78f7dfca61f539ee049cb2199293762b43267fbe68bb94221ee40103a0061381

Sharing

Copy URL Twitter E-mail

General

Target

78f7dfca61f539ee049cb2199293762b43267fbe68bb94221ee40103a0061381
Size

11.3MB
MD5

fde6ad182eaa83c5d3308488444da091
SHA1

42bd8e9245259295d8d11a33bf7ba4d3fad76314
SHA256

78f7dfca61f539ee049cb2199293762b43267fbe68bb94221ee40103a0061381
SHA512

bfdb9251784d552340d16f20bf950143e4cd0c2dfd2cd43747432ebb60c661543d0e1ab7c30245fd25ec7df9c5b1c2c0dc95e741a311cdc8c9cd87df56483e32
SSDEEP

196608:8n2pSpF4raA8TqQQy544USbxqQlD7+RXvsSQemDSPWF0:8nXYIqQQy54gH+RfsSQemDSPW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78f7dfca61f539ee049cb2199293762b43267fbe68bb94221ee40103a0061381

Files

78f7dfca61f539ee049cb2199293762b43267fbe68bb94221ee40103a0061381
.exe windows:5 windows x86 arch:x86

cff8d780e6721fd899d3548a2bd316b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Github_trunk\sqlyog\Branches\11.11\SQLyogEnterprise\bin\Win32\Release\SQLyog.pdb

Imports

shfolder

SHGetFolderPathW

odbc32

ord75
ord24
ord136
ord13
ord31
ord165
ord153
ord111
ord127
ord145
ord157
ord4
ord140
ord171
ord108
ord154
ord9
ord141
ord18

comctl32

CreatePropertySheetPageW
PropertySheetW
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_Add
ImageList_GetIcon
ImageList_GetImageCount
InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

wininet

InternetOpenW
InternetConnectW
HttpAddRequestHeadersW
InternetQueryDataAvailable
HttpOpenRequestW
InternetErrorDlg
InternetCloseHandle
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetSetOptionW
InternetReadFile
HttpSendRequestW
InternetQueryOptionW
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW

wsock32

recv
htonl
bind
ntohs
getsockname
gethostbyaddr
inet_addr
send
closesocket
htons
ioctlsocket
gethostbyname
socket
connect
WSAStartup
shutdown
WSACleanup

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromFile
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage
GdiplusShutdown
GdiplusStartup

msimg32

GradientFill

shlwapi

PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

htmlayout

HTMLayout_UseElement
HTMLayout_UnuseElement
HTMLayoutGetChildrenCount
HTMLayoutGetNthChild
HTMLayoutGetParentElement
HTMLayoutGetElementIndex
HTMLayoutGetElementLocation
HTMLayoutGetElementHwnd
HTMLayoutSetElementState
HTMLayoutControlGetType
HTMLayoutGetElementInnerTextCB
ValueInit
ValueClear
HTMLayoutGetAttributeByName
HTMLayoutWindowAttachEventHandler
HTMLayoutDataReady
HTMLayoutProcND
HTMLayoutSetMode
HTMLayoutLoadHtml
HTMLayoutSetCallback
ValueCopy
HTMLayoutSetAttributeByName
HTMLayoutSetStyleAttribute
HTMLayoutGetRootElement
HTMLayoutGetFocusElement
HTMLayoutVisitElements
HTMLayoutUpdateElement
HTMLayoutScrollToView
HTMLayoutSetElementInnerText16
HTMLayoutGetElementState
HTMLayoutInsertElement
ValueStringDataSet
ValueStringData
HTMLayoutSetElementHtml
ValueToString
HTMLayoutCreateElement
HTMLayoutUpdateWindow
HTMLayoutGetStyleAttribute
HTMLayoutFindElement
HTMLayoutGetScrollInfo
HTMLayoutSetScrollPos
HTMLayoutGetElementType
HTMLayoutSendEvent
HTMLayoutCallBehaviorMethod
HTMLayoutControlSetValue
HTMLayoutSetCSS

ws2_32

getservbyname
getaddrinfo
getprotobyname
select
freeaddrinfo
WSAGetLastError
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent
ioctlsocket
setsockopt
WSAIoctl
getnameinfo
gethostname
getpeername
__WSAFDIsSet

