sqlwow64[.]exe_

Sharing

Copy URL Twitter E-mail

General

Target

sqlwow64.exe_
Size

194KB
MD5

0c9c3a9324245f2c1c02b564dd61a390
SHA1

82553c3f73590a0afdeb50eede1ce1d72a33c4bb
SHA256

2519e87f6a3b44acb254b9b1e192d02c6c9c8b35288497cfcac3b5c6e499a2ef
SHA512

fe325a514b899e2899c1a6d3939b606aa2b8bcceec6f3f48e977d0bd2a333fc09ba4b50fef57e1ab61ae083cb00601b34963b837a85f8ae68863818bf71d133d
SSDEEP

1536:VTHTTmSI/uIF3oTG8dSmlWqHdKbi32SaSwvfWJ3YU+pibqBLGlf9UbokLTizqqUM:tdBUH0jUmpWOioI3W88

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sqlwow64.exe_

Files

sqlwow64.exe_
.exe windows:6 windows x86

f5c64ebc6b7af4dff7754c3804432fae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
FindFirstFileA
lstrlenW
FindNextFileA
FindClose
WaitForSingleObject
Sleep
GetLastError
CreateFileA
GetCurrentThread
CloseHandle
GetThreadContext
GetFileSize
CreateProcessA
CreateDirectoryA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

shlwapi

PathFindExtensionA

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpWriteData
WinHttpOpen
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse

vcruntime140

__current_exception
_except_handler4_common
memset
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

fopen
fclose
__p__commode
__stdio_common_vsprintf
_popen
ftell
fread
fwrite
rewind
__stdio_common_vfprintf
_pclose
__stdio_common_vsprintf_s
fseek
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
_set_app_type
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_crt_atexit
_exit
_initialize_onexit_table
_register_onexit_function
exit
_controlfp_s
terminate

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5c64ebc6b7af4dff7754c3804432fae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

winhttp

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 187KB - Virtual size: 188KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 728B

.text
Size: 187KB - Virtual size: 188KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 728B