slui[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

slui.exe
Size

392KB
MD5

b131e05837a3409b495758e0f8a5700d
SHA1

d54ae1a76f22fb2c09c4fad98027ac8c2a0cde73
SHA256

498ec19e82d3bce99e7a878d8dac1990466721a4c89dc3155c7d15375ae8460a
SHA512

5ad4ab33f28d110f043dfe5ce0db6b42b46924caf7c5aad75ac4509980ef0f42a3673f25c631158b1fcb8394ee1bac419587a437f48a97648804c0b07a9d93eb
SSDEEP

6144:a/bnxfHQQvcRKy9dXFb+qY/W5R02qO7VKCyWQp:aLFQQv+b+q3nyR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
slui.exe

Files

slui.exe
.exe windows:10 windows x86

483730ee4e593a0ab030fac5762e8323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventWrite
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryInfoKeyW
RegEnumKeyW
RegSetKeySecurity
RegDeleteKeyW
EventRegister
EventUnregister
FreeSid
AllocateAndInitializeSid
CheckTokenMembership

kernel32

GetProcessHeap
GetLastError
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
DeleteCriticalSection
ReleaseSemaphore
EncodePointer
WaitForSingleObject
SetEvent
GetCurrentThreadId
RaiseException
GetProcAddress
FreeLibrary
VirtualQuery
GetSystemDirectoryW
GetModuleFileNameW
RegisterApplicationRestart
HeapSetInformation
GetCommandLineW
CreateEventW
GetFileAttributesW
DecodePointer
LocalFree
GetSystemTime
SystemTimeToFileTime
LockResource
LoadResource
FindResourceExW
GetCurrentProcess
ExpandEnvironmentStringsW
IsWow64Process
FormatMessageW
LocalAlloc
LoadLibraryExW
CheckElevationEnabled
GetUserDefaultLCID
WaitForMultipleObjects
CreateSemaphoreW
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
CreateThread
SetLastError
GetThreadPriority
GetProcessAffinityMask
HeapAlloc
GetStartupInfoA
GetModuleHandleExW
HeapFree
Sleep

user32

RegisterClassW
SetWindowLongW
DestroyWindow
CreateWindowExW
SetForegroundWindow
CallWindowProcW
DefWindowProcW
GetDesktopWindow
MessageBoxW
LoadCursorW
SetCursor
AllowSetForegroundWindow
GetWindowLongW

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
memcpy
memcmp
_lock
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_waccess_s
wcsstr
_wtoi
swscanf_s
towupper
_wcsicmp
_purecall
memmove
strchr
_vsnwprintf
wcschr
memset

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoCreateInstance
CoAddRefServerProcess
CoSuspendClassObjects
CoReleaseServerProcess
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects

oleaut32

SysFreeString
SystemTimeToVariantTime
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantTimeToSystemTime
SysAllocString

rpcrt4

RpcStringFreeW
UuidToStringW
I_RpcMapWin32Status

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

winbrand

BrandingLoadString

ntdll

WinSqmSetDWORD

ole32

CreateBindCtx
MkParseDisplayName

shell32

CommandLineToArgvW
ShellExecuteExW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

slc

SLConsumeWindowsRight
SLGetGenuineInformation

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

483730ee4e593a0ab030fac5762e8323

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

api-ms-win-core-com-l1-1-1

oleaut32

rpcrt4

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

winbrand

ntdll

ole32

shell32

wtsapi32

slc

Sections

.text Size: 154KB - Virtual size: 154KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 154KB - Virtual size: 154KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 6KB - Virtual size: 6KB