ea967cdfb91056d5abd1b53b12b098003ab81f244c3fdcb06ab39c5159f25df3

Sharing

Copy URL Twitter E-mail

General

Target

ea967cdfb91056d5abd1b53b12b098003ab81f244c3fdcb06ab39c5159f25df3
Size

3.1MB
MD5

dd1d7b607cb4c65af1dace0fb15ed4ce
SHA1

1b22186ed219c819aeb12e1312e9023b53076eed
SHA256

ea967cdfb91056d5abd1b53b12b098003ab81f244c3fdcb06ab39c5159f25df3
SHA512

dc4977aa3ea318e50b9b2c5dfa1c992db92f5670d0c37b891a380092b37a85fdf5474dfd4e1bea0174bf02b56525facb1a8973be9c44d260d8a547f733082012
SSDEEP

49152:eByO3F1gSZBWIjOXOV8006LLv4Rd+ZEDK9Hcc9ttPLBucw73zyDdASD7SwHLoc2z:eByEZkIjq6tLLvId+ZftNBv2RQg5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea967cdfb91056d5abd1b53b12b098003ab81f244c3fdcb06ab39c5159f25df3

Files

ea967cdfb91056d5abd1b53b12b098003ab81f244c3fdcb06ab39c5159f25df3
.exe windows x86

faf747ac63f1ed7baba7d2aea7a8a68e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libmysql

mysql_stmt_fetch_column
mysql_error
mysql_init
mysql_num_fields
mysql_stmt_num_rows
mysql_stmt_execute
mysql_stmt_param_count
mysql_fetch_row
mysql_stmt_bind_param
mysql_free_result
mysql_stmt_field_count
mysql_stmt_close
mysql_stmt_prepare
mysql_stmt_init
mysql_close
mysql_set_character_set
mysql_fetch_lengths
mysql_options
mysql_stmt_free_result
mysql_real_connect
mysql_errno
mysql_get_character_set_info
mysql_stmt_errno
mysql_store_result
mysql_stmt_result_metadata
mysql_stmt_fetch
mysql_stmt_error
mysql_fetch_field_direct
mysql_stmt_bind_result
mysql_ping
mysql_real_query
mysql_stmt_store_result

kernel32

SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
FillConsoleOutputAttribute
GetFileType
SetConsoleCursorPosition
GetUserDefaultUILanguage
GetACP
MultiByteToWideChar
SetConsoleCP
WideCharToMultiByte
SetConsoleOutputCP
SetConsoleCtrlHandler
GetTickCount64
GetModuleFileNameA
FindFirstFileA
SetLastError
FindNextFileA
FindClose
lstrcmpA
GetLastError
FormatMessageA
GetCurrentProcess
LocalAlloc
GetCurrentThread
CloseHandle
LocalFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetFileAttributesA
IsDebuggerPresent
GetEnvironmentVariableW
GetConsoleScreenBufferInfo
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
DeleteFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
FreeLibrary
LoadLibraryA
LoadLibraryW
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
FillConsoleOutputCharacterA
FlushFileBuffers
GetConsoleOutputCP
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
SetEndOfFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetNamedPipeHandleState
WaitForMultipleObjects
TransactNamedPipe
GetModuleHandleW
WaitNamedPipeW
SetFilePointerEx
GetFileSizeEx
GetDriveTypeW
GetUserDefaultLCID
FreeLibraryAndExitThread
ExitThread
ExitProcess
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
LCMapStringEx
EnumSystemLocalesW
RtlCaptureContext
ReleaseSemaphore
GetProcessId
InitializeCriticalSection
CreateFileW
CreateThread
CreateSemaphoreW
VirtualQueryEx
SetUnhandledExceptionFilter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
Sleep
GetExitCodeThread
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RaiseException
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
InitializeCriticalSectionEx

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptDestroyKey
OpenThreadToken
AddAccessAllowedAce
GetLengthSid
DuplicateToken
InitializeAcl
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
SetSecurityDescriptorGroup
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
IsValidSecurityDescriptor

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

ws2_32

getaddrinfo
WSAStartup
getpeername
getsockname
WSASocketW
socket
ntohs
recv
freeaddrinfo
getnameinfo
WSAGetLastError
listen
shutdown
select
closesocket
bind
accept
WSACleanup
gethostname
WSASetLastError
ntohl
gethostbyname
send
setsockopt

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetQueryDataAvailable
HttpOpenRequestW
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
InternetCrackUrlW

Exports

Exports

uchardet_data_end
uchardet_delete
uchardet_get_charset
uchardet_handle_data
uchardet_new
uchardet_reset

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faf747ac63f1ed7baba7d2aea7a8a68e

Headers

DLL Characteristics

File Characteristics

Imports

libmysql

kernel32

user32

advapi32

crypt32

bcrypt

ws2_32

version

wininet

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 717KB - Virtual size: 717KB

.data Size: 39KB - Virtual size: 425KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 717KB - Virtual size: 717KB

.data
Size: 39KB - Virtual size: 425KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 101KB - Virtual size: 100KB