Slendytubbies II[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Slendytubbies II.exe
Size

21.7MB
MD5

0e70d0f937206534785de7ce2dcf6287
SHA1

a76f878f055cae0f433ced8ab5a9c8513c89b2e4
SHA256

553c2aa1d1e0b71e96c4f3eea694de97162a3e27824820935ddd641aea854ac8
SHA512

08081a5be36e704dd1b669074d6601d4566ad61a524bea58a06c545b8c44e0c8f2e5e2bac37aff69778b7f2f5c664c2568fc652fbedba7ef9c76b22aefbc4d06
SSDEEP

393216:jKx41NPRaITOdXQdv7W5avyhA1DfJmh/wVSAQd2e:w6kXAVe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Slendytubbies II.exe

Files

Slendytubbies II.exe
.exe windows:5 windows x64 arch:x64

1c0e9fe3445884066e2ebbaf6c6ea50e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\player_win_x64.pdb

Imports

hid

HidD_GetPreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetCaps
HidD_FreePreparsedData
HidP_GetData
HidP_GetValueCaps
HidP_MaxDataListLength
HidD_GetHidGuid

kernel32

GetSystemTimeAsFileTime
GetModuleHandleA
GetFullPathNameW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryW
FormatMessageA
SystemTimeToFileTime
GetLocalTime
GetTimeZoneInformation
LocalFree
CreateFileW
InitializeCriticalSection
ResetEvent
GetTickCount
ReadFile
SetFilePointerEx
WriteFile
SetEndOfFile
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
LoadLibraryExW
CreateEventW
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryW
SetFileTime
GetSystemTime
GetDiskFreeSpaceExA
GetModuleFileNameW
lstrcpynA
lstrcpyA
lstrcpynW
GetCommandLineW
ExpandEnvironmentStringsW
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
GetThreadContext
SuspendThread
RtlCaptureContext
OutputDebugStringA
GetEnvironmentVariableA
GetFileAttributesA
GetModuleFileNameA
GetVersionExA
GetCurrentDirectoryA
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetSystemPowerStatus
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetComputerNameW
GetTempPathW
LocalAlloc
SetUnhandledExceptionFilter
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetOverlappedResult
CancelIo
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GetQueuedCompletionStatus
SetErrorMode
DecodePointer
EncodePointer
HeapFree
HeapReAlloc
HeapAlloc
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
CreateThread
DuplicateHandle
ExitProcess
SetConsoleCtrlHandler
ExitThread
GetCommandLineA
GetStartupInfoW
FileTimeToSystemTime
GetDriveTypeA
FindFirstFileExA
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
GetVersion
HeapCreate
SetHandleCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
SetStdHandle
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
FlushConsoleInputBuffer
SwitchToThread
SetThreadAffinityMask
GetProcessAffinityMask
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
SetConsoleMode
ReadConsoleInputA
GetTimeFormatA
GetDateFormatA
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
CreateIoCompletionPort
SetHandleInformation
FormatMessageW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
HeapQueryInformation
SetThreadPriority
CreateMutexA
ReleaseMutex
GetModuleHandleW
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
RaiseException
HeapSize
SleepEx
SetDllDirectoryW
CreateDirectoryW
WaitForSingleObject
WideCharToMultiByte
LoadLibraryA
SetEvent
IsDebuggerPresent
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
DeleteFileW
CopyFileW
GetStartupInfoA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventA
CloseHandle
Sleep
SetLastError
GetLastError
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalMemoryStatus

