Slendytubbies II[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Slendytubbies II.exe
Size

13.8MB
MD5

fbaa24c8594d1df3fbe298684b6dc8c3
SHA1

338cbf41eb1053aa9aab7ede619b780dfd202655
SHA256

a77e783320b93413571134c1ea3073fb77c017430abbeed540ac287f264ac958
SHA512

9bbc87dff0a237cabbb7ce3aaaabf5ce306036bd187ffdd50290616bd7bd7fe5c7d464773e347630ae79914dee1fd3fd1613109ee4fa27fa884ea294d8b8e3f4
SSDEEP

393216:0YKeba1hBFJWxuWs3/G3N8ep/o5k8BoDLFE3X:C70S3X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Slendytubbies II.exe

Files

Slendytubbies II.exe
.exe windows:5 windows x64 arch:x64

bad08ed3e037a132ecb5f86335455e6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BuildAgent\work\d3d49558e4d408f4\build\Windows64StandalonePlayer\UnityPlayer_Symbols.pdb

Imports

kernel32

GetCurrentDirectoryA
ResumeThread
GetThreadContext
SuspendThread
RtlCaptureContext
GetCurrentThread
IsBadReadPtr
GetWindowsDirectoryA
GetFullPathNameW
CreateSemaphoreA
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
MoveFileExW
SleepEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
CreateEventA
CopyFileW
SetEvent
ResetEvent
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GlobalMemoryStatus
GetSystemTimeAsFileTime
CreateProcessW
IsDebuggerPresent
SetErrorMode
WritePrivateProfileStringW
HeapAlloc
HeapReAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
ExitProcess
SetConsoleCtrlHandler
ExitThread
DuplicateHandle
GetCommandLineA
GetStartupInfoW
GetStdHandle
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSize
GetLocaleInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
TerminateProcess
GetFileAttributesW
GetACP
GetCurrentThreadId
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetModuleFileNameA
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetProcessHeap
HeapValidate
SetThreadAffinityMask
TerminateThread
WaitForMultipleObjects
CreateMutexA
ExpandEnvironmentStringsA
CreateEventW
GetOverlappedResult
CancelIo
LoadLibraryW
GetProcAddress
GetCommandLineW
SetFileAttributesW
CreateDirectoryW
GetFileSize
ReadFile
GetDriveTypeW
GetCurrentDirectoryW
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
CreateSemaphoreW
CreateMutexW
SignalObjectAndWait
ReleaseMutex
GetThreadLocale
GetSystemDirectoryA
OpenEventA
VirtualAlloc
VirtualFree
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
lstrcmpiA
GetFullPathNameA
GetProcessAffinityMask
FlushConsoleInputBuffer
GetVersionExW
SetLastError
OutputDebugStringA
CreateThread
WaitForSingleObject
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleHandleW
GetTempPathW
LoadLibraryA
GetComputerNameW
GetFileAttributesA
SetStdHandle
GetEnvironmentVariableA
FreeLibrary
lstrcpynW
lstrcpyA
GetVersionExA
GetUserDefaultLangID
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
FlushFileBuffers
RaiseException
lstrcpynA
GetModuleFileNameW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
DeleteFileW
FindClose
GetOEMCP
WriteFile
CreateFileW
SetEndOfFile
SetFilePointer
CloseHandle
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
TlsSetValue
TlsGetValue
TlsFree
GetCPInfo
TlsAlloc
HeapWalk

user32

TranslateMessage
IsDialogMessageW
PeekMessageW
EnableWindow
CreateDialogParamW
CheckDlgButton
IsDlgButtonChecked
DialogBoxParamA
LoadImageA
ValidateRect
DispatchMessageA
GetMessageA
PeekMessageA
GetCaretBlinkTime
EnumDisplayDevicesA
MonitorFromWindow
wvsprintfA
DispatchMessageW
MsgWaitForMultipleObjects
SetCursor
LoadCursorA
DestroyCursor
DefWindowProcW
DestroyWindow
CreateWindowExW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetProcessWindowStation
GetUserObjectInformationW
SetCapture
ReleaseCapture
RegisterDeviceNotificationW
UnregisterDeviceNotification
SystemParametersInfoW
ClientToScreen
GetAsyncKeyState
ScreenToClient
IsWindowVisible
GetCursorPos
GetKeyState
wsprintfA
RegisterRawInputDevices
GetRawInputData
GetRawInputDeviceInfoW
GetRawInputDeviceList
SendMessageTimeoutA
EnumWindows
SendMessageA
SetForegroundWindow
GetSystemMetrics
GetDC
ReleaseDC
SetWindowTextW
RegisterClassW
PostQuitMessage
SetWindowLongPtrW
GetWindowLongPtrW
SetCursorPos
ClipCursor
ShowCursor
GetFocus
SetFocus
WindowFromPoint
MessageBoxW
RegisterClassExW
DialogBoxParamW
EndDialog
ShowWindow
IsIconic
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
MessageBoxA
CopyRect
OffsetRect
GetAncestor
UnregisterClassW
CreateIconIndirect
RegisterWindowMessageA
GetUserObjectInformationA
GetThreadDesktop
GetParent
GetWindowRect
GetDesktopWindow
EnumDisplaySettingsA
AdjustWindowRectEx
SetWindowLongA
ChangeDisplaySettingsA
GetDlgItem
SetWindowLongPtrA
CreateDialogParamA
GetWindowLongPtrA
GetClientRect
SetWindowPos
GetWindowLongA

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW

ole32

CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize

shlwapi

SHDeleteKeyA
PathIsDirectoryW
PathFileExistsW

advapi32

CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
GetUserNameA
RegDeleteValueA
CryptDestroyKey
CryptVerifySignatureA
CryptImportKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptDestroyHash

gdi32

GetDeviceCaps
SetPixelFormat
SwapBuffers
CreateDIBSection
GetObjectA
ChoosePixelFormat
DeleteObject
CreateBitmap

