sql[.]tmp[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

sql.tmp.dll
Size

318KB
MD5

d8a8cc25bf5ef5b96ff7a64f663cbd29
SHA1

d1e5e29c162566ce1d8a3d9c1a758fdbfef74174
SHA256

aec915753612bb003330ce7ffc67cfa9d7e3c12310f0ecfd0b7e50abf427989a
SHA512

703462497a8a85b00355ba7e572214fe84ea5151cd02adec6e76309fcaf06baf77e2846c3448ffb97ef8d8b0ad8b5edd2e434baad38eaa0f6855b04be461dcc7
SSDEEP

6144:mYu+TNVHFjt0W8zPtkpYrKms8YlTl+0TMKJU/liMTXYBcr4w:I2L0W8zFkpVzFl+08/MMj1X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sql.tmp.dll

Files

sql.tmp.dll
.dll windows x64

6faf0aa45f2399d434f7346ab64c7697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetLastError
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
DecodePointer
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
RtlUnwindEx
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameW
LoadLibraryW
HeapSize

Exports

Exports

CalculateSum
CalculateSumW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6faf0aa45f2399d434f7346ab64c7697

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 278KB - Virtual size: 282KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 278KB - Virtual size: 282KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB