120-MYSQL-V999[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

120-MYSQL-V999.rar
Size

1.7MB
MD5

fda4772759e01da0ea6e3fbd29c5dddb
SHA1

f69580d295f903b1cbd0fc47b0175b7172b30a98
SHA256

6a5a2791cda73a54076004dae6ddbfc4d8708dbbf6dbc21008bd02baa5dcc22b
SHA512

595f0f23acf3b2a11c8942b8fb988d4dcffaf999fb17b6968ee36315562ac7eece329548ba2474b0a3a00d738673cef4910f3c22afb0c784befe3a8b9ba76d92
SSDEEP

49152:VTncItMt3AgEIxkMAp5luc/wNa/fO/SMgdf:VTcYrghxkMABuIwNMf/MQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/120-MYSQL-V999/RX-120-MYSQL-V999/encrypt.exe
unpack001/120-MYSQL-V999/RX-120-MYSQL-V999/libmysql.dll

Files

120-MYSQL-V999.rar
.rar

Password: infected
120-MYSQL-V999/RX-120-MYSQL-V999/120.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/120.dsp
120-MYSQL-V999/RX-120-MYSQL-V999/120.dsw
120-MYSQL-V999/RX-120-MYSQL-V999/120.h
120-MYSQL-V999/RX-120-MYSQL-V999/120.ico
120-MYSQL-V999/RX-120-MYSQL-V999/120.ncb
120-MYSQL-V999/RX-120-MYSQL-V999/120.opt
120-MYSQL-V999/RX-120-MYSQL-V999/120.plg
.html
120-MYSQL-V999/RX-120-MYSQL-V999/120.rc
120-MYSQL-V999/RX-120-MYSQL-V999/1readme.txt
120-MYSQL-V999/RX-120-MYSQL-V999/Adv.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Adv.h
120-MYSQL-V999/RX-120-MYSQL-V999/CleanUp.bat
120-MYSQL-V999/RX-120-MYSQL-V999/Cmd.h
120-MYSQL-V999/RX-120-MYSQL-V999/Conf.h
120-MYSQL-V999/RX-120-MYSQL-V999/Crc.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Crc.h
120-MYSQL-V999/RX-120-MYSQL-V999/Cry.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Cry.h
120-MYSQL-V999/RX-120-MYSQL-V999/Def.h
120-MYSQL-V999/RX-120-MYSQL-V999/Ext.h
120-MYSQL-V999/RX-120-MYSQL-V999/Fun.h
120-MYSQL-V999/RX-120-MYSQL-V999/Glo.h
120-MYSQL-V999/RX-120-MYSQL-V999/Ide.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Ide.h
120-MYSQL-V999/RX-120-MYSQL-V999/Inc.h
120-MYSQL-V999/RX-120-MYSQL-V999/Key.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Key.h
120-MYSQL-V999/RX-120-MYSQL-V999/Ldll.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Ldll.h
120-MYSQL-V999/RX-120-MYSQL-V999/Rnd.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Rnd.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/Asn.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/Asn.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/Netapi.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/Netapi.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/Sym.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/Sym.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/dcass.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/dcass.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/dcom.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/dcom.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/lsass.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/lsass.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/mssql.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/mssql.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/mysqludf.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/mysqludf.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/netbios.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/netbios.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/pstore.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/random.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/random.h
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/vncshit.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Scanners/vncshit.h
120-MYSQL-V999/RX-120-MYSQL-V999/Shel.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Shel.h
120-MYSQL-V999/RX-120-MYSQL-V999/Str.h
120-MYSQL-V999/RX-120-MYSQL-V999/Sys.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Sys.h
120-MYSQL-V999/RX-120-MYSQL-V999/Tcp.h
120-MYSQL-V999/RX-120-MYSQL-V999/Test.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Test.h
120-MYSQL-V999/RX-120-MYSQL-V999/Thr.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/Thr.h
120-MYSQL-V999/RX-120-MYSQL-V999/d3des.c
120-MYSQL-V999/RX-120-MYSQL-V999/d3des.h
120-MYSQL-V999/RX-120-MYSQL-V999/ddos.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/ddos.h
120-MYSQL-V999/RX-120-MYSQL-V999/encrypt.exe
.exe windows x86

Password: infected

d37c06b7a012aae518363f1da9c49f07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord825
ord641
ord4234
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord4853
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord616
ord609
ord800
ord2621
ord2575
ord4396
ord3574
ord2411
ord2023
ord4218
ord2578
ord6055
ord1776
ord4398
ord5290
ord3402
ord3582
ord1146
ord1168
ord860
ord540
ord567
ord2298
ord2289
ord2370
ord2302
ord1768
ord2379
ord755
ord470
ord6334
ord6199
ord2614
ord858
ord922
ord2818
ord5572
ord2915
ord4160
ord4376
ord1089
ord5265
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_XcptFilter
__set_app_type
_except_handler3
_controlfp
strtok
atoi
__CxxFrameHandler
_setmbcp
_exit
_onexit
__dllonexit
_snprintf
__p__fmode
sprintf

kernel32

GetModuleHandleA
GetStartupInfoA

user32

SystemParametersInfoA
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
EnableWindow
IsIconic

