SkinChanger[.]exe_953268[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SkinChanger.exe_953268.exe
Size

24.2MB
MD5

5bf35743e8d95bf6a58a783f7186f5ff
SHA1

35c1e3468577dceda6e2691adee9642e1df5e348
SHA256

56cf9c4fc2a8ec81c9e5e5737f43da14ff95c3c19e06c2b006389626bb63ae06
SHA512

9dfde0ce2091ebbfdac581c918cda5ac4589aa60a0130f82655a6feba078cff0666446f6582f612031d7244f5481388c304ae33b0e3b3277d7871fcac3eb0d7f
SSDEEP

786432:h+r4Outm8Fg6L6eakPnjlMJAuCZDDZTK7Q:hm0/iJAVDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SkinChanger.exe_953268.exe

Files

SkinChanger.exe_953268.exe
.exe windows:6 windows x86 arch:x86

Password: infected

bc285e9d6ae92fa72681bd568018af9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetCurrentThreadId
FindFirstFileExA
GetStringTypeW
GetFullPathNameW
GetFileAttributesExW
IsProcessorFeaturePresent
GetSystemInfo
GetOEMCP
CompareStringW
RtlUnwind
WaitForMultipleObjects
GetModuleFileNameA
CreateEventW
GlobalUnlock
TlsAlloc
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
CreateDirectoryW
CreateFileW
DecodePointer
ExitThread
DeleteCriticalSection
LCMapStringEx
InitializeSListHead
GetEnvironmentStringsW
RemoveDirectoryW
GetDriveTypeW
IsValidCodePage
MoveFileExW
SetFileTime
GetTimeFormatW
GetEnvironmentVariableA
ReadFile
GetCurrentDirectoryW
FileTimeToSystemTime
GetFileType
CloseHandle
FreeLibraryAndExitThread
GetProcessAffinityMask
MoveFileW
ReleaseSRWLockExclusive
SetLastError
GetCPInfo
WriteConsoleW
GetVersionExW
GetProcessHeap
GetUserDefaultLCID
GetCurrentProcessId
GetModuleFileNameW
GlobalLock
SetEnvironmentVariableA
GetStartupInfoW
GlobalMemoryStatus
CompareFileTime
GetCommandLineW
GetSystemDirectoryW
PeekNamedPipe
MultiByteToWideChar
WaitForSingleObjectEx
SetPriorityClass
GetModuleHandleW
GetDateFormatW
FreeLibrary
SetFileAttributesW
EnumSystemLocalesW
IsValidLocale
EncodePointer
FileTimeToLocalFileTime
GetModuleHandleA
FlushFileBuffers
GetFileAttributesW
GetLastError
IsDebuggerPresent
QueryPerformanceFrequency
VirtualFree
HeapSize
SetFilePointer
SetStdHandle
CreateSemaphoreW
FindNextFileW
InitializeCriticalSectionEx
lstrlenA
LoadLibraryW
GetTickCount
TlsFree
SystemTimeToTzSpecificLocalTime
DeleteFileW
GetConsoleMode
GetTimeZoneInformation
QueryPerformanceCounter
GetACP
TerminateProcess
LocalFree
HeapReAlloc
GetConsoleCP
SetEvent
GetTickCount64
CreateThread
InitializeCriticalSection
GetFileInformationByHandle
GlobalAlloc
HeapFree
AcquireSRWLockExclusive
Sleep
LoadLibraryA
FormatMessageW
SetUnhandledExceptionFilter
SetEndOfFile
TlsSetValue
GetCommandLineA
GetFileSize
SleepEx
LeaveCriticalSection
FindClose
GetLogicalDriveStringsW
FindNextFileA
TlsGetValue
GetFileSizeEx
LCMapStringW
GlobalFree
WaitForSingleObject
ReleaseSemaphore
ReadConsoleW
VerifyVersionInfoW
FreeEnvironmentStringsW
ExitProcess
UnhandledExceptionFilter
GetStdHandle
GetProcAddress
GetVersion
WriteFile
GetModuleHandleExW
LoadLibraryExW
VerSetConditionMask
GetSystemTimeAsFileTime
FindFirstFileW
VirtualAlloc
ResetEvent
WideCharToMultiByte
SetFilePointerEx
EnterCriticalSection
HeapAlloc

user32

LoadCursorW
GetParent
GetKeyState
CharUpperW
ScreenToClient
GetFocus
ShowWindow
IsDlgButtonChecked
GetWindowTextLengthW
LoadIconW
SetDlgItemTextW
GetWindowTextW
SystemParametersInfoW
SetTimer
GetDlgItem
MapDialogRect
OpenClipboard
PostMessageW
MonitorFromWindow
EnableWindow
GetWindowRect
InvalidateRect
GetWindowLongW
wsprintfA
CheckDlgButton
EmptyClipboard
CloseClipboard
KillTimer
DialogBoxParamW
EndDialog
SetWindowLongW
SendMessageW
SetFocus
SetCursor
MessageBoxW
GetMonitorInfoA
SetWindowTextW
LoadStringW
SetClipboardData
MoveWindow

advapi32

CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
CryptImportKey
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleInitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen

ws2_32

__WSAFDIsSet
select
accept
connect
getsockname
htonl
setsockopt
recv
socket
freeaddrinfo
WSACloseEvent
recvfrom
sendto
getpeername
ioctlsocket
gethostname
htons
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAResetEvent
WSAEnumNetworkEvents
WSACreateEvent
WSAEventSelect
getaddrinfo
WSAWaitForMultipleEvents
WSAIoctl
send
listen
getsockopt
bind

crypt32

CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CryptQueryObject
CryptDecodeObjectEx
CertFreeCertificateContext
CertGetNameStringW
CryptStringToBinaryW
CertFindExtension
CertOpenStore
PFXImportCertStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFreeCertificateChain

wldap32

ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord147
ord145
ord301
ord133

bcrypt

BCryptGenRandom

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bc285e9d6ae92fa72681bd568018af9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

crypt32

wldap32

bcrypt

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 95KB