SELACO[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SELACO.exe
Size

9.8MB
MD5

857da1d41ac885dd1e329fc6d4fc86de
SHA1

48cb9f5e165fe0cd8bea76100d64e464dd2a2ced
SHA256

ebb193bd9a2d1482ea29eec7b3782fd348e8a03e8ec23f58917ce604c11dd08a
SHA512

bba1cd21552040d575f82e9c41011849b1214e792cc7078b6af894ba8b3e29c2a0a1822439b577406edabb718ae955b7a3b9d80b36d12f90a5ba143fb235bac5
SSDEEP

98304:RRcG2Y20xo9i5ZenNWkKwRd9AKRUxDD+x+Tevdp1Aog+f3AwuvfJdr7:RO0oPnNFKwRd9uxDD+xsOdp1gSwl/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SELACO.exe

Files

SELACO.exe
.exe windows:6 windows x64 arch:x64

5dcce8c710806586f5c4f7b583d9f1c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\Pancake Build\RelWithDebInfo\Selaco.pdb

Imports

wsock32

inet_addr
ntohl
recvfrom
sendto
ioctlsocket
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htons
inet_ntoa
closesocket
socket
bind

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

user32

DispatchMessageW
PeekMessageW
DefWindowProcW
PostQuitMessage
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetKeyState
MapVirtualKeyW
TranslateMessage
ReleaseCapture
InvalidateRect
AdjustWindowRectEx
SetCursor
GetWindowLongW
GetRawInputData
GetForegroundWindow
RegisterRawInputDevices
GetClientRect
GetWindowRect
SetCursorPos
GetCursorPos
ClientToScreen
SetForegroundWindow
GetFocus
GetActiveWindow
SetFocus
SetCapture
ClipCursor
GetClassLongPtrW
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetRawInputDeviceInfoW
ShowWindow
BringWindowToTop
GetDC
ReleaseDC
MessageBoxA
EnumDisplaySettingsW
GetMessageW
SendMessageW
ScreenToClient
SetWindowTextA
GetUpdateRect
EndPaint
BeginPaint
CallWindowProcW
SendMessageA
GetDesktopWindow
UnregisterClassW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
GetMonitorInfoA
IsZoomed
CreateIconIndirect
DestroyCursor
SetClassLongPtrW
GetWindowTextW
GetAsyncKeyState
EndDialog
DialogBoxParamW
MapDialogRect
IsDialogMessageW
LoadImageW
LoadIconW
LoadCursorW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
SetRect
FillRect
MessageBoxW
GetWindowTextLengthW
SetWindowTextW
DrawIcon
GetSystemMetrics
KillTimer
SetTimer
SendDlgItemMessageW
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
CreateDialogParamW
SetWindowPos
MoveWindow
DestroyWindow
CreateWindowExW
RegisterClassW

gdi32

DPtoLP
GetObjectW
SetMapMode
SetBkColor
GetMapMode
BitBlt
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
CreateDIBSection
SetPixelV
Rectangle
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
TextOutW
GetTextMetricsW
SetTextAlign
SetTextColor
SetBkMode
SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps

comctl32

ord17

comdlg32

GetSaveFileNameW

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetLineFromAddr64
ImageNtHeader
SymCleanup

zmusic

ZMusic_SetCallbacks
ZMusic_IdentifyMIDIType
ZMusic_SetWgOpn
ZMusic_SetDmxGus
ZMusic_CreateMIDISource
ZMusic_MIDIDumpWave
ZMusic_VolumeChanged
ZMusic_WriteSMF
ZMusic_GetStats
ChangeMusicSettingString
ZMusic_Stop
ZMusic_SetGenMidi
ZMusic_IsMIDI
ZMusic_IsLooping
ZMusic_Close
ZMusic_SetSubsong
ZMusic_GetLastError
ZMusic_GetMidiDevices
ChangeMusicSettingInt
FindLoopTags
ZMusic_IsPlaying
SoundDecoder_Close
ZMusic_Update
ZMusic_Resume
SoundDecoder_Read
SoundDecoder_GetInfo
CreateDecoder
ChangeMusicSettingFloat
ZMusic_GetStreamInfo
ZMusic_Pause
ZMusic_Start
ZMusic_FillStream
ZMusic_GetADLBanks
ZMusic_OpenSong

psapi

GetModuleInformation

advapi32

RegSetValueExW
RegCreateKeyExW
GetUserNameW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

