Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Slugin.B

Trojan.Slugin.B

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 16,573
Threat Level: 80 % (High)
Infected Computers: 282
First Seen: July 12, 2021
Last Seen: May 21, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Slugin.B
Signature status: No Signature

Known Samples

MD5: 5b0ee1b06f1a90b3156ea7c1a5b9920e
SHA1: 8015e2839c5c0c0329e92893627d664a43061426
SHA256: C1877A055E3FA8A69EFDF482EEA0C1F9593678F17930155F7585C62BAFEC9506
File Size: 483.81 KB, 483811 bytes
MD5: 98b99a210a6e6a886050b759eec3506d
SHA1: a66f8e71f682bbed94ae629408eb3b7726cfaf37
SHA256: D2EEE0713FC55D3B110582B4A68369300EBD2A59B473E7EE50AC6FF65D6968E7
File Size: 1.03 MB, 1031139 bytes
MD5: eb4acbaedd365a94ac01d44934bdebde
SHA1: 4bfce9a75cdf5a2ebb88b80c72468aaca8c814c9
SHA256: 6135A5ABE346A3AF1757998C92AFF58732468333B6C4A12714DB761703E3454B
File Size: 198.14 KB, 198144 bytes
MD5: 414731c8de91b6e921284dea4cf673ba
SHA1: 171c4b9b8d00ed8159054f34be6531fff23d3e0a
SHA256: 6788E3D15D5F5432C9F6B8FFCE17AC581A90F408F910913609D2C28725E9E0E5
File Size: 199.03 KB, 199031 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name MySQL AB
File Description Administrator Tool for Win32
File Version 1.0.0.0
Internal Name WinMySQLadmin
Legal Copyright Read Public File
Product Name WinMySQLadmin
Product Version 1.0.0.0

File Traits

  • 2+ executable sections
  • big overlay
  • BINinO
  • HighEntropy
  • Installer Manifest
  • MZ (In Overlay)
  • nosig nsis
  • No Version Info
  • SusSec
  • x86

Block Information

Total Blocks: 64
Potentially Malicious Blocks: 0
Whitelisted Blocks: 54
Unknown Blocks: 10

Visual Map

0 ? ? ? 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\roaming\wplugin.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\wplugin.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKCU\software\user914\1214104697::1919251317 + RegNtPreCreateKey
HKCU\software\user914\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\user914\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\user914\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\user914\1214104697::1006321993 ½ RegNtPreCreateKey
HKCU\software\user914\1214104697::-1369393986 http://lpbmx.ru/logos.gifhttp://macedonia.my1.ru/mainh.gifht RegNtPreCreateKey
HKCU\software\user914\1214104697::549857331 RegNtPreCreateKey
Show More
HKCU\software\user914::u1_0 ⠺첖 RegNtPreCreateKey
HKCU\software\user914::u2_0 RegNtPreCreateKey
HKCU\software\user914::u3_0 晁ă RegNtPreCreateKey
HKCU\software\user914::u4_0 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • ReadProcessMemory
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...