SlingShot[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

SlingShot.bin
Size

42KB
MD5

87a28a99697452a37fc229b3aa3afe97
SHA1

5e4ddd2c5e6133aa409fdc9af0740e0f39341370
SHA256

fa513c65cded25a7992e2b0ab03c5dd5c6d0fc2282cd64a1e11a387a3341ce18
SHA512

2adc42739b1548e2cc168c0192af8eb2be6381cf9bb8c29e634e421890b4c46f3befd6af0918460ab91066d46f1009a449ad499b14b8927045bc36af92b03472
SSDEEP

768:MFUD0P9DX4me1k66VIGLW1eDCR/uujqv1ra2c9mRhNH+:2P9jVLnLW1ei/uujqNr5hNe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SlingShot.bin

Files

SlingShot.bin
.dll windows:5 windows x86 arch:x86

2f3b3df466e24e0792e0e90d668856bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
wcstoul
_vsnwprintf
_CxxThrowException
_except_handler3
_onexit
_lock
_unlock
_amsg_exit
_initterm
_XcptFilter
memcpy
memset
realloc
_vsnprintf
wcsstr
_snprintf
wcsncpy
malloc
_snwprintf
swscanf
sprintf
_wcsicmp
atoi
strchr
strstr
wcschr
strncpy
calloc
free
_strlwr
__dllonexit
memcmp

crypt32

CryptUnprotectData

ws2_32

listen
accept
WSAEventSelect
htons
inet_addr
WSASocketA
getsockopt
WSAIoctl
gethostbyname
WSAStartup
WSACreateEvent
recv
WSAConnect
socket
WSAGetLastError
select
bind
send
shutdown
WSACloseEvent
inet_ntoa
closesocket

kernel32

SetLastError
GetSystemDefaultUILanguage
CreateMutexW
GetModuleHandleW
VirtualAllocEx
VirtualProtectEx
VirtualFreeEx
TlsFree
GetLocaleInfoW
EnumUILanguagesW
GetUserDefaultUILanguage
GetNativeSystemInfo
GetSystemTime
TlsAlloc
TlsSetValue
TlsGetValue
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
HeapAlloc
HeapFree
GetProcessHeap
HeapSize
GetCurrentProcess
VirtualFree
RtlZeroMemory
Sleep
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ExitProcess
FindResourceA
FreeLibrary
LoadResource
GetModuleFileNameW
GetExitCodeThread
GetModuleFileNameA
CloseHandle
DeleteFileW
CreateThread
lstrlenA
OpenProcess
GetProcAddress
LoadLibraryA
GetModuleHandleA
LocalFree
lstrcpyA
GetCurrentThread

user32

PeekMessageW
wsprintfW
wsprintfA
GetSystemMetrics

advapi32

OpenProcessToken
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
LookupAccountSidW
RegOpenKeyExW
ImpersonateLoggedOnUser
AllocateAndInitializeSid
RevertToSelf
FreeSid
RegOpenKeyA
RegEnumKeyExW
RegCloseKey
RegQueryValueExA

oleaut32

GetErrorInfo

shlwapi

StrStrIW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

Exports

Exports

Init
dll_u

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LineRecs
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f3b3df466e24e0792e0e90d668856bc

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

crypt32

ws2_32

kernel32

user32

advapi32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 4KB

LineRecs Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 112B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 4KB

LineRecs
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 112B

.reloc
Size: 4KB - Virtual size: 4KB