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
120-MYSQL-V999/RX-120-MYSQL-V999/firefox.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/firefox.h
120-MYSQL-V999/RX-120-MYSQL-V999/ftpd.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/ftpd.h
120-MYSQL-V999/RX-120-MYSQL-V999/icmpflood.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/icmpflood.h
120-MYSQL-V999/RX-120-MYSQL-V999/libmysql.dll
.dll windows x86

Password: infected

a1b85ef4293a4aaf9538f270bb83c8df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getpeername
shutdown
closesocket
setsockopt
send
recv
inet_ntoa
inet_addr
WSAStartup
WSACleanup
gethostbyname
getservbyname
ntohs
socket
ioctlsocket
htons
WSAGetLastError
connect

kernel32

GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
DeleteFileA
GetLocaleInfoW
LCMapStringW
LCMapStringA
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
InterlockedExchange
GetEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateFileA
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
SetCurrentDirectoryA
OpenEventA
InitializeCriticalSection
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesExA
SetEndOfFile
SetFilePointer
InterlockedIncrement
DeleteCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
CreateSemaphoreA
InterlockedDecrement
ReleaseSemaphore
SetThreadPriority
Sleep
ReadFile
WriteFile
WaitForMultipleObjects
FreeEnvironmentStringsW
GetEnvironmentStrings
GetFileInformationByHandle
PeekNamedPipe
OpenFileMappingA
WriteConsoleA
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetFileAttributesA
SetStdHandle
GetFileType
DebugBreak
GetStdHandle
OutputDebugStringA
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
GetSystemTimeAsFileTime
ResumeThread
CreateThread
ExitThread
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
FatalAppExitA
SetHandleCount
GetStartupInfoA
SetLastError
GetCurrentThread
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
VirtualProtect
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
GetCPInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
FreeEnvironmentStringsA

user32

MessageBoxA

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1012KB - Virtual size: 1023KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
120-MYSQL-V999/RX-120-MYSQL-V999/multipletopic.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/multipletopic.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/config-netware.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/config-os2.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/config-win.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/errmsg.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/libmysql.def
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/m_ctype.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/m_string.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_alloc.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_dbug.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_getopt.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_global.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_list.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_pthread.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/my_sys.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysql.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysql_com.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysql_embed.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysql_time.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysql_version.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysqld_ername.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/mysqld_error.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/raid.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysql headers/typelib.h
120-MYSQL-V999/RX-120-MYSQL-V999/mysqlclient.lib
120-MYSQL-V999/RX-120-MYSQL-V999/passwd.h
120-MYSQL-V999/RX-120-MYSQL-V999/patcher.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/patcher.h
120-MYSQL-V999/RX-120-MYSQL-V999/pingudp.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/pingudp.h
120-MYSQL-V999/RX-120-MYSQL-V999/pstore.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/pstorec.tlh
120-MYSQL-V999/RX-120-MYSQL-V999/pstorec.tli
120-MYSQL-V999/RX-120-MYSQL-V999/redpill.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/redpill.h
120-MYSQL-V999/RX-120-MYSQL-V999/rfb.h
120-MYSQL-V999/RX-120-MYSQL-V999/sniff.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/sniff.h
120-MYSQL-V999/RX-120-MYSQL-V999/socks4.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/socks4.h
120-MYSQL-V999/RX-120-MYSQL-V999/socks5.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/socks5.h
120-MYSQL-V999/RX-120-MYSQL-V999/synflood.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/synflood.h
120-MYSQL-V999/RX-120-MYSQL-V999/tcpflood.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/tcpflood.h
120-MYSQL-V999/RX-120-MYSQL-V999/tcpflood2.cpp
120-MYSQL-V999/RX-120-MYSQL-V999/tcpflood2.h
120-MYSQL-V999/RX-120-MYSQL-V999/tcpip.h
120-MYSQL-V999/RX-120-MYSQL-V999/ver.c
120-MYSQL-V999/RX-120-MYSQL-V999/ver.h

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d37c06b7a012aae518363f1da9c49f07

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

msvcp60

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 412B

.rsrc Size: 32KB - Virtual size: 28KB

Password: infected

a1b85ef4293a4aaf9538f270bb83c8df

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 433KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 1012KB - Virtual size: 1023KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 412B

.rsrc
Size: 32KB - Virtual size: 28KB

.text
Size: 436KB - Virtual size: 433KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 1012KB - Virtual size: 1023KB

.reloc
Size: 24KB - Virtual size: 22KB