D:\VCSTUDIO\SLIGHTS\x64\Release\SlightsEX.pdb
Static task
static1
1 signatures
General
-
Target
BlitzService.exe
-
Size
2.1MB
-
MD5
f5f5737dd85551d867e22d253a421f70
-
SHA1
fc810b423ad92d59e397823bf38d337afa67c6aa
-
SHA256
1e0d4cfe44ec1c381d848e7b58a3c9cc7efdf0782cfc83c65b63f9ff44fe8786
-
SHA512
b8de0880ed76f290ac901d5199ef3eb349c4268d2e542d9e858d5981cd020c055c61431874a980b9f9899b1fa9a75d80e135031400ae71ac3451e53e96a24851
-
SSDEEP
24576:o/fWqpa1RWLwK9/wBn165JZQolINRpUeptl7Fo60OegX7AoPn2oumNUXnMvQop9j:oHRpcd167ZXIDxd70ErvPn2FC9XVgu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource BlitzService.exe
Files
-
BlitzService.exe.exe windows:6 windows x64 arch:x64
ff2afc4e402f67d4ae526d327803ffbe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
TerminateProcess
ResumeThread
CreateProcessW
GetStartupInfoW
GetThreadContext
GetSystemInfo
VirtualAlloc
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
LoadLibraryW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
HeapSize
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
HeapDestroy
RaiseException
GetLastError
Sleep
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
ReleaseSRWLockExclusive
WaitForDebugEvent
ContinueDebugEvent
FreeLibrary
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
OutputDebugStringW
CreateEventW
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
CreateFileW
InitializeCriticalSectionEx
DeviceIoControl
WriteFile
DebugBreak
IsDebuggerPresent
lstrcmpiW
QueryFullProcessImageNameW
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
GetCurrentProcess
HeapFree
GetProcAddress
GetWindowsDirectoryW
HeapAlloc
CreateThread
CloseHandle
HeapReAlloc
Process32FirstW
DeleteFileW
LoadLibraryA
GetCurrentThread
CreateFileA
SetConsoleTitleA
VirtualProtect
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
Process32NextW
GetCommandLineW
user32
GetCapture
GetActiveWindow
ClientToScreen
SetCursorPos
GetCursorPos
OpenClipboard
LoadCursorW
EmptyClipboard
UnregisterClassW
GetSystemMetrics
CreateWindowExW
SetWindowPos
DestroyWindow
GetWindow
DefWindowProcW
SetCapture
SetCursor
GetClientRect
CloseClipboard
ReleaseCapture
GetClipboardData
SetClipboardData
ScreenToClient
ShowWindow
GetAsyncKeyState
DispatchMessageW
PeekMessageW
SetWindowDisplayAffinity
GetForegroundWindow
GetWindowTextA
MessageBoxA
GetKeyState
UpdateWindow
FindWindowA
SystemParametersInfoW
PostQuitMessage
SetWindowLongW
TranslateMessage
GetWindowThreadProcessId
GetClassNameA
EnumWindows
MessageBoxW
RegisterClassExW
advapi32
CryptDestroyKey
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
GetUserNameA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
CryptEncrypt
shell32
ShellExecuteW
ShellExecuteA
imm32
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
msvcp140
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
_Query_perf_counter
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
dwmapi
DwmExtendFrameIntoClientArea
d3d9
Direct3DCreate9Ex
shlwapi
PathFindFileNameW
wininet
HttpOpenRequestW
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
InternetReadFile
InternetConnectW
InternetCloseHandle
ntdll
RtlCaptureContext
VerSetConditionMask
RtlAdjustPrivilege
RtlLookupFunctionEntry
RtlVirtualUnwind
NtRaiseHardError
normaliz
IdnToAscii
wldap32
ord50
ord45
ord60
ord143
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord217
ord301
ord46
ord211
crypt32
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertCloseStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertFindExtension
ws2_32
gethostname
inet_ntoa
WSAStartup
gethostbyname
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSACleanup
accept
htonl
listen
ioctlsocket
ntohl
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
rpcrt4
UuidCreate
RpcStringFreeA
UuidToStringA
psapi
EnumProcessModules
GetModuleInformation
GetModuleFileNameExW
EnumProcesses
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
memcpy
__current_exception
__current_exception_context
__std_terminate
strstr
strchr
__std_exception_destroy
strrchr
__std_exception_copy
wcsstr
_CxxThrowException
__C_specific_handler
memchr
memcmp
memmove
api-ms-win-crt-stdio-l1-1-0
fsetpos
_fseeki64
ungetc
setvbuf
_get_stream_buffer_pointers
__acrt_iob_func
ftell
fgetc
__stdio_common_vsprintf_s
_open
fflush
_close
_write
fgets
_read
_pclose
__p__commode
fclose
fseek
_popen
fopen
fputc
fputs
feof
__stdio_common_vfprintf
fwrite
_wfopen
_lseeki64
__stdio_common_vsscanf
fread
fgetpos
__stdio_common_vsprintf
_set_fmode
api-ms-win-crt-string-l1-1-0
strncpy
strpbrk
isprint
strcmp
strncmp
wcscpy_s
strtok_s
strnlen
_strdup
strcspn
strspn
isupper
tolower
api-ms-win-crt-utility-l1-1-0
rand
qsort
api-ms-win-crt-heap-l1-1-0
_callnewh
_recalloc
_set_new_mode
realloc
malloc
calloc
free
api-ms-win-crt-convert-l1-1-0
atof
_wtoi
strtod
strtoul
atoi
strtol
strtoll
strtoull
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
__p___argc
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___argv
exit
_c_exit
_cexit
_resetstkoflw
_getpid
__sys_nerr
strerror
_set_app_type
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
perror
_beginthreadex
_initterm
system
terminate
_invalid_parameter_noinfo
abort
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_errno
_exit
_initterm_e
api-ms-win-crt-math-l1-1-0
__setusermatherr
_dsign
pow
_dclass
powf
sinf
_hypotf
sqrtf
asinf
atan2f
atanf
ceilf
sqrt
cosf
fmodf
floorf
tanf
api-ms-win-crt-time-l1-1-0
_time64
strftime
_localtime64_s
_gmtime64
api-ms-win-crt-filesystem-l1-1-0
_unlink
_access
_lock_file
_stat64
remove
_fstat64
_unlock_file
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
localeconv
___lc_codepage_func
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 586KB - Virtual size: 586KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 243KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 186KB - Virtual size: 186KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