sh3[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

sh3.exe
Size

4.7MB
MD5

c05e2f57ddb783bd50a1ce60ab942667
SHA1

63ff51c6fc6f7d1c23daf53adee33284be7db07f
SHA256

e1438049509b8a3cfd1531cde1430717ae1c213091a4902d26c3ffea0239c63f
SHA512

a9ac7a5bcc55b071c4c5d1c1dc80b91eaf9b5ebd3e70905d80e1bebe7ec6904af216ce87923978f5b03f92e7a29a6832807b7a996d7a6fb437f39a6a8272789b
SSDEEP

98304:sSch210sOMqjv4cwsznXfjbJPIz7y36sN6ZEB:le210sOMqjv4cZO636InB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sh3.exe

Files

sh3.exe
.exe windows:4 windows x86 arch:x86

a74f0adc0fd2b0ad54644d1944ed7c63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext
ImmGetContext

winmm

mmioAdvance
mmioClose
timeKillEvent
timeEndPeriod
timeGetTime
timeSetEvent
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioOpenA
timeBeginPeriod
mmioWrite

kernel32

CloseHandle
Sleep
GetFileAttributesA
GetVersionExA
GetThreadLocale
GetLocalTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLastError
SetEndOfFile
SetConsoleCtrlHandler
GetTimeZoneInformation
LCMapStringW
LCMapStringA
FlushFileBuffers
GetLocaleInfoA
GetACP
InterlockedExchange
CreateMutexA
GetLocaleInfoW
SetStdHandle
VirtualQuery
VirtualProtect
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
HeapSize
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetFileSize
CreateFileA
SetFilePointer
InterlockedIncrement
InterlockedDecrement
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
GetSystemInfo
VirtualFree
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
VirtualAlloc
FreeLibrary
LoadLibraryA
MulDiv
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
CreateThread
SetPriorityClass
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringA
LockResource
SizeofResource
LoadResource
FindResourceA
SetCurrentDirectoryA
GetFullPathNameA
GetModuleFileNameA
SetErrorMode
GetDriveTypeA
GetLogicalDrives
GetVolumeInformationA
GetUserDefaultLangID
InterlockedCompareExchange
InterlockedExchangeAdd
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileA
FindFirstFileA
ResumeThread
SuspendThread
PulseEvent
SetThreadAffinityMask
SetThreadPriorityBoost
ExitThread
lstrlenA
GetOverlappedResult
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
WriteFile
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
FindResourceW
IsProcessorFeaturePresent
GetProcessHeap
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
CreateDirectoryA
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
DeleteFileA
TerminateProcess
SetUnhandledExceptionFilter
TlsFree
TlsAlloc
FatalAppExitA
HeapReAlloc
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCurrentProcessId
OpenFileMappingA
GetTempPathA
DeviceIoControl
OpenEventA
OpenProcess
GetPriorityClass
FormatMessageA
GetSystemDirectoryA
CreateProcessA
WriteProcessMemory
SearchPathA
GetWindowsDirectoryA
GetDiskFreeSpaceExA
VirtualProtectEx
QueryDosDeviceA
GetSystemTime
GetVersion
GetEnvironmentVariableA

user32

MessageBoxA
LoadStringA
CreateWindowExA
AdjustWindowRectEx
DefWindowProcA
InvalidateRect
PostQuitMessage
ClipCursor
SetForegroundWindow
SetFocus
EndPaint
BeginPaint
RegisterClassExA
DrawTextW
FindWindowA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
KillTimer
PostMessageA
ShowWindow
UpdateWindow
LoadIconA
CallWindowProcA
SetWindowLongA
PostThreadMessageA
GetQueueStatus
MsgWaitForMultipleObjects
wvsprintfA
wsprintfA
RegisterWindowMessageA
GetForegroundWindow
SystemParametersInfoA
AttachThreadInput
GetWindowThreadProcessId
GetClassLongA
GetWindowLongA
GetWindowRect
SetCursor
GetSystemMetrics
RedrawWindow
SetWindowPos
IsIconic
UnregisterDeviceNotification
RegisterDeviceNotificationA
ChangeDisplaySettingsA
EnumDisplaySettingsA
ClientToScreen
GetCursorPos
GetKeyState
ScreenToClient
SetCursorPos
DrawTextA
CopyImage
LoadImageA
SetSystemCursor
LoadCursorFromFileA
UnregisterClassA

gdi32

CreateFontIndirectA
DeleteDC
GetObjectA
SetTextColor
SetBkColor
SetBkMode
SelectObject
GetStockObject
DeleteObject
CreateCompatibleDC
CreateDIBSection
CreateBitmap
CreateCompatibleBitmap
StretchBlt
StretchDIBits
SetStretchBltMode
BitBlt
RectVisible

dsound

ord11

dinput8

DirectInput8Create

d3d8

Direct3DCreate8

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegEnumKeyExA
ControlService
QueryServiceConfigA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
DeleteService
CloseServiceHandle
RegSetValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 496KB - Virtual size: 106.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flio
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.urdf
Size: 952KB - Virtual size: 950KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a74f0adc0fd2b0ad54644d1944ed7c63

Headers

File Characteristics

Imports

imm32

winmm

kernel32

user32

gdi32

dsound

dinput8

d3d8

advapi32

ole32

oleaut32

version

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 496KB - Virtual size: 106.8MB

.data1 Size: 4KB - Virtual size: 2KB

.flio Size: 548KB - Virtual size: 548KB

.urdf Size: 952KB - Virtual size: 950KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 496KB - Virtual size: 106.8MB

.data1
Size: 4KB - Virtual size: 2KB

.flio
Size: 548KB - Virtual size: 548KB

.urdf
Size: 952KB - Virtual size: 950KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 4KB