Cyber_Protection_Agent_for_SQL_web[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Cyber_Protection_Agent_for_SQL_web.exe
Size

14.0MB
MD5

d5cc5655c57040ccbe9eac0bf6099226
SHA1

ea75e068b8adad171d77a321bf974667cf8713bf
SHA256

719d78ccfd7fcf3183f81842190bc44e5b2ec08a7e0bf7893754f5de7ab2341d
SHA512

e2c5f475d8f5493c2c2c13babd10a052b2b7c8e6ab3e353c1f3e1607db358ba4b8508f4a9c58068bbf0b2b8ec7e5d0ce82e41a1d63ab7bacc9fa4a724035bda6
SSDEEP

196608:I/NqYYPBx9vep18eoD8MKz057trbAlbbCsa35cKw+plMjN8M1A5+aGl:IwYYPBx9GS84+hO3KYmNE5+aGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cyber_Protection_Agent_for_SQL_web.exe

Files

Cyber_Protection_Agent_for_SQL_web.exe
.exe windows x86

f9481da8eaf8b6c5ed4437afd8b42a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeleteFont
GdiplusStartup
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDisposeImage
GdipFree
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipDrawImagePointRectI
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatLineAlign
GdiplusShutdown
GdipGetImageWidth
GdipGetEmHeight
GdipGetCellDescent
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipCreateStringFormat
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipSetWorldTransform
GdipResetWorldTransform
GdipSetClipRect
GdipResetClip
GdipLoadImageFromStream
GdipCloneImage
GdipCreateFont
GdipDrawImageRectRectI
GdipGetImageHeight
GdipAlloc

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
AllocateAndInitializeSid
FreeSid
LogonUserW
CheckTokenMembership
RegOpenKeyExA
InitiateSystemShutdownW
OpenProcessToken
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
EqualSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueA
GetUserNameA
GetUserNameW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityInfo
GetFileSecurityW
CloseServiceHandle
CreateProcessAsUserW
CreateProcessWithLogonW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
SetThreadToken
ChangeServiceConfigW
ChangeServiceConfig2W
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
StartServiceW

kernel32

CloseHandle
GetSystemInfo
CreateProcessA
GetWindowsDirectoryA
RemoveDirectoryA
RemoveDirectoryW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
MoveFileExW
GetComputerNameExW
GetVersionExA
LocalAlloc
LocalFree
GetCurrentThread
GetShortPathNameW
FormatMessageA
FormatMessageW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
LoadLibraryW
GetModuleFileNameA
CreateProcessW
GetStartupInfoA
GetStartupInfoW
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OutputDebugStringA
OutputDebugStringW
GetDriveTypeA
GetDriveTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CopyFileA
CopyFileW
GetComputerNameA
GetComputerNameW
SetComputerNameA
SetComputerNameW
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
GetNumberFormatA
GetShortPathNameA
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
GetVersionExW
SuspendThread
ResumeThread
DuplicateHandle
GetLogicalDrives
GetDiskFreeSpaceExW
GlobalLock
GlobalUnlock
TerminateProcess
GetExitCodeProcess
GetEnvironmentStringsW
WaitForSingleObject
GetFileType
GetStdHandle
SetHandleInformation
CreatePipe
WriteFile
ReadFile
IsDebuggerPresent
DebugBreak
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
GetCurrentProcessId
SetThreadPriority
GetThreadPriority
TerminateThread
Sleep
InitializeCriticalSection
GetTickCount
LCMapStringA
LCMapStringW
GetFileInformationByHandle
DeviceIoControl
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
GetDiskFreeSpaceW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
LockResource
ExitThread
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
CancelIo
GetLocalTime
SystemTimeToFileTime
FindClose
FileTimeToLocalFileTime
GetUserDefaultUILanguage
AreFileApisANSI
GetSystemTime
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
HeapValidate
HeapCreate
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
HeapCompact
CreateMutexW
GetFileSize
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
MulDiv
GlobalAlloc
GlobalFree
GetVersion
LoadLibraryExA
SetErrorMode
GetEnvironmentVariableW
SetLastError
GetCurrentProcess
FlushInstructionCache
MultiByteToWideChar
FindResourceW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryExW
LoadLibraryA
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetCommandLineW
EncodePointer
RtlUnwind
IsProcessorFeaturePresent
GetCPInfo
ExitProcess
GetModuleHandleExW
SetFilePointerEx
SetStdHandle
PeekNamedPipe
FileTimeToSystemTime
GetConsoleMode
ReadConsoleW
GetACP
GetConsoleCP
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
CreateSemaphoreW
IsValidCodePage
GetOEMCP
GetStringTypeW
FindFirstFileExW
GetCurrentThreadId
VerifyVersionInfoW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SystemTimeToTzSpecificLocalTime
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
ReleaseSemaphore
CreateSemaphoreA
GetThreadLocale
SleepEx
CreateTimerQueue
SignalObjectAndWait
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
DecodePointer
VerSetConditionMask
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetNumberFormatW
lstrlenA

