General
-
Target
SQLDorks.exe
-
Size
63.8MB
-
MD5
f349d19b2b18be6e8bf30965a8b96f3c
-
SHA1
aca93705a535247bf2b7e726b78818d38cebf6a8
-
SHA256
42e0c3f0c491913980a7960835897cb4fd4c627309b5e656f713b21555d71ed0
-
SHA512
a5bb40ff237e48e3a778199497cf2989058a905128a414528684f16b531364476d9a545eca00de71f2b3f1dcadc8dfc23da1014cac33db84a2567bf85cd11214
-
SSDEEP
1572864:nCPEAfMXf/+eMv/xX2ch+XKR+iw2/sO/QAg+mOqhSONVuBV:nCVMXf/+eMv/xpgXYYLOqA6VW
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource SQLDorks.exe
Files
-
SQLDorks.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 52.2MB - Virtual size: 52.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 11.3MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 304KB - Virtual size: 304KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE