myisam_ftdump[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

myisam_ftdump.exe
Size

1.7MB
MD5

85be4abed23e69ac10f305d63f1f8a9a
SHA1

aca4b72ce6c617ce4218631c2b4617d711850d7d
SHA256

c5d49f391522f382029ebcf4427d21c92d98871be488df0b1a991b10d1f7a07b
SHA512

4b83e08ebeda25f2a1dfdbbbd192577cc6618cde0808f26a5d768fc1aa3d5a4db45b9ec75dd1b0187bb5e663aef3022e918c6541487852e3a0d1e1e79cfdf331
SSDEEP

24576:9wmSsaYe18957rVSD/a2gYTyRNGajTfsz8Kjflrf4Pe:l37rYgYTyRJjrsw2fB4G

Score

1^/10

Malware Config

Signatures

Files

myisam_ftdump.exe
.exe windows:4 windows x86

d2061c3981963e1acf16e8bda14c00e0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:1d:30:d7:f1:6f:cc:0e:8d:77:7b:1f:53:0c:3f:f9
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

01/07/2009, 17:20

Not After

28/06/2010, 22:05

Subject

CN=MySQL AB,OU=Engineering,O=MySQL AB,L=Uppsala,ST=Uppsala,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d8:ad:bf:a4:e0:93:6f:ce:ed:4a:40:3e:ed:93:fb:88:44:68:b0:dd
Signer

Actual PE Digest

d8:ad:bf:a4:e0:93:6f:ce:ed:4a:40:3e:ed:93:fb:88:44:68:b0:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLocaleInfoA
GetSystemTimeAsFileTime
InterlockedIncrement
CloseHandle
GetLastError
CreateFileA
GetFileAttributesA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
SetEndOfFile
SetFilePointer
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
TryEnterCriticalSection
SetThreadPriority
Sleep
GetFileAttributesExA
DeleteFileA
MoveFileA
GetTickCount
GetTempFileNameA
GetTempPathA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
FlushFileBuffers
WideCharToMultiByte
GetTimeZoneInformation
SetStdHandle
GetFileType
HeapAlloc
HeapFree
HeapReAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
ExitThread
DeleteCriticalSection
CreateThread
FatalAppExitA
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEnvironmentVariableW
GetCurrentProcessId
GetModuleFileNameA
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
SetConsoleCtrlHandler
RaiseException
RtlUnwind
VirtualAlloc
IsBadWritePtr
HeapSize
InterlockedExchange
VirtualQuery
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
GetLocaleInfoW
GetFullPathNameA
SetCurrentDirectoryA
ResumeThread
QueryPerformanceCounter
LockFile
UnlockFile
ReadFile
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeA
GetCurrentDirectoryA

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 911B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2061c3981963e1acf16e8bda14c00e0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

11:1d:30:d7:f1:6f:cc:0e:8d:77:7b:1f:53:0c:3f:f9Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

d8:ad:bf:a4:e0:93:6f:ce:ed:4a:40:3e:ed:93:fb:88:44:68:b0:ddSigner

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Sections

.text Size: 416KB - Virtual size: 413KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 8KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 911B

.rsrc Size: 4KB - Virtual size: 576B

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

11:1d:30:d7:f1:6f:cc:0e:8d:77:7b:1f:53:0c:3f:f9
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

d8:ad:bf:a4:e0:93:6f:ce:ed:4a:40:3e:ed:93:fb:88:44:68:b0:dd
Signer

.text
Size: 416KB - Virtual size: 413KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 8KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 911B

.rsrc
Size: 4KB - Virtual size: 576B