mergeserver[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mergeserver.exe
Size

291KB
MD5

442f70050205749b000504f7d4ea12f5
SHA1

bf0cfa475d9134f539339e9a2afa522ab2758387
SHA256

b8464d80255eee2ea9a2184a7de1aa32bbbcec5df73d36eede093e08b226aa92
SHA512

1473de6fa36102eb99e9112f4b6bd17fb7082e2c773ed8ae9489702d9d2d2eda604d4f6336e4949a0a941892068ae408fce0769767ee0275b8638e780a6ed550
SSDEEP

6144:FVB1xY2S7AM8Ub8uaot2eJ4bF5oyISSwZrhFq2EvApGF/p/uwONct43j92UTjZ:FV8T8UlkeJ48yIDwZrPfo9pGHNu4B2Ux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mergeserver.exe

Files

mergeserver.exe
.exe windows x86

9e0e9249fd9ec71a2fa79731ec8b98e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua51

luaL_newstate
lua_pcall
luaL_loadfile
lua_tonumber
luaL_openlibs
lua_isnumber
lua_insert
lua_rawseti
lua_toboolean
lua_checkstack
lua_pushstring
lua_rawgeti
lua_touserdata
lua_call
lua_objlen
lua_isstring
lua_tolstring
lua_tointeger
lua_isuserdata
lua_pushboolean
lua_createtable
luaL_checkinteger
luaL_error
luaL_checktype
lua_pushlightuserdata
lua_type
luaL_checklstring
lua_pushinteger
lua_pushcclosure
lua_pushvalue
lua_settop
lua_setmetatable
luaL_register
lua_getfield
lua_gettop
lua_pushnumber
luaL_checknumber
luaL_checkudata
lua_pushfstring
luaL_optnumber
lua_newuserdata
lua_setfield
lua_pushlstring

libmysql

mysql_num_rows
mysql_free_result
mysql_fetch_row
mysql_field_seek
mysql_num_fields
mysql_fetch_field
mysql_options
mysql_set_server_option
mysql_errno
mysql_get_client_info
mysql_init
mysql_fetch_lengths
mysql_close
mysql_real_connect
mysql_error
mysql_real_query
mysql_next_result
mysql_more_results
mysql_store_result
mysql_real_escape_string

msvcp140

?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?classic@locale@std@@SAABV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?_Xlength_error@std@@YAXPBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

mfc140

ord14054
ord5401
ord2680
ord12067
ord3933
ord3364
ord3363
ord3258
ord12111
ord1000
ord10986
ord12074
ord6193
ord13677
ord2758
ord9167
ord8997
ord10963
ord11343
ord10421
ord3396
ord3395
ord3159
ord6523
ord1389
ord890
ord3689
ord13278
ord5155
ord4869
ord2210
ord2241
ord1529
ord1692
ord8426
ord4725
ord4705
ord2881
ord8140
ord5565
ord5562
ord1142
ord503
ord8026
ord8031
ord13584
ord5911
ord13628
ord11663
ord6848
ord8713
ord14508
ord7887
ord14510
ord3050
ord4485
ord9647
ord5769
ord4493
ord4972
ord4911
ord4896
ord4958
ord5003
ord4926
ord4981
ord4997
ord4938
ord4944
ord4950
ord4932
ord4987
ord4920
ord1772
ord1751
ord1765
ord1739
ord1717
ord12201
ord12205
ord13798
ord3259
ord9213
ord10950
ord6947
ord12163
ord8922
ord14502
ord11881
ord3825
ord3830
ord12032
ord9096
ord11672
ord11671
ord5631
ord10240
ord10236
ord10238
ord10239
ord10237
ord14699
ord2759
ord10207
ord3295
ord3298
ord13681
ord6195
ord6104
ord3808
ord6507
ord462
ord12116
ord9192
ord7461
ord6540
ord3874
ord9166
ord10202
ord8182
ord5388
ord7677
ord7688
ord7687
ord5210
ord5390
ord5231
ord5742
ord5504
ord9305
ord5739
ord5528
ord5228
ord6463
ord7282
ord2200
ord1131
ord1111
ord952
ord4084
ord1109
ord6831
ord993
ord13830
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11928
ord11927
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12485
ord12484
ord2484
ord10330
ord5336
ord8285
ord7961
ord4580
ord12806
ord12869
ord10383
ord12190
ord8347
ord1468
ord7618
ord8429
ord13378
ord12162
ord12194
ord8180
ord12182
ord5894
ord3844
ord1044
ord310
ord300
ord316
ord6936
ord1661
ord2986
ord5898
ord305
ord2407
ord3005
ord2298
ord4807
ord8173

kernel32

InitializeCriticalSectionEx
Sleep
GetLastError
CreateThread
DeleteCriticalSection
WideCharToMultiByte
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
LeaveCriticalSection
GetProcAddress
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
EnterCriticalSection
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW

user32

EnableWindow
IsIconic
UpdateWindow
GetClientRect
AppendMenuA
SendMessageA
LoadIconW
DrawIcon
ScreenToClient
GetMessagePos
GetSystemMenu
EnumWindows
GetWindowLongA
SetWindowLongA
GetWindowTextA
GetSystemMetrics

comctl32

InitCommonControlsEx

vcruntime140

__telemetry_main_invoke_trigger
memmove
__std_terminate
__std_exception_destroy
__std_exception_copy
__std_type_info_compare
_purecall
__std_type_info_name
strstr
memchr
__RTtypeid
__vcrt_InitializeCriticalSectionEx
__RTDynamicCast
__telemetry_main_return_trigger
memset
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
_set_fmode
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atoi
strtod
_itoa
strtoul
strtol
_strtoi64

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

tolower
strncpy_s
isalnum
isdigit

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

api-ms-win-crt-math-l1-1-0

floor
ceil
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

ws2_32

ntohs
getservbyname

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e0e9249fd9ec71a2fa79731ec8b98e5

Headers

DLL Characteristics

File Characteristics

Imports

lua51

libmysql

msvcp140

mfc140

kernel32

user32

comctl32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 9KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 9KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 12KB - Virtual size: 12KB