user32

wvsprintfW
AppendMenuW
AppendMenuA
VkKeyScanExW
VkKeyScanExA
VkKeyScanW
VkKeyScanA
GetClipboardFormatNameW
GetClipboardFormatNameA
RegisterClipboardFormatW
RegisterClipboardFormatA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
RegisterClassExA
DefWindowProcA
PostMessageA
SendNotifyMessageW
SendNotifyMessageA
WinHelpW
SystemParametersInfoA
SystemParametersInfoW
MessageBoxA
CharUpperBuffW
GetMessageA
TranslateMessage
CreateWindowExA
IsWindowEnabled
IsCharAlphaNumericW
GetClassInfoExW
GetWindowTextW
GetWindowTextLengthW
SendMessageA
PeekMessageW
PeekMessageA
DispatchMessageW
DispatchMessageA
wsprintfW
GetUserObjectInformationA
GetProcessWindowStation
IsWindow
GetDesktopWindow
SetWindowTextW
SwitchToThisWindow
GetActiveWindow
GetDlgCtrlID
IsWindowVisible
EnableWindow
ReleaseDC
SetWindowRgn
RedrawWindow
IntersectRect
CallWindowProcW
SetCursor
GetCursorPos
ScreenToClient
FillRect
WinHelpA
SetWindowLongA
GetWindowLongA
SetWindowTextA
ModifyMenuW
UpdateLayeredWindow
ModifyMenuA
GetDC
SetForegroundWindow
GetSystemMetrics
DialogBoxParamW
CharNextW
DestroyWindow
LoadImageW
LoadIconW
LoadCursorW
GetClassNameA
SetWindowLongW
GetWindowLongW
GetWindowRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetFocus
SetFocus
GetDlgItem
EndDialog
SetWindowPos
ShowWindow
CreateWindowExW
RegisterClassExW
PostMessageW
MessageBoxExW
SendMessageW
KillTimer
SetTimer
UnregisterClassW
DefWindowProcW

gdi32

TextOutW
GetObjectW
GetTextExtentPoint32W
GetStockObject
CreateRectRgn
SetTextColor
DPtoLP
GetDeviceCaps
GetTextMetricsW
GetTextMetricsA
EnumFontFamiliesExW
EnumFontFamiliesExA
CreateFontIndirectW
CreateFontIndirectA
CreateSolidBrush
SetViewportOrgEx
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
BitBlt

comctl32

InitCommonControlsEx

ws2_32

WSASetEvent
WSACleanup
bind
closesocket
ioctlsocket
htonl
htons
inet_addr
recv
sendto
socket
WSAGetLastError
WSAGetOverlappedResult
getpeername
getsockname
ntohs
setsockopt
getaddrinfo
gethostname
WSAIoctl
WSASetLastError
freeaddrinfo
getnameinfo
__WSAFDIsSet
connect
select
shutdown
WSARecv
WSASend
WSACloseEvent
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
ntohl
accept
getsockopt
listen
recvfrom
send
gethostbyname
WSAStartup

shell32

ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
ShellExecuteExW
Shell_NotifyIconA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
ShellExecuteExA

comdlg32

GetOpenFileNameA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoInitializeEx
OleRun
ReleaseStgMedium
CreateStreamOnHGlobal
CoSetProxyBlanket

oleaut32

SysStringLen
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString
SafeArrayGetLBound
SafeArrayGetElement
VarBstrCat
SafeArrayGetDim
SafeArrayGetUBound
SysAllocStringByteLen
SysStringByteLen

shlwapi

PathIsDirectoryW
PathGetDriveNumberW
PathGetCharTypeW
PathCanonicalizeW
PathAppendW
PathSearchAndQualifyW

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9481da8eaf8b6c5ed4437afd8b42a9c

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

advapi32

kernel32

user32

gdi32

comctl32

ws2_32

shell32

comdlg32

ole32

oleaut32

shlwapi

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 322KB - Virtual size: 507KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 521KB - Virtual size: 521KB

.reloc Size: 442KB - Virtual size: 441KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 322KB - Virtual size: 507KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 521KB - Virtual size: 521KB

.reloc
Size: 442KB - Virtual size: 441KB