mongoimport[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mongoimport.exe
Size

16.7MB
MD5

8b55faaf4248ac69a54bdee9b171858c
SHA1

182a9b5c8a0732e7f5b445874a4e542e487a21a8
SHA256

79ab43e4f9b7dd3ec522eba393c6c4967d235efa0524adc31bc7aa46267ffb4a
SHA512

ac8c91b5ecd9f2ea712caff381c524ad73ef179e07c0d4ed97520319f6b328a206822ab43d014b74797ceeb4035e9798135b474a751804534d8dc85b713ff9a4
SSDEEP

98304:WhrrSr80UdCGix5idNXBXbqY/l+0CD6EKJ73j/xy8Whb0cWcBoph:Whregp/25idhGeE8z5y8WhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mongoimport.exe

Files

mongoimport.exe
.exe windows x64

1ab8d1d25e69074525cc49906ff9499e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenStore

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FormatMessageA
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_lock
_onexit
_unlock
_vsnprintf
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

libeay32

ASN1_INTEGER_free
ASN1_INTEGER_new
ASN1_INTEGER_to_BN
BIO_clear_flags
BIO_free
BIO_new
BIO_new_mem_buf
BIO_read
BIO_s_mem
BIO_set_flags
BIO_snprintf
BIO_test_flags
BIO_write
BN_bin2bn
BN_bn2hex
BN_free
BN_new
BN_to_ASN1_INTEGER
CRYPTO_add_lock
CRYPTO_free
CRYPTO_malloc
CRYPTO_num_locks
CRYPTO_set_id_callback
CRYPTO_set_locking_callback
DH_free
ENGINE_by_id
ENGINE_finish
ENGINE_free
ENGINE_init
ENGINE_load_builtin_engines
ERR_clear_error
ERR_error_string_n
ERR_func_error_string
ERR_get_error
ERR_lib_error_string
ERR_peek_error
ERR_peek_last_error
ERR_reason_error_string
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_cipher
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_block_size
EVP_CIPHER_iv_length
EVP_CIPHER_key_length
EVP_CIPHER_nid
EVP_DecryptFinal_ex
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DigestFinal_ex
EVP_DigestInit
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_EncryptFinal_ex
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_MD_CTX_create
EVP_MD_CTX_destroy
EVP_MD_size
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new
EVP_PKEY_CTX_new_id
EVP_PKEY_asn1_get0_info
EVP_PKEY_assign
EVP_PKEY_base_id
EVP_PKEY_derive
EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_free
EVP_PKEY_get1_RSA
EVP_PKEY_id
EVP_PKEY_keygen
EVP_PKEY_keygen_init
EVP_PKEY_new
EVP_PKEY_paramgen
EVP_PKEY_paramgen_init
EVP_PKEY_set1_RSA
EVP_PKEY_size
EVP_SignFinal
EVP_VerifyFinal
EVP_aes_128_gcm
EVP_aes_192_gcm
EVP_aes_256_gcm
EVP_dss
EVP_dss1
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_md5
EVP_md_null
EVP_ripemd160
EVP_sha
EVP_sha1
EVP_sha224
EVP_sha256
EVP_sha384
EVP_sha512
FIPS_mode
FIPS_mode_set
HMAC_CTX_cleanup
HMAC_CTX_init
HMAC_Final
HMAC_Init_ex
HMAC_Update
OBJ_nid2sn
OPENSSL_add_all_algorithms_noconf
OPENSSL_config
PEM_ASN1_write_bio
PEM_read_bio_DHparams
PEM_read_bio_PUBKEY
PEM_read_bio_PrivateKey
PEM_read_bio_X509
PEM_write_bio_PUBKEY
PEM_write_bio_X509
RSA_generate_key
SSLeay
SSLeay_version
X509V3_EXT_conf_nid
X509V3_set_ctx
X509_EXTENSION_free
X509_LOOKUP_file
X509_LOOKUP_hash_dir
X509_NAME_add_entry_by_txt
X509_NAME_free
X509_NAME_get_text_by_NID
X509_NAME_new
X509_NAME_print_ex
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_ex_data
X509_STORE_add_cert
X509_STORE_add_lookup
X509_STORE_free
X509_STORE_new
X509_STORE_set_flags
X509_add_ext
X509_check_email
X509_check_host
X509_check_ip
X509_free
X509_get_issuer_name
X509_get_pubkey
X509_get_serialNumber
X509_get_subject_name
X509_gmtime_adj
X509_load_crl_file
X509_new
X509_set_issuer_name
X509_set_pubkey
X509_set_serialNumber
X509_set_subject_name
X509_sign
X509_verify_cert_error_string
d2i_PUBKEY_bio
d2i_PrivateKey_bio
d2i_X509
i2d_PUBKEY_bio
i2d_PrivateKey
i2d_PrivateKey_bio
sk_num
sk_pop_free
sk_value

ssleay32

SSL_CIPHER_get_name
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_timeout
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_ex_data
SSL_CTX_set_session_id_context
SSL_CTX_set_timeout
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_chain_file
SSL_SESSION_free
SSL_ctrl
SSL_do_handshake
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_servername
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_read
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_connect_state
SSL_set_ex_data
SSL_set_session
SSL_set_verify
SSL_set_verify_depth
SSL_shutdown
SSL_write
SSLv23_method
SSLv3_method
TLSv1_1_method
TLSv1_2_method
TLSv1_method
d2i_SSL_SESSION
i2d_SSL_SESSION

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/138
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ab8d1d25e69074525cc49906ff9499e

Headers

File Characteristics

Imports

crypt32

kernel32

msvcrt

libeay32

ssleay32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.data Size: 219KB - Virtual size: 218KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.pdata Size: 5KB - Virtual size: 4KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 137KB

.idata Size: 13KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 178KB - Virtual size: 178KB

/35 Size: 318KB - Virtual size: 318KB

/51 Size: 2.7MB - Virtual size: 2.7MB

/63 Size: 16KB - Virtual size: 15KB

/77 Size: 791KB - Virtual size: 791KB

/89 Size: 433KB - Virtual size: 432KB

/102 Size: 11KB - Virtual size: 11KB

/113 Size: 2.4MB - Virtual size: 2.4MB

/124 Size: 813KB - Virtual size: 813KB

/138 Size: 512B - Virtual size: 45B

.text
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 219KB - Virtual size: 218KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.pdata
Size: 5KB - Virtual size: 4KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 137KB

.idata
Size: 13KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 178KB - Virtual size: 178KB

/35
Size: 318KB - Virtual size: 318KB

/51
Size: 2.7MB - Virtual size: 2.7MB

/63
Size: 16KB - Virtual size: 15KB

/77
Size: 791KB - Virtual size: 791KB

/89
Size: 433KB - Virtual size: 432KB

/102
Size: 11KB - Virtual size: 11KB

/113
Size: 2.4MB - Virtual size: 2.4MB

/124
Size: 813KB - Virtual size: 813KB

/138
Size: 512B - Virtual size: 45B