baf04fbb8857140eb82e96f8fdd0df15c4b12739f43afd29ac7717c400e43ac2

Sharing

Copy URL Twitter E-mail

General

Target

baf04fbb8857140eb82e96f8fdd0df15c4b12739f43afd29ac7717c400e43ac2
Size

1.4MB
MD5

baa5ebd8b00c2c6335b6ccc00cb18e0f
SHA1

3c97fa996f46b51aa7af365605bf769f3d323938
SHA256

baf04fbb8857140eb82e96f8fdd0df15c4b12739f43afd29ac7717c400e43ac2
SHA512

6d9b0a6a2f02b4b1bd4ea9487b9de8ae88d91272d20e4ecd9154645312e6003ab6187512b82f1a2d459d847b4f69e0ccf75664df283fbafa05f9b7a07f6dac1c
SSDEEP

24576:eGq1ocwi0Ws+7qX2PIlduzQ8fF/lR8nYjsy+pMb80jRJg59xQILUTTUDRRESHJli:k1uWjvzh88sxQxTT0RqSpl9M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baf04fbb8857140eb82e96f8fdd0df15c4b12739f43afd29ac7717c400e43ac2

Files

baf04fbb8857140eb82e96f8fdd0df15c4b12739f43afd29ac7717c400e43ac2
.exe windows x86

6984505597063534a0ec5e89c0babbfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
connect
inet_ntoa
inet_addr
recv
ioctlsocket
setsockopt
WSAGetLastError
WSAStartup
htonl
ntohs
ntohl
send
WSASetLastError
listen
shutdown
select
gethostbyname
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
gethostname
htons

libmysql

mysql_set_character_set
mysql_real_escape_string
mysql_affected_rows
mysql_fetch_lengths
mysql_options
mysql_stmt_free_result
mysql_real_connect
mysql_errno
mysql_stmt_errno
mysql_store_result
mysql_stmt_insert_id
mysql_stmt_result_metadata
mysql_stmt_fetch
mysql_stmt_error
mysql_fetch_field_direct
mysql_insert_id
mysql_stmt_bind_result
mysql_ping
mysql_real_query
mysql_num_rows
mysql_stmt_store_result
mysql_stmt_prepare
mysql_stmt_close
mysql_stmt_field_count
mysql_free_result
mysql_stmt_bind_param
mysql_fetch_row
mysql_stmt_param_count
mysql_stmt_execute
mysql_stmt_num_rows
mysql_escape_string
mysql_num_fields
mysql_init
mysql_close
mysql_error
mysql_stmt_fetch_column
mysql_stmt_init

kernel32

GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
SetEnvironmentVariableW
GetTickCount64
GetUserDefaultUILanguage
GetACP
HeapSize
SetConsoleCP
WideCharToMultiByte
SetConsoleOutputCP
FormatMessageA
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
FillConsoleOutputAttribute
GetFileType
SetConsoleCursorPosition
SetConsoleCtrlHandler
GetModuleFileNameA
FindFirstFileA
SetLastError
FindNextFileA
FindClose
lstrcmpA
GetLastError
GetCurrentProcess
LocalAlloc
GetCurrentThread
CloseHandle
LocalFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetFileAttributesA
IsDebuggerPresent
GetCommandLineW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetNamedPipeHandleState
WaitForMultipleObjects
TransactNamedPipe
MultiByteToWideChar
GetCurrentDirectoryW
GetCommandLineA
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
InterlockedPushEntrySList
RtlUnwind
GetCurrentProcessId
GetStartupInfoW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetSystemTime
RtlCaptureContext
EnterCriticalSection
ReleaseSemaphore
GetProcessId
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
GetCurrentThreadId
LoadLibraryW
CreateThread
GetProcAddress
DeleteCriticalSection
FreeLibrary
CreateSemaphoreW
VirtualQueryEx
SetUnhandledExceptionFilter
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocaleInfoEx
SetCurrentDirectoryW
WaitNamedPipeW
CreateDirectoryW
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
CopyFileW
GetFileInformationByHandleEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
InitializeCriticalSectionAndSpinCount

advapi32

SetSecurityDescriptorDacl
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
IsValidSecurityDescriptor
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
DuplicateToken
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
SetSecurityDescriptorGroup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetOpenW
HttpQueryInfoW
InternetQueryDataAvailable
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
InternetCrackUrlW
HttpOpenRequestW

Exports

Exports

uchardet_data_end
uchardet_delete
uchardet_get_charset
uchardet_handle_data
uchardet_new
uchardet_reset

Sections

.text
Size: 990KB - Virtual size: 990KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6984505597063534a0ec5e89c0babbfd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

libmysql

kernel32

advapi32

version

wininet

Exports

Exports

Sections

.text Size: 990KB - Virtual size: 990KB

.rdata Size: 344KB - Virtual size: 344KB

.data Size: 22KB - Virtual size: 517KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 990KB - Virtual size: 990KB

.rdata
Size: 344KB - Virtual size: 344KB

.data
Size: 22KB - Virtual size: 517KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 55KB - Virtual size: 55KB