skuld | slinky[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

slinky.rar
Size

26.1MB
MD5

2c6bddc33cec241b955de61acf5b3443
SHA1

d0d7fd56c6801edfe7d630e1760b4898b0a96010
SHA256

d2eaee32dee01579196e56203860fcf7280b1e327e6c37aaea3842477610154a
SHA512

a95254ccf49431214638205a404bf022c2dc0de45a46ff412d1161998274e1e72f71656e1814780e34acfb4dc51ddfdf7ea8408342152f66e2cdf6ff29448b63
SSDEEP

786432:muYvfKGq1vSjY/DY3MacWVHewsG483Z6bD7N:mPvfKGqJS8/DnALsG6HN

Score

10^/10

skuld

Malware Config

Extracted

Family

skuld

https://ptb.discord.com/api/webhooks/1272127018074640406/dHVa75jSMPaiEdYbiSLUjNWITHphosFrlmkfwpka_RSvNBCLhgp_ZiHAdnIAbdCZnLgB

Signatures

Skuld family
skuld

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/slinky/slinky.exe
unpack001/slinky/slinkyhook.dll

Files

slinky.rar
.rar

Password: slinky
slinky/slinky.exe
.exe windows:6 windows x64 arch:x64

Password: slinky

c2d457ad8ac36fc9f18d45bffcd450c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 463KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 891KB - Virtual size: 890KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
slinky/slinky_library.dll
slinky/slinkyhook.dll
.dll windows:6 windows x64 arch:x64

Password: slinky

fea4322ee6bcc5ab3c037ce7e50d99de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoUninitialize
CoInitialize

kernel32

InitializeCriticalSectionEx
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
GetModuleHandleA
CreateToolhelp32Snapshot
Sleep
GetLastError
DisableThreadLibraryCalls
HeapReAlloc
CloseHandle
GetSystemInfo
CreateThread
HeapAlloc
GetThreadContext
GetProcAddress
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
VirtualQuery
OpenThread
GetModuleFileNameA
EnterCriticalSection
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentThread
CreateNamedPipeW
TerminateThread
GetNativeSystemInfo
WaitForSingleObject
DuplicateHandle
ResetEvent
Thread32Next
GetExitCodeThread
GetProcessId
OpenProcess
IsWow64Process
VirtualAllocEx
VirtualFreeEx
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
CreateFileW
UnmapViewOfFile
DeleteFileW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
GetEnvironmentVariableW
GetWindowsDirectoryW
DeviceIoControl
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
CreateRemoteThread
VirtualQueryEx
LoadLibraryW
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
VirtualAlloc
GetCurrentProcess
VirtualFree
SetLastError
HeapFree
VirtualProtect
HeapCreate
IsBadWritePtr
RtlLookupFunctionEntry
OutputDebugStringW
IsDebuggerPresent
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead

user32

MessageBoxA

advapi32

RegOpenKeyW
RegSetValueExW
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
RegOpenKeyExW
OpenThreadToken
RegQueryValueExW

oleaut32

SysFreeString

msvcp140

?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ

shlwapi

SHDeleteKeyW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
memcpy
_CxxThrowException
__current_exception_context
memchr
memmove
__current_exception
__C_specific_handler
memcmp
memset
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
terminate
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

towlower
_stricmp
wcscpy_s
_wcsicmp

api-ms-win-crt-convert-l1-1-0

wcstol
atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??_FVMemMgr@asmjit@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: slinky

Password: slinky

c2d457ad8ac36fc9f18d45bffcd450c2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 463KB - Virtual size: 1.0MB

.pdata Size: 107KB - Virtual size: 107KB

.xdata Size: 512B - Virtual size: 180B

/4 Size: 512B - Virtual size: 297B

/19 Size: 891KB - Virtual size: 890KB

/32 Size: 166KB - Virtual size: 165KB

/46 Size: 512B - Virtual size: 48B

/65 Size: 1.7MB - Virtual size: 1.7MB

/78 Size: 1.0MB - Virtual size: 1.0MB

/90 Size: 318KB - Virtual size: 317KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 63KB

.symtab Size: 682KB - Virtual size: 682KB

Password: slinky

fea4322ee6bcc5ab3c037ce7e50d99de

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

user32

advapi32

oleaut32

msvcp140

shlwapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 504B

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 463KB - Virtual size: 1.0MB

.pdata
Size: 107KB - Virtual size: 107KB

.xdata
Size: 512B - Virtual size: 180B

/4
Size: 512B - Virtual size: 297B

/19
Size: 891KB - Virtual size: 890KB

/32
Size: 166KB - Virtual size: 165KB

/46
Size: 512B - Virtual size: 48B

/65
Size: 1.7MB - Virtual size: 1.7MB

/78
Size: 1.0MB - Virtual size: 1.0MB

/90
Size: 318KB - Virtual size: 317KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 63KB

.symtab
Size: 682KB - Virtual size: 682KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 504B