user32

GetAsyncKeyState
ClientToScreen
RegisterRawInputDevices
GetMessageTime
MapVirtualKeyExA
GetMessagePos
GetRawInputData
LoadKeyboardLayoutA
GetKeyNameTextW
GetRawInputDeviceInfoW
GetRawInputDeviceList
wvsprintfA
GetWindowLongPtrW
SetWindowLongPtrW
PostQuitMessage
GetMonitorInfoA
SetFocus
GetFocus
ShowCursor
ReleaseDC
GetDC
SetWindowTextW
GetDlgItem
IsDlgButtonChecked
CopyImage
SetWindowLongPtrA
KillTimer
GetMessageA
PeekMessageA
SetWindowPos
SystemParametersInfoW
RegisterDeviceNotificationW
GetMessageExtraInfo
PtInRect
DispatchMessageA
UnregisterDeviceNotification
SendMessageTimeoutA
IsIconic
wsprintfA
DestroyIcon
GetWindowPlacement
LoadCursorA
SetCursor
GetSystemMetrics
CreateIconIndirect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorPos
WindowFromPoint
IsWindowVisible
GetCaretBlinkTime
MessageBoxW
UpdateWindow
GetKeyState
LoadImageW
DialogBoxParamA
EndDialog
SetForegroundWindow
ScreenToClient
CheckDlgButton
GetAncestor
CreateDialogParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
ReleaseCapture
SetCapture
MonitorFromWindow
RegisterClassExW
DialogBoxParamW
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
MessageBoxA
CopyRect
OffsetRect
GetDesktopWindow
AdjustWindowRectEx
SetCursorPos
ClipCursor
GetWindowRect
DispatchMessageW
SendMessageA
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassW
DestroyWindow
DefWindowProcW
RegisterClassW
CreateWindowExW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplayDevicesA
GetClientRect
EnableWindow
SetTimer
ShowWindow
GetParent
ValidateRect
MsgWaitForMultipleObjects
SetWindowLongA
ChangeDisplaySettingsA
CreateDialogParamA
GetWindowLongPtrA
GetWindowLongA
GetThreadDesktop
GetUserObjectInformationA
EnumWindows
DestroyCursor
RegisterWindowMessageA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

ole32

PropVariantClear
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
StringFromGUID2
CoInitialize

shlwapi

PathCanonicalizeW
PathFileExistsW
SHDeleteKeyW

advapi32

RegCloseKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
RegOpenKeyExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

CreateDIBSection
SwapBuffers
ChoosePixelFormat
GetDeviceCaps
GetObjectA
DeleteObject
CreateBitmap
SetPixelFormat

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

opengl32

wglGetCurrentDC
wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress

winmm

waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
timeEndPeriod
timeBeginPeriod
timeGetTime
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
waveInGetNumDevs

ws2_32

WSACloseEvent
WSAEventSelect
WSACreateEvent
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAWaitForMultipleEvents
setsockopt
ioctlsocket
closesocket
WSACleanup
ntohl
htonl
ntohs
htons
WSAResetEvent
WSAEnumNetworkEvents
WSASetEvent
getpeername
getprotobyname
recv
gethostbyname
shutdown
listen
accept
WSARecvFrom
WSAIoctl
getnameinfo
getaddrinfo
recvfrom
sendto
send
gethostname
socket
connect
bind
inet_addr
WSAStartup
select
__WSAFDIsSet
inet_ntoa
getsockname
freeaddrinfo
WSASocketA
WSASetLastError
WSAGetLastError

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantInit

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetCompositionStringW
ImmGetConversionStatus
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 867KB - Virtual size: 867KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c0e9fe3445884066e2ebbaf6c6ea50e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 16.7MB - Virtual size: 16.7MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 620KB - Virtual size: 1.5MB

.pdata Size: 867KB - Virtual size: 867KB

.rodata Size: 3KB - Virtual size: 2KB

text Size: 13KB - Virtual size: 12KB

data Size: 32KB - Virtual size: 32KB

.trace Size: 2KB - Virtual size: 2KB

.data1 Size: 512B - Virtual size: 64B

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 170KB - Virtual size: 169KB

.text
Size: 16.7MB - Virtual size: 16.7MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 620KB - Virtual size: 1.5MB

.pdata
Size: 867KB - Virtual size: 867KB

.rodata
Size: 3KB - Virtual size: 2KB

text
Size: 13KB - Virtual size: 12KB

data
Size: 32KB - Virtual size: 32KB

.trace
Size: 2KB - Virtual size: 2KB

.data1
Size: 512B - Virtual size: 64B

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 170KB - Virtual size: 169KB