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

opengl32

glBindTexture
glReadPixels
glMaterialf
glGenTextures
glTexImage2D
glDeleteTextures
glIsTexture
glTexSubImage2D
glPixelStorei
glCopyTexSubImage2D
glDrawBuffer
glReadBuffer
glDrawArrays
wglDeleteContext
glTexParameteri
glBegin
glEnd
glColor4f
glNormal3f
glVertex3f
glHint
glLightModelf
glLoadIdentity
glFinish
glFogi
glFogf
glFogfv
wglCreateContext
wglMakeCurrent
glGetIntegerv
wglGetCurrentContext
wglGetCurrentDC
wglShareLists
wglGetProcAddress
glGetError
glGetString
glDrawElements
glTexCoordPointer
glNormalPointer
glVertexPointer
glColorPointer
glEnableClientState
glDisableClientState
glTexEnvf
glTexEnvi
glAlphaFunc
glEnable
glBlendFunc
glDisable
glColorMask
glPolygonOffset
glCullFace
glDepthMask
glDepthFunc
glStencilMask
glStencilOp
glStencilFunc
glIsEnabled
glClear
glClearStencil
glClearDepth
glClearColor
glFrontFace
glPolygonMode
glLoadMatrixf
glMatrixMode
glMultMatrixf
glGetFloatv
glColorMaterial
glLightModeli
glColor4fv
glViewport
glScissor
glTexEnvfv
glTexGenfv
glTexGeni
glLightfv
glLightf
glLightModelfv
glMaterialfv

winmm

waveInOpen
waveInClose
waveInStart
waveInGetDevCapsW
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutOpen
waveOutClose
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
timeGetTime
timeEndPeriod
waveOutPrepareHeader
timeBeginPeriod
waveInReset

ws2_32

inet_addr
htonl
inet_ntoa
WSACleanup
WSAStartup
closesocket
connect
WSAGetLastError
socket
gethostname
ioctlsocket
setsockopt
select
WSASetLastError
__WSAFDIsSet
sendto
recvfrom
bind
ntohs
accept
listen
shutdown
send
getsockopt
getpeername
freeaddrinfo
getsockname
getaddrinfo
gethostbyaddr
gethostbyname
WSACancelAsyncRequest
WSAAsyncGetHostByName
recv
htons

oleaut32

SysFreeString
VariantClear
SysStringLen
VariantChangeType
SysAllocString
VariantInit

imm32

ImmGetContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetConversionStatus
ImmGetCompositionStringW
ImmSetOpenStatus
ImmReleaseContext
ImmSetCompositionStringW

dnsapi

DnsFree
DnsQuery_A

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

hid

HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetProductString
HidP_GetCaps
HidP_GetButtonCaps
HidP_GetValueCaps
HidP_MaxDataListLength
HidP_GetData
HidD_GetHidGuid

msacm32

acmStreamOpen
acmStreamSize
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader

Exports

Exports

??$Transfer@V?$StreamedBinaryRead@$00@@@AnimationEvent@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Behaviour@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Component@Unity@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@GameObject@Unity@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@GlobalGameManager@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@LevelGameManager@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@NamedObject@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Object@@IEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Renderer@@QEAAXAEAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@AnimationEvent@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Behaviour@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Component@Unity@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@GameObject@Unity@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@GlobalGameManager@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@LevelGameManager@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@NamedObject@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Object@@IEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Renderer@@QEAAXAEAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@AnimationEvent@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Behaviour@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Component@Unity@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@GameObject@Unity@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@GlobalGameManager@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@LevelGameManager@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@NamedObject@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Object@@IEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Renderer@@QEAAXAEAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@VProxyTransfer@@@AnimationEvent@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Behaviour@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Component@Unity@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@GameObject@Unity@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@GlobalGameManager@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@LevelGameManager@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@NamedObject@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Object@@IEAAXAEAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Renderer@@QEAAXAEAVProxyTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@AnimationEvent@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Behaviour@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Component@Unity@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@GameObject@Unity@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@GlobalGameManager@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@LevelGameManager@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@NamedObject@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Object@@IEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Renderer@@QEAAXAEAVRemapPPtrTransfer@@@Z
??$Transfer@VSafeBinaryRead@@@AnimationEvent@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Behaviour@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Component@Unity@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@GameObject@Unity@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@GlobalGameManager@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@LevelGameManager@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@NamedObject@@QEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Object@@IEAAXAEAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Renderer@@QEAAXAEAVSafeBinaryRead@@@Z
AgPmDestroySourceConnection
AgPmEventEnabled
AgPmEventLoggingEnabled
AgPmSubmitEvent
NxCreateCoreSDK

Sections

.text
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 450KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 574KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bad08ed3e037a132ecb5f86335455e6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

hid

msacm32

Exports

Exports

Sections

.text Size: 9.8MB - Virtual size: 9.8MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 450KB - Virtual size: 1.1MB

.pdata Size: 574KB - Virtual size: 574KB

text Size: 11KB - Virtual size: 11KB

data Size: 24KB - Virtual size: 23KB

.trace Size: 4KB - Virtual size: 3KB

.rsrc Size: 553KB - Virtual size: 552KB

.reloc Size: 119KB - Virtual size: 118KB

.text
Size: 9.8MB - Virtual size: 9.8MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 450KB - Virtual size: 1.1MB

.pdata
Size: 574KB - Virtual size: 574KB

text
Size: 11KB - Virtual size: 11KB

data
Size: 24KB - Virtual size: 23KB

.trace
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 553KB - Virtual size: 552KB

.reloc
Size: 119KB - Virtual size: 118KB