a14984060e6664b9836b5752f365f8de

Sharing

Copy URL Twitter E-mail

General

Target

a14984060e6664b9836b5752f365f8de
Size

11.6MB
MD5

a14984060e6664b9836b5752f365f8de
SHA1

855d3b3028418f4ba4304db02239c84312f1067b
SHA256

3dc8ac58e424891ed1d4891c9c0477e07b45dd03aed0bed15e550202443a2ea0
SHA512

6d9f9b6f275571337327183cf3e1cd680ae5f990b660acbedad3ac54958aeb3f76f38ae36a8b16671edfc660c6f432476ef25dbb6fc393f274396b422c1690cc
SSDEEP

196608:DKchNNUZ1Ropu375fc4DMaw1i8hCziEK++IosX4JpcAB53KF3Df45t+95bJ00:GchNSxcONfc4DMp1iRziEKAoYmJKF3Dz

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/project/Release/aa.jpg
unpack001/project/libmySQL.dll
unpack001/project/usg.exe

Files

a14984060e6664b9836b5752f365f8de
.rar
project/Debug/main.obj
project/Debug/vc100.pdb
project/IcUpdateLog.htm
project/Project.sln
project/Project.suo
project/Release/CL.read.1.tlog
project/Release/CL.write.1.tlog
project/Release/Project.lastbuildstate
project/Release/Stub.Build.CppClean.log
project/Release/Stub.lastbuildstate
project/Release/Stub.log
project/Release/aa.jpg
.exe windows:5 windows x86 arch:x86

f141b953ca2b2283b9950a91b20a58c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetLastError
CreateMutexA
lstrcpyA
GetModuleFileNameA
Sleep
GetProcAddress
GetModuleHandleA
OutputDebugStringW
OutputDebugStringA
lstrcmpiA
lstrcmpA
GetCurrentProcess
GetCommandLineA
lstrlenW
GetModuleFileNameW
lstrlenA
CloseHandle
CreateFileW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
InterlockedIncrement
InterlockedDecrement
DecodePointer
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
HeapSetInformation
GetStartupInfoW
EncodePointer
WriteFile
GetStdHandle
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
HeapValidate
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsProcessorFeaturePresent
RtlUnwind
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers

user32

MessageBoxA

shell32

SHGetFileInfoA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
project/Release/cl.command.1.tlog
project/Release/link-cvtres.read.1.tlog
project/Release/link-cvtres.write.1.tlog
project/Release/link.command.1.tlog
project/Release/link.read.1.tlog
project/Release/link.write.1.tlog
project/Release/rc.command.1.tlog
project/Release/rc.read.1.tlog
project/Release/rc.write.1.tlog
project/Release/stub.res
project/Stub.aps
project/Stub.dsp
project/Stub.dsw
project/Stub.icproj
.xml
project/Stub.ncb
project/Stub.opt
project/Stub.plg
.html
project/Stub.rc
project/Stub.sdf
project/Stub.sln.cache
project/Stub.sln.old
project/Stub.sln_old
project/Stub.suo.old
project/Stub.vcproj
.xml
project/Stub.vcxproj
project/Stub.vcxproj.filters
project/Stub.vcxproj.user
project/UpgradeLog.XML
.xml
project/build_all.bat
project/build_new.bat
project/compile.bat
project/compile.bat.bak
project/compile.bat.msbuild
project/defines.h
project/depreceated.txt
project/ipch/stub-b420ef04/debug/stub-23597a67.ipch
project/libmySQL.dll
.dll windows:4 windows x86 arch:x86

86fb9465e8463506449e689c172c8553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\mysql-5.1.39-winbuild\mysql-community-nt-5.1.39-build\libmysql\RelWithDebInfo\libmysql.pdb

Imports

kernel32

GetLastError
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
OpenEventA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
Sleep
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetTempFileNameA
GetTempPathA
GetFileAttributesExA
SetEndOfFile
SetFilePointer
CreateFileA
MoveFileA
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetFileAttributesA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventA
ResetEvent
WaitForMultipleObjects
TryEnterCriticalSection
SetThreadPriority
ReadFile
WriteFile
FindClose
FindNextFileA
FindFirstFileA
GetCurrentThreadId
WaitNamedPipeA
SetNamedPipeHandleState
CloseHandle
GetLocaleInfoA
EnterCriticalSection
DeleteFileA
LeaveCriticalSection
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryW
RaiseException
ExitProcess
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetConsoleCtrlHandler
SetStdHandle
GetFileType
WideCharToMultiByte
GetTimeZoneInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeA
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
ResumeThread
CreateThread
FlushFileBuffers
WriteConsoleW
GetStdHandle
GetModuleFileNameW
GetCommandLineA
GetVersionExA
GetProcessHeap
FatalAppExitA
SetLastError
InterlockedDecrement
GetCurrentThread
FreeLibrary
InterlockedExchange
LoadLibraryA
SetHandleCount
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetConsoleCP
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
HeapSize
SetEnvironmentVariableW

advapi32

CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
CryptGenRandom

wsock32

WSASetLastError
getpeername
shutdown
closesocket
setsockopt
send
recv
inet_ntoa
select
__WSAFDIsSet
inet_addr
WSAStartup
WSACleanup
gethostbyname
getservbyname
ntohs
socket
WSAGetLastError
htons
ioctlsocket
connect

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_get_ssl_cipher
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 788KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
project/main.cpp
project/main.h
project/optimize.h
project/realloc.h
project/resource.h
project/strings.h
project/structs.h
project/usg.exe
.exe windows:5 windows x86 arch:x86

08d0b1c751bdf62763f2346fc56ae8f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libmysql

mysql_init
mysql_fetch_row
mysql_use_result
mysql_query
mysql_free_result
mysql_real_connect

kernel32

TlsFree
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileA
CreateFileW
lstrcpyA
lstrcatA
CopyFileA
Sleep
CreateProcessA
lstrcmpA
CloseHandle
WaitForSingleObject
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA

user32

MessageBoxA

shell32

ShellExecuteExA

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f141b953ca2b2283b9950a91b20a58c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 432B

86fb9465e8463506449e689c172c8553

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

wsock32

Exports

Exports

Sections

.text Size: 788KB - Virtual size: 785KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 1.3MB - Virtual size: 1.3MB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 36KB - Virtual size: 32KB

08d0b1c751bdf62763f2346fc56ae8f2

Headers

DLL Characteristics

File Characteristics

Imports

libmysql

kernel32

user32

shell32

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 432B

.text
Size: 788KB - Virtual size: 785KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B