11d962d80e80dbc9c36bb553b7e11a37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11d962d80e80dbc9c36bb553b7e11a37
Size

126KB
MD5

11d962d80e80dbc9c36bb553b7e11a37
SHA1

98c9d441934d1396c150667cdf75fe50f82e4cba
SHA256

29ed67394e696bb009dd901150bba86ba6fe12d61869818556fd39e379e92a7b
SHA512

ca9be18320f70f763e4cf469ed635108386e746e2c8844e5d47f0ac24a4f06a7d72ba3a09624b8e764a73a36646c1c4e66f4e01f31f013c297ab7d79e22344bc
SSDEEP

3072:7nK1gNophPKLDC++Fe8UHTKaXTkEAicvPEBYCJbjlAT7PxqofM0sI:7nKCgSyKj3XTkV8JXlMbMfI

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SQLck.exe
unpack001/scan500.exe

Files

11d962d80e80dbc9c36bb553b7e11a37
.rar
SQLck.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pass-me.txt
scan500.exe
.exe windows:4 windows x86 arch:x86

bd51a645a9c68bd03b2e51586e5cbdcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
scannsql.bat