQueryObject
CryptDecodeObjectEx
CertFreeCertificateContext
CertGetNameStringW
CryptStringToBinaryW
CertFindExtension
CertOpenStore
PFXImportCertStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFreeCertificateChain
wldap32
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord147
ord145
ord301
ord133
bcrypt
BCryptGenRandom
Sections
.text Size: 6.8MB - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 250KB - Virtual size: 250KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