mysqld-nt[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mysqld-nt.exe
Size

5.5MB
MD5

0bb913f9f02677bd4ae96d4967cacfee
SHA1

24444163839f6435eb222788fadf26e012543908
SHA256

2ac46b01bf1e238f72701dc42f27666ffe9a3f82a401358df43013d7b2edab35
SHA512

a50c8d046165232c41e6334bca89dec514f39458b311d7322622c72d8ec38f9fd42854e42d96e2595d1a26a56957516cbb2d6bf0a1b65a99069ab74f92be6c56
SSDEEP

98304:rUeT51Xr7boeFqPuioPPPkrrfeAAANIbb1111YYdvvV+pAetQGeeGleNNkakQQx:rUCdfIQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mysqld-nt.exe

Files

mysqld-nt.exe
.exe windows x86

0b98538f2b1cda3300dfe704e2aad1a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
ResumeThread
GetCurrentProcess
LocalAlloc
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryExA
FreeLibrary
GetVersionExA
UnlockFile
LockFile
SystemTimeToFileTime
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
FreeConsole
SetErrorMode
CreateEventA
CreateFileMappingA
MapViewOfFile
WaitForSingleObject
UnmapViewOfFile
ConnectNamedPipe
CreateNamedPipeA
FormatMessageA
LocalFree
CancelIo
DisconnectNamedPipe
Sleep
SetEvent
InterlockedDecrement
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
LocalFileTimeToFileTime
SetFileTime
PeekNamedPipe
GetFileInformationByHandle
RemoveDirectoryA
SetFileAttributesA
DuplicateHandle
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetLastError
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
CloseHandle
GetLocaleInfoW
VirtualProtect
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
LCMapStringW
LCMapStringA
GetSystemDirectoryA
GetModuleHandleA
GetWindowsDirectoryA
GetLocaleInfoA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetTempFileNameA
ResetEvent
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
SetFilePointer
DeleteFileA
MoveFileA
GetTickCount
FlushViewOfFile
GetSystemInfo
GetVersion
GetFileAttributesExA
FindClose
FindNextFileA
FindFirstFileA
ReadFile
WriteFile
GetLocalTime
VirtualAlloc
CreateDirectoryA
GetFileSize
FlushFileBuffers
GetOverlappedResult
CreateThread
ExitThread
GetThreadPriority
ReleaseMutex
CreateMutexA
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetFileAttributesA
GetCommandLineA
WideCharToMultiByte
GetTimeZoneInformation
SetStdHandle
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
RtlUnwind
GetDriveTypeA
FatalAppExitA
SetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InterlockedExchange
VirtualQuery
LoadLibraryA
SetEnvironmentVariableW

user32

PeekMessageA
MessageBoxA
KillTimer
SetTimer

advapi32

RegEnumValueA
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
DeleteService
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceConfigA
QueryServiceStatus
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

wsock32

inet_ntoa
WSACleanup
__WSAFDIsSet
WSAStartup
gethostname
select
send
WSASetLastError
accept
getsockname
bind
recv
shutdown
closesocket
getservbyname
ntohs
htonl
inet_addr
gethostbyaddr
gethostbyname
socket
WSAGetLastError
ioctlsocket
htons
connect
setsockopt
getpeername
listen

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 888KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b98538f2b1cda3300dfe704e2aad1a7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 888KB - Virtual size: 884KB

.data Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 8KB - Virtual size: 6KB

.tls Size: 4KB - Virtual size: 782B

.rsrc Size: 4KB - Virtual size: 844B

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 888KB - Virtual size: 884KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 8KB - Virtual size: 6KB

.tls
Size: 4KB - Virtual size: 782B

.rsrc
Size: 4KB - Virtual size: 844B