General
-
Target
skuld.exe
-
Size
14.2MB
-
MD5
c80815523923d223edc3b4c6c624c434
-
SHA1
1caf4d490313428b844a26e2aeac48ff33be6d86
-
SHA256
bcca8d8e2807d0ca0dcd2f3cfb8cd93ff90bb146d35b21c7ea2baff15c267c9a
-
SHA512
7433f5d3655aed6f8fee2af3372ad50438cc7223d91db0adca7014eb9be8a3a5d2758068cb871bece79c94865124ef1768b25bdaa9001bd10716e6913f0e45ea
-
SSDEEP
196608:ZZvCeu8sRAXFupTze5AIcdsbmLpr5KE0ezi4q7X6BF:ZBCe3qe+dOmLpcEQ18
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1279926585402593512/-p7sFnb_2x6CbCygjElBC0Haj-3_Y2RxDPvXsumD8jWDE7C7BvP3uhfi8a5Z45S9Whkt
Signatures
-
Skuld family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource skuld.exe
Files
-
skuld.exe.exe windows:6 windows x64 arch:x64
c2d457ad8ac36fc9f18d45bffcd450c2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
Sections
.text Size: 4.6MB - Virtual size: 4.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 464KB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 512B - Virtual size: 297B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 891KB - Virtual size: 890KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/32 Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/46 Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/65 Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/78 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/90 Size: 319KB - Virtual size: 318KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 682KB - Virtual size: 682KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