CreateTimerQueue
VirtualFree
VirtualProtect
VirtualAlloc
UnregisterWaitEx
ReleaseSemaphore
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
SetLastError
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
TerminateProcess
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
DecodePointer
EncodePointer
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
SetStdHandle
CreateEventExW
InitializeCriticalSectionEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
RaiseException
RtlPcToFileHeader
SleepConditionVariableSRW
RtlUnwindEx
RtlUnwind
GetModuleHandleExW
GetCommandLineA
ExitThread
HeapSize
CreateDirectoryW
GetFileAttributesExW
GetDriveTypeW
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
DeleteFileW
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
LCMapStringEx
RemoveDirectoryW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
SwitchToThread
WaitForSingleObjectEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateMutexW
ReleaseMutex
IsProcessorFeaturePresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFreeEx
VirtualAllocEx
GetSystemInfo
MultiByteToWideChar
lstrlenW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapCreate
RtlLookupFunctionEntry
RtlDeleteFunctionTable
RtlAddFunctionTable
IsDebuggerPresent
GetNamedPipeHandleStateA
WaitNamedPipeW
PeekNamedPipe
VirtualQuery
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
CreateSemaphoreExW
GetFileInformationByHandle
GetLastError
SleepEx
GetCurrentProcess
SetPriorityClass
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
LoadLibraryW
RtlCaptureContext
GetStdHandle
WriteFile
CloseHandle
DuplicateHandle
SetUnhandledExceptionFilter
HeapAlloc
GetProcessHeap
Sleep
QueueUserAPC
ExitProcess
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
AllocConsole
AttachConsole
SetConsoleMode
ReadConsoleW
FlushConsoleInputBuffer
GetCurrentConsoleFontEx
SetCurrentConsoleFontEx
GetCommandLineW
GetModuleHandleW
MulDiv
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
GetVersionExW
GetModuleHandleA
LocalFree
GetProcessAffinityMask
SetThreadAffinityMask
FormatMessageA
GetNumaProcessorNode
WriteConsoleW
SetConsoleTextAttribute
GetEnvironmentVariableW
CreateFileW
GetFullPathNameW
RtlVirtualUnwind
GetFileSize
GetTempFileNameW
ReadFile
SetFilePointer
GetTempPathW
WaitForSingleObject
GetCurrentProcessId
CreateThread
GetExitCodeThread

shell32

ShellExecuteW
SHGetKnownFolderPath
ShellExecuteA

d3d9

Direct3DCreate9Ex

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 450KB - Virtual size: 10.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

areg
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

creg
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

freg
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yreg
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

greg
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dcce8c710806586f5c4f7b583d9f1c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

winmm

ole32

user32

gdi32

comctl32

comdlg32

dbghelp

zmusic

psapi

advapi32

kernel32

shell32

d3d9

Exports

Exports

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 450KB - Virtual size: 10.1MB

.pdata Size: 272KB - Virtual size: 271KB

areg Size: 9KB - Virtual size: 8KB

creg Size: 1024B - Virtual size: 944B

freg Size: 8KB - Virtual size: 7KB

yreg Size: 1024B - Virtual size: 600B

greg Size: 1024B - Virtual size: 680B

.rodata Size: 4KB - Virtual size: 4KB

_RDATA Size: 77KB - Virtual size: 76KB

.rsrc Size: 411KB - Virtual size: 410KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 450KB - Virtual size: 10.1MB

.pdata
Size: 272KB - Virtual size: 271KB

areg
Size: 9KB - Virtual size: 8KB

creg
Size: 1024B - Virtual size: 944B

freg
Size: 8KB - Virtual size: 7KB

yreg
Size: 1024B - Virtual size: 600B

greg
Size: 1024B - Virtual size: 680B

.rodata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 411KB - Virtual size: 410KB

.reloc
Size: 61KB - Virtual size: 60KB