mysql[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mysql.exe
Size

1.9MB
MD5

2ed240769b6914e27e7d9a258165be3e
SHA1

cf0089036439c9bfe7eb40354cd73a2ec72f1338
SHA256

631cbd24faa14f0d69682c179cb1c8e87c9623848f968de46bb7df4c9b1dd84f
SHA512

64f0f81dfd8b1bbc4a87ce22adc9a8d7e420c41b93cee5fd493c543508b3f8b999b807807d68207cb447406a0d39def93dbe37b7d8b9941f45e0ab6b56ccd29f
SSDEEP

24576:qLV4zwJ5PAH4Fd7ZGYAMFEFwJ9TeRNGaP8fRc8KIflrfrP:u4zuW6dwYmwfTeRJPgRbNf1r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mysql.exe

Files

mysql.exe
.exe windows:4 windows x86 arch:x86

dd4f43d794bc9f94da43ec22926c4f47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\build\mysql-5.0.45-winbuild\mysql-community-nt-5.0.45-build\client\RelWithDebInfo\mysql.pdb

Imports

kernel32

DuplicateHandle
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
Sleep
GetLocaleInfoW
SetEndOfFile
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetLastError
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
OpenEventA
InterlockedIncrement
DeleteCriticalSection
TlsFree
GetSystemTimeAsFileTime
InitializeCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
FindClose
FindNextFileA
FindFirstFileA
ReadFile
WriteFile
WaitForMultipleObjects
GetFileAttributesExA
CreateEventA
ResetEvent
SetThreadPriority
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
CreateMutexA
ReleaseMutex
ReadConsoleA
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleMode
GetConsoleMode
GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
WideCharToMultiByte
GetTimeZoneInformation
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
HeapReAlloc
SetStdHandle
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
ResumeThread
CreateThread
RtlUnwind
SetHandleCount
GetStartupInfoA
FatalAppExitA
GetTickCount
SetLastError
GetCurrentThread
FlushFileBuffers
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery
SetFilePointer
RaiseException
InterlockedExchange
LoadLibraryA
GetACP
SetEnvironmentVariableW

wsock32

inet_addr
WSASetLastError
gethostbyname
getpeername
shutdown
closesocket
setsockopt
send
recv
select
__WSAFDIsSet
inet_ntoa
WSAStartup
WSACleanup
getservbyname
ntohs
socket
WSAGetLastError
ioctlsocket
htons
connect

advapi32

RegCloseKey
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegEnumValueA

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd4f43d794bc9f94da43ec22926c4f47

Headers

File Characteristics

PDB Paths

Imports

kernel32

wsock32

advapi32

Sections

.text Size: 648KB - Virtual size: 647KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 8KB - Virtual size: 4KB

.text
Size: 648KB - Virtual size: 647KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 8KB - Virtual size: 4KB