SlideToShutDown[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SlideToShutDown.exe
Size

37KB
MD5

44ad3fc64610c628e2b82618728b3cfe
SHA1

a988b83f2a27fe1ecb85e7461eb675ef47a8baac
SHA256

d171b96ab5574515025675b58951f3dd77c4b44221dea5832ff878235830a9bc
SHA512

537b2e2fe48eb4c0fa72cba183df38c2049bccb24c2ae213fe3daf589d2118ef999156e3d3f965025cb2c900adbfdb3e2eb1eb80fcdf13d33aae3038a72f707c
SSDEEP

384:W8owPzMCbeAD9OSfAd5M0ZfLWWGRC6WRaDBRJaTwR9zQb4ZGn:WOyAD9OSfATM0ZftGRCE1P2M9zxZGn

Score

1^/10

Malware Config

Signatures

Files

SlideToShutDown.exe
.exe windows:10 windows x64 arch:x64

bb14032cdadda2a586e94dce4af0af58

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:0a:99:3b:53:56:c7:25:97:57:c4:81:39:a5:e0:ce:ed:0b:21:e7:4d:ff:aa:8d:ba:c4:ed:ae:f4:f4:47:17
Signer

Actual PE Digest

91:0a:99:3b:53:56:c7:25:97:57:c4:81:39:a5:e0:ce:ed:0b:21:e7:4d:ff:aa:8d:ba:c4:ed:ae:f4:f4:47:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SlideToShutDown.pdb

Imports

kernel32

CloseHandle
GetLastError
CreateEventW

msvcrt

_initterm
_exit
_XcptFilter
_cexit
exit
?terminate@@YAXXZ
_commode
__set_app_type
_fmode
_wcmdln
__C_specific_handler
__setusermatherr
__wgetmainargs
_amsg_exit

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

imm32

ImmDisableIME

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb14032cdadda2a586e94dce4af0af58

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

91:0a:99:3b:53:56:c7:25:97:57:c4:81:39:a5:e0:ce:ed:0b:21:e7:4d:ff:aa:8d:ba:c4:ed:ae:f4:f4:47:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

imm32

Sections

.text Size: 4KB - Virtual size: 2KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 216B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 48B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

91:0a:99:3b:53:56:c7:25:97:57:c4:81:39:a5:e0:ce:ed:0b:21:e7:4d:ff:aa:8d:ba:c4:ed:ae:f4:f4:47:17
Signer

.text
Size: 4KB - Virtual size: 2KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 216B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 48B