241282aab634072d4b51ee71a1b9cd0bc0e2857523e2e1012795e33bc16eff3b

Sharing

Copy URL Twitter E-mail

General

Target

241282aab634072d4b51ee71a1b9cd0bc0e2857523e2e1012795e33bc16eff3b
Size

1.4MB
MD5

44e79037f1912051116a91d52cf1e2bc
SHA1

9a3caa5fe622c6e4830501e8ad6879af3b3b4fb6
SHA256

241282aab634072d4b51ee71a1b9cd0bc0e2857523e2e1012795e33bc16eff3b
SHA512

e0a5f066bdbbca491216f9c463f29d856380ad35c13443ae9b02f06bb25043986d1c9a4a9a2021e7b22d1525eadc5553afba6e1578acfda83746f27c2e216714
SSDEEP

24576:jUQPZahyR5zfaMi+a5ikxwK9yIsYpP3E9lg+cnI4bdwL5zbE3kPv5w7aGPDAAHcq:jUQPZaMvgE9l1OaLNbE3ov5w7aGPDAAZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
241282aab634072d4b51ee71a1b9cd0bc0e2857523e2e1012795e33bc16eff3b

Files

241282aab634072d4b51ee71a1b9cd0bc0e2857523e2e1012795e33bc16eff3b
.exe windows x86

0932fcd2dee8dfcb906ebf6916760872

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libmysql

mysql_free_result
mysql_stmt_close
mysql_stmt_prepare
mysql_stmt_init
mysql_close
mysql_set_character_set
mysql_fetch_lengths
mysql_options
mysql_stmt_free_result
mysql_real_connect
mysql_errno
mysql_get_character_set_info
mysql_stmt_errno
mysql_store_result
mysql_stmt_result_metadata
mysql_stmt_fetch
mysql_stmt_error
mysql_fetch_field_direct
mysql_stmt_bind_param
mysql_fetch_row
mysql_stmt_param_count
mysql_stmt_execute
mysql_stmt_num_rows
mysql_init
mysql_error
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_num_fields
mysql_stmt_bind_result
mysql_ping
mysql_real_query
mysql_stmt_store_result

kernel32

GetTimeZoneInformation
ReadConsoleW
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
HeapSize
FillConsoleOutputAttribute
GetFileType
SetConsoleCursorPosition
GetUserDefaultUILanguage
GetACP
MultiByteToWideChar
SetConsoleCP
WideCharToMultiByte
SetConsoleOutputCP
SetConsoleCtrlHandler
GetTickCount64
GetModuleFileNameA
FindFirstFileA
SetLastError
FindNextFileA
FindClose
lstrcmpA
GetLastError
FormatMessageA
GetCurrentProcess
LocalAlloc
GetCurrentThread
CloseHandle
LocalFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetFileAttributesA
IsDebuggerPresent
GetTimeFormatW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
SetEndOfFile
SetNamedPipeHandleState
WaitForMultipleObjects
TransactNamedPipe
WriteFile
AcquireSRWLockExclusive
GetDateFormatW
HeapAlloc
HeapFree
SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
ReadFile
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
RtlUnwind
GetCurrentProcessId
GetStartupInfoW
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetSystemTime
RtlCaptureContext
EnterCriticalSection
ReleaseSemaphore
GetProcessId
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
GetCurrentThreadId
LoadLibraryW
CreateThread
GetProcAddress
DeleteCriticalSection
FreeLibrary
CreateSemaphoreW
VirtualQueryEx
SetUnhandledExceptionFilter
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
WaitNamedPipeW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
Sleep
GetExitCodeThread
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RaiseException
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
CopyFileW
GetFileInformationByHandleEx
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx

advapi32

SetSecurityDescriptorDacl
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
IsValidSecurityDescriptor
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
DuplicateToken
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
SetSecurityDescriptorGroup

ws2_32

closesocket
select
shutdown
listen
WSASocketW
getaddrinfo
WSAStartup
getpeername
getsockname
send
socket
ntohs
recv
freeaddrinfo
getnameinfo
setsockopt
WSAGetLastError
bind
gethostbyname
ntohl
accept
gethostname
WSACleanup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetReadFile
InternetConnectW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCrackUrlW
HttpQueryInfoW
InternetOpenW
InternetQueryDataAvailable
HttpOpenRequestW
InternetCloseHandle

Exports

Exports

uchardet_data_end
uchardet_delete
uchardet_get_charset
uchardet_handle_data
uchardet_new
uchardet_reset

Sections

.text
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0932fcd2dee8dfcb906ebf6916760872

Headers

DLL Characteristics

File Characteristics

Imports

libmysql

kernel32

advapi32

ws2_32

version

wininet

Exports

Exports

Sections

.text Size: 1010KB - Virtual size: 1010KB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 25KB - Virtual size: 399KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 1010KB - Virtual size: 1010KB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 25KB - Virtual size: 399KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 50KB - Virtual size: 50KB