winmm

PlaySoundW
timeBeginPeriod
timeSetEvent

rpcrt4

UuidToStringA
RpcStringFreeW
UuidCreate

kernel32

ResumeThread
CreateThread
ExitThread
EncodePointer
DecodePointer
RtlUnwind
RaiseException
SetEnvironmentVariableW
SetCurrentDirectoryW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetConsoleCtrlHandler
GetTimeZoneInformation
UnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetModuleHandleW
MulDiv
CloseHandle
WaitForSingleObject
GetCurrentThreadId
SetEvent
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalLock
GetLastError
GlobalAlloc
GlobalReAlloc
DeleteCriticalSection
GlobalFree
InitializeCriticalSection
CreateFileW
GetLocaleInfoW
GetUserDefaultUILanguage
GetModuleFileNameW
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
GetProcessHeap
FreeResource
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
TerminateThread
GetExitCodeThread
TerminateProcess
ResetEvent
ReadFile
GetFileSize
DeleteFileW
WaitForMultipleObjects
CreateProcessW
CreatePipe
LoadLibraryW
SetThreadPriority
MultiByteToWideChar
WriteFile
GetExitCodeProcess
GetTempFileNameW
GetCurrentProcessId
GetTickCount
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFullPathNameW
lstrcpyW
GetSystemTime
HeapAlloc
LocalAlloc
VirtualFree
VirtualAlloc
lstrlenW
LocalFree
GetTimeFormatW
GetNumberFormatW
Sleep
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetProcessId
SearchPathW
WritePrivateProfileSectionA
SetLastError
GetVersionExW
MoveFileW
RemoveDirectoryW
CopyFileW
HeapReAlloc
GetVersion
HeapSize
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
GetCurrentProcess
GetProcAddress
SetUnhandledExceptionFilter
GetTempPathW
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExpandEnvironmentStringsA
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
OpenFileMappingA
OpenEventA
GetConsoleCP
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
TlsSetValue
TlsAlloc
GetLocaleInfoA
FormatMessageA
LoadLibraryExA
CreateEventA
GetWindowsDirectoryA
GetFileAttributesA
GetFullPathNameA
FindNextFileA
FindFirstFileA
SetEndOfFile
GetStdHandle
GetFileAttributesExA
FlushFileBuffers
InterlockedCompareExchange
GetOverlappedResult
CancelIo
PeekNamedPipe
DisconnectNamedPipe
InterlockedIncrement
GetVersionExA
AreFileApisANSI
SetFilePointer
UnlockFile
LockFile
LockFileEx
UnlockFileEx
DeleteFileA
GetFileAttributesW
GetFileAttributesExW
GetTempPathA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileMappingA
MoveFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
InterlockedDecrement
HeapCreate
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDriveTypeW
SetHandleCount
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
CreateDirectoryA
CreateEventW
RemoveDirectoryA

user32

GetScrollPos
SetScrollRange
DrawFrameControl
FrameRect
GetWindowDC
SystemParametersInfoW
SetClassLongW
SetMenuInfo
DrawIconEx
GetMenuInfo
DrawMenuBar
KillTimer
SetTimer
GetMenu
GetWindow
RemoveMenu
ScreenToClient
LockWindowUpdate
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
GetMessagePos
GetScrollInfo
TrackMouseEvent
IsWindow
CheckMenuItem
GetTitleBarInfo
SendDlgItemMessageW
GetDlgItemTextW
GetClassInfoW
InsertMenuItemW
GetMenuItemID
ValidateRect
FindWindowExW
GetActiveWindow
GetDlgItemInt
SetDlgItemInt
DispatchMessageW
TranslateMessage
ShowScrollBar
GetClipboardData
IsClipboardFormatAvailable
RegisterClassExW
MonitorFromWindow
DialogBoxIndirectParamW
GetClassLongW
GetMenuState
InsertMenuW
CreatePopupMenu
PostQuitMessage
GetMenuStringW
SetForegroundWindow
RegisterWindowMessageW
SetActiveWindow
DefFrameProcW
TranslateAcceleratorW
TranslateMDISysAccel
MsgWaitForMultipleObjects
DrawEdge
GetDesktopWindow
DrawTextExW
DrawFocusRect
GetCaretPos
IsChild
DefMDIChildProcW
RedrawWindow
IsCharAlphaNumericW
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
GetSystemMetrics
LoadStringA
EndDeferWindowPos
GetSystemMenu
EndDialog
GetFocus
GetDlgCtrlID
MessageBoxW
DeleteMenu
GetCursor
ShowCursor
BeginPaint
FillRect
EndPaint
SetParent
GetNextDlgTabItem
ClientToScreen
LoadMenuW
TrackPopupMenu
DestroyMenu
IsWindowVisible
GetSysColor
LoadStringW
GetMenuItemCount
GetSubMenu
EnableMenuItem
LoadImageW
DestroyIcon
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
GetWindowThreadProcessId
IsWindowEnabled
EnableWindow
GetComboBoxInfo
SetCursor
InvalidateRect
UpdateWindow
CreateDialogParamW
GetClientRect
MoveWindow
GetDlgItem
LoadCursorW
RegisterClassW
SetWindowTextW
SetFocus
SetScrollInfo
SetScrollPos
DestroyWindow
DefWindowProcW
MonitorFromRect
GetMonitorInfoW
SetCapture
PostMessageW
GetDC
DrawTextW
SetWindowPos
ReleaseDC
CreateWindowExW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
GetParent
SendMessageW
ReleaseCapture
ShowWindow
GetWindowRect
MapWindowPoints
CallWindowProcW
GetCursorPos
GetClassNameW
EnumChildