7b6202a2c9c14dc349fe1de8dfd9aa181f554a533c0d8e5d664425f64ed7a6ae

Sharing

Copy URL Twitter E-mail

General

Target

7b6202a2c9c14dc349fe1de8dfd9aa181f554a533c0d8e5d664425f64ed7a6ae
Size

5.5MB
MD5

9ddbabcb82fa98e39358cb96b9d383f8
SHA1

a3e05bc404dd7f0a8fc375f0e54594515e10f491
SHA256

7b6202a2c9c14dc349fe1de8dfd9aa181f554a533c0d8e5d664425f64ed7a6ae
SHA512

eb5a34e76a05a8507825c3b8956b31115d34e54338a9db8f07c3c057c6c009d8545c4db83f7b674f0674c480ae4aa93d88570a398cef3d02be30f9353bc73f63
SSDEEP

98304:G8YveVwGi1Cce3J5VDqv6TpL2rzE1OQb2qndDQ/iEBNh/N2lEu1VjAv4OJRZAidn:GSwGi63t+iT923W2qn1a/Bn/olZ1lAv3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SQLi Dumper v.10.2 {Cracked_By_Angeal}/Config/File0.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SQLi Dumper v.10.2 {Cracked_By_Angeal}/ChilkatDotNet46.dll
unpack001/SQLi Dumper v.10.2 {Cracked_By_Angeal}/Config/File0.exe
unpack001/SQLi Dumper v.10.2 {Cracked_By_Angeal}/SQLi Dumper_Cracked_By_Angeal.exe
unpack001/SQLi Dumper v.10.2 {Cracked_By_Angeal}/SQLi.exe
unpack001/SQLi Dumper v.10.2 {Cracked_By_Angeal}/SkinSoft.VisualStyler.dll

Files

7b6202a2c9c14dc349fe1de8dfd9aa181f554a533c0d8e5d664425f64ed7a6ae
.zip
SQLi Dumper v.10.2 {Cracked_By_Angeal}/ChilkatDotNet46.dll
.dll windows x86

17178065eaac00288266f2ea96b1276e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
SetFileAttributesA
RemoveDirectoryW
GetFullPathNameW
GetFullPathNameA
GetFileAttributesW
GetFileAttributesA
FindNextFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
GetVersionExA
LocalFileTimeToFileTime
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetComputerNameA
FindFirstFileW
FindClose
DeleteFileW
DeleteFileA
CreateFileA
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryA
GetProcAddress
CreateFileW
GetCurrentThreadId
GetLastError
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateThread
WriteFile
SetFileTime
SetEndOfFile
ReadFile
GetFileTime
GetFileSize
MoveFileW
WideCharToMultiByte
IsBadReadPtr
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
LocalFree
LocalAlloc
MoveFileA
CopyFileW
CopyFileA
CloseHandle
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetTempPathA
GetModuleFileNameW
GetTempPathW
GetSystemTime
CompareFileTime
GetOEMCP
GetACP
GetComputerNameW
FormatMessageA
GetModuleFileNameA
GetTickCount
GetSystemTimeAsFileTime
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetFilePointer
GetCurrentProcess
SetFileAttributesW

vcruntime140

__CxxFrameHandler3
memset
strchr
__std_terminate
memmove
__CxxQueryExceptionSize
memchr
memcpy
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__FrameUnwindFilter
__std_exception_copy
__std_exception_destroy
_CxxThrowException
strstr
__CxxExceptionFilter
wcsstr
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
_get_timezone
_localtime64_s
_mktime64
_tzset
_get_daylight

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

towupper
tolower
_stricmp
towlower
isalnum
strncmp
_strnicmp
toupper

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vfprintf
fopen_s
fgets
fwrite
ftell
_fseeki64
fseek
fread
_fileno
ferror
_telli64
_filelengthi64
_filelength
_chsize_s

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

atoi
_atoi64
strtol
atof

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
terminate
_seh_filter_dll
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
abort

api-ms-win-crt-math-l1-1-0

_except1

crypt32

CryptEncodeObject
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CryptMsgControl
CertOpenStore
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptSignMessage
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CryptEncryptMessage
CryptDecryptMessage
CryptDecodeObject
CertDuplicateCertificateContext
CertCreateCertificateContext
CertSetCertificateContextProperty
CertVerifyRevocation
CertNameToStrW
CertSaveStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CryptMsgOpenToDecode

ws2_32

inet_addr
WSAGetLastError
WSAStartup
gethostname
gethostbyname
socket
accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
htons
__WSAFDIsSet
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
shutdown

advapi32

CryptCreateHash
CryptSignHashA
RegCloseKey
RegQueryValueExA
CryptReleaseContext
CryptGenRandom
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptImportKey
CryptHashData
CryptGetProvParam
CryptEnumProvidersA
CryptGenKey
CryptGetUserKey
ChangeServiceConfigA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
LockServiceDatabase
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
UnlockServiceDatabase
GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextA
CryptAcquireContextW
CryptSetHashParam
CryptDestroyHash

shell32

ShellExecuteA

mscoree

_CorDllMain

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SQLi Dumper v.10.2 {Cracked_By_Angeal}/Config/File0.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SQLi Dumper v.10.2 {Cracked_By_Angeal}/LNG/English.xml
.xml
SQLi Dumper v.10.2 {Cracked_By_Angeal}/LNG/French.xml
.xml
SQLi Dumper v.10.2 {Cracked_By_Angeal}/LNG/German.xml
.xml
SQLi Dumper v.10.2 {Cracked_By_Angeal}/LNG/Persian.xml
.xml
SQLi Dumper v.10.2 {Cracked_By_Angeal}/LNG/Portuguese.xml
.xml
SQLi Dumper v.10.2 {Cracked_By_Angeal}/LNG/Russian.xml
.xml
SQLi Dumper v.10.2 {Cracked_By_Angeal}/SQLi Dumper_Cracked_By_Angeal.exe
.exe windows x86

5877688b4859ffd051f6be3b8e0cd533

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SQLi Dumper v.10.2 {Cracked_By_Angeal}/SQLi.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SQLi Dumper v.10.2 {Cracked_By_Angeal}/Settings.xml
.xml .js
SQLi Dumper v.10.2 {Cracked_By_Angeal}/SkinSoft.VisualStyler.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1002KB - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17178065eaac00288266f2ea96b1276e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

crypt32

ws2_32

advapi32

shell32

mscoree

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 268KB - Virtual size: 280KB

.gfids Size: 512B - Virtual size: 60B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 172KB - Virtual size: 171KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 61KB - Virtual size: 64KB

.rsrc Size: 69KB - Virtual size: 72KB

5877688b4859ffd051f6be3b8e0cd533

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.code Size: 14KB - Virtual size: 13KB

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 68KB - Virtual size: 67KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1002KB - Virtual size: 1001KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 268KB - Virtual size: 280KB

.gfids
Size: 512B - Virtual size: 60B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 172KB - Virtual size: 171KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 61KB - Virtual size: 64KB

.rsrc
Size: 69KB - Virtual size: 72KB

.code
Size: 14KB - Virtual size: 13KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 68KB - Virtual size: 67KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1002KB - Virtual size: 1001KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB