Slee[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Slee.dll
Size

1.4MB
MD5

84d0227107b7f347c3197d818360202e
SHA1

878bad74db214c0f29e12ee253a484e97f7e6f22
SHA256

4e9e8660a3c54e8b24423399707bd01ab714d1db26cc123017b0db450447601d
SHA512

4af1a234f87103055a84c4dc013f79daed95038a1ec517ba071e7d053ca7ec22ead51ff88fcaba0fd23774a4f7854d875672d0509489e2ffa9bda0107969a192
SSDEEP

24576:2jlHId6yXTa8ywj/U1FElyUXpk6ztqTSnMW:2jl7n8XaK5STSnT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Slee.dll

Files

Slee.dll
.dll windows:4 windows x64 arch:x64

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Build\Project\Medicine\Engine\2.0_MainTrunk\building\build\Project\Medicine\Engine\2.0\Trunk\Build\AMD64\free\MeDExt.pdb

Imports

kernel32

HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
AreFileApisANSI
TryEnterCriticalSection
HeapCompact
CreateEventW
__C_specific_handler
GetModuleFileNameW
DeviceIoControl
CancelIo
MoveFileW
SetFileAttributesW
GetFileTime
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetFileInformationByHandle
GetLocalTime
ReleaseMutex
SetEvent
GetCurrentProcess
lstrcmpiW
GetModuleHandleA
GetVersion
lstrlenW
lstrcmpW
LocalAlloc
GetSystemDirectoryW
GetShortPathNameW
OpenMutexW
lstrlenA
lstrcmpA
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
GetLastError
GetCurrentThreadId
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
SetLastError
GetVolumeInformationW
lstrcpynW
VerifyVersionInfoW
CloseHandle

advapi32

GetSecurityDescriptorSacl
RegEnumKeyExW
RegDeleteKeyW
EnumServicesStatusW
LockServiceDatabase
UnlockServiceDatabase
QueryServiceConfigW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
StartServiceW
DeleteService
CreateServiceW
RegCreateKeyExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
SetSecurityInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

_beginthreadex
_endthreadex
strcspn
fabs
strspn
strrchr
_lrotr
_lrotl
wcscmp
__CxxFrameHandler
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcsncat
wcsrchr
_vsnprintf
wcsncmp
wcsstr
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncmp
swprintf
_purecall
_wcslwr
wcschr
_wcsupr
_initterm
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
free
malloc
strcmp
localtime
memset
wcslen
_vsnwprintf
memmove
memcmp
memcpy
strlen
realloc
_CxxThrowException
_msize

user32

CharUpperW

Exports

Exports

MeDExtFinalize
MeDExtGet
MeDExtInitialize
MeDExtSet

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

version

msvcrt

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 151KB - Virtual size: 152KB

.data Size: 50KB - Virtual size: 56KB

.pdata Size: 36KB - Virtual size: 36KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 151KB - Virtual size: 152KB

.data
Size: 50KB - Virtual size: 56KB

.pdata
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 6KB - Virtual size: 6KB