mysqldump[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mysqldump.exe
Size

3.6MB
MD5

0f045ece30c14841fb15e22218842b2e
SHA1

16be469d497274ace1691972f1f5da3aa67fa828
SHA256

b318df94e4934c388c8b2df3e3f7c2138165aff16400c70d3353664a879a71c4
SHA512

e240c5836d6bade45e55928f6c1a5cb5e6f2c36c226967b25e44464c9ed980963c49e7d03100957255d888d901958df4806e03ff79c7656735e9574c0fa580e5
SSDEEP

24576:DdvNazZK8VA2z2+xx7r5oXMEhTl7XWXYRNGavxnfkn8q8Xof5LfGH:DdvNazZK8VdKX5Tl78YRJvJfJ5Xs5zS

Score

1^/10

Malware Config

Signatures

Files

mysqldump.exe
.exe windows:6 windows x64

b89fcbf097141a4589f8ebac0cd91870

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:14:23:0e:d1:80:3b:d5:31:34:4d:a6:1a:6a:70:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/12/2021, 00:00

Not After

04/01/2024, 23:59

Subject

CN=MariaDB Corporation Ab,OU=Connectors,O=MariaDB Corporation Ab,L=Espoo,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:60:e7:4c:2b:ea:4a:48:db:f3:4c:3e:c4:51:83:7b:fb:7b:dd:25
Signer

Actual PE Digest

39:60:e7:4c:2b:ea:4a:48:db:f3:4c:3e:c4:51:83:7b:fb:7b:dd:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

freeaddrinfo
getaddrinfo
WSASetLastError
socket
shutdown
setsockopt
send
select
recv
ntohs
getservbyname
WSAStartup
WSACleanup
WSAGetLastError
connect
getsockopt
__WSAFDIsSet
bind
closesocket
ioctlsocket

advapi32

CryptImportKey
CryptReleaseContext
CryptAcquireContextA
CryptDestroyKey
RegCloseKey
RegEnumValueA
RegOpenKeyExA

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
InitOnceExecuteOnce
GetCurrentProcessId
GetCurrentThreadId
GetACP
GetConsoleCP
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExA
FormatMessageA
SwitchToFiber
DeleteFiber
CreateFiber
LocalAlloc
LocalFree
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetModuleFileNameA
CancelIoEx
Sleep
CreateFileA
ReadFile
UnhandledExceptionFilter
CloseHandle
SetLastError
PeekNamedPipe
GetOverlappedResult
WaitForSingleObject
CreateEventA
GetTickCount64
WaitNamedPipeA
SetEvent
OpenEventA
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSizeEx
MultiByteToWideChar
GetLocaleInfoA
DeleteFileA
SetFileInformationByHandle
MoveFileA
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetStdHandle
GetFileAttributesExA
GetCurrentProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
GetFullPathNameA
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
GetLogicalDrives
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
WriteFile
GetModuleHandleW

shlwapi

PathRemoveFileSpecA

crypt32

CertOpenStore
CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertAddCRLContextToStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CryptDecodeObjectEx
CryptStringToBinaryA
CertDuplicateStore

secur32

DecryptMessage
EncryptMessage
FreeContextBuffer
InitializeSecurityContextA
QueryContextAttributesA
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
memmove
memset
memcpy
strrchr
strstr
__current_exception
strchr

api-ms-win-crt-runtime-l1-1-0

exit
_set_invalid_parameter_handler
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
_exit
_initialize_onexit_table
_register_onexit_function
abort
_beginthreadex
_initterm_e
_errno
_set_abort_behavior
signal
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_set_app_type
_get_initial_narrow_environment
terminate
strerror_s
__p___argc
_seh_filter_exe
__fpe_flt_rounds

api-ms-win-crt-string-l1-1-0

strncpy_s
strcmp
_strnicmp
_strdup
strncmp
strnlen
strncpy
_stricmp
isspace
iscntrl
strpbrk
strcat_s
toupper
strtok

api-ms-win-crt-stdio-l1-1-0

_get_osfhandle
putc
freopen
putchar
_set_fmode
fputs
fputc
fflush
ferror
fclose
__acrt_iob_func
_fileno
__p__commode
__stdio_common_vsnprintf_s
fread
fopen
fgets
_wfopen
__stdio_common_vsprintf_s
__stdio_common_vsprintf
_getcwd
__stdio_common_vfprintf
puts

api-ms-win-crt-convert-l1-1-0

strtod
atoi
_strtoi64
_strtoui64
strtoul
strtol

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
realloc
calloc

api-ms-win-crt-environment-l1-1-0

_putenv
getenv

api-ms-win-crt-math-l1-1-0

floor
ceilf
__setusermatherr
ceil

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_tzset
_localtime64_s
_time64

api-ms-win-crt-conio-l1-1-0

_getch
_cputs

api-ms-win-crt-filesystem-l1-1-0

_umask
_findnext64i32
_stat64
_findfirst64i32
_access
_findclose

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b89fcbf097141a4589f8ebac0cd91870

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:14:23:0e:d1:80:3b:d5:31:34:4d:a6:1a:6a:70:1cCertificate

Extended Key Usages

Key Usages

39:60:e7:4c:2b:ea:4a:48:db:f3:4c:3e:c4:51:83:7b:fb:7b:dd:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

kernel32

shlwapi

crypt32

secur32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 440KB - Virtual size: 440KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 1.7MB - Virtual size: 2.2MB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:14:23:0e:d1:80:3b:d5:31:34:4d:a6:1a:6a:70:1c
Certificate

39:60:e7:4c:2b:ea:4a:48:db:f3:4c:3e:c4:51:83:7b:fb:7b:dd:25
Signer

.text
Size: 440KB - Virtual size: 440KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 1.7MB - Virtual size: 2.2MB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB