15d6c60b606ebcb66dcc43df928ac70344088c36a93d1254a2da106156792621

Sharing

Copy URL Twitter E-mail

General

Target

15d6c60b606ebcb66dcc43df928ac70344088c36a93d1254a2da106156792621
Size

430KB
MD5

12cc93426df8710f20f92a605fa976cb
SHA1

b041d87c1e6e201ed3aba8c6b399c54a72e349c7
SHA256

15d6c60b606ebcb66dcc43df928ac70344088c36a93d1254a2da106156792621
SHA512

14e3e6fd2c186267f20bec3d69f8736fc2a417ba3f676c2220e3853ae3173c3daeccb75ce44750131f0a824144dce1c45c25d4396dfd7e50d5e30b65aa882a55
SSDEEP

6144:0cdbuD0V88gll/kkiv0bT0AmvBQzRRnnsZ+bxoBUx8c:0JgVPkf/0AmvBQzXE+9oB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15d6c60b606ebcb66dcc43df928ac70344088c36a93d1254a2da106156792621

Files

15d6c60b606ebcb66dcc43df928ac70344088c36a93d1254a2da106156792621
.exe windows:5 windows x86 arch:x86

00747208e035d3fb47344f8c388d33a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\BuinessLabel-qt5\SL_Assist\SL_Bin\SL_Assist.pdb

Imports

kernel32

CreateDirectoryW
WriteFile
OpenProcess
WideCharToMultiByte
CreateFileW
MultiByteToWideChar
GetTempPathW
GetLongPathNameW
FindClose
GetLocalTime
Process32FirstW
RemoveDirectoryW
GetModuleFileNameA
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
DeleteFileW
GetCommandLineW
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
ConnectNamedPipe
CreateNamedPipeW
InitializeCriticalSection
GetPrivateProfileIntA
ReadFile
GetModuleFileNameW
DisconnectNamedPipe
GetPrivateProfileStringA
ProcessIdToSessionId
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
CreateThread
InterlockedDecrement
WaitNamedPipeA
CallNamedPipeW
LoadLibraryW
GetFileAttributesW
SetFileAttributesW
GetStartupInfoA
GetCommandLineA
HeapAlloc
lstrlenA
GetProcessHeap
SetEndOfFile
GetModuleHandleA
GetLocaleInfoW
FindFirstFileW
CreateFileA
OpenFileMappingA
CallNamedPipeA
CloseHandle
ReleaseMutex
OutputDebugStringA
CreateMutexA
OpenEventA
CreateFileMappingA
OpenMutexA
CreateEventA
SetEvent
WaitForSingleObject
MapViewOfFile
LoadLibraryA
EnterCriticalSection
GetProcAddress
GetLastError
LeaveCriticalSection
Sleep
OutputDebugStringW
WTSGetActiveConsoleSessionId
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetFileAttributesA
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
RaiseException
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
ExitProcess
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
ExitThread
ResumeThread
TerminateProcess
RtlUnwind

user32

GetMessageW
DispatchMessageW
wsprintfW
PostThreadMessageW
TranslateMessage

advapi32

GetTokenInformation
RegSetValueExW
RegCloseKey
ControlService
RegisterServiceCtrlHandlerW
RegOpenKeyExW
SetServiceStatus
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
CreateProcessAsUserW
RegQueryValueExA
OpenServiceW
GetUserNameW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
LookupAccountSidA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteExW

ole32

CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

slpipe

GetUserRightsForFile_withHeader
RightLabelBlock
GetUserRightsForFile
GetUserTempDir
ForceLabel
AnalyzeLabel
GetUserRights
GetLabelInfoForRar
ForceLabelEx
RightLabel
AddWndMark
GetWaterMarkInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessImageFileNameA

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dbghelp

MiniDumpWriteDump

slencfolder

GetMarkFileEx2
GetMarkFileEx
AddTrustProcEx
AddTrustProc

rpcrt4

UuidCreate

slpipelog

EditLog
EditLogEx
OperationLog

slgetlocalinfo

fnSLGetLocalMachineCode

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00747208e035d3fb47344f8c388d33a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

slpipe

version

psapi

wtsapi32

userenv

dbghelp

slencfolder

rpcrt4

slpipelog

slgetlocalinfo

Sections

.text Size: 258KB - Virtual size: 257KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 258KB - Virtual size: 257KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 19KB - Virtual size: 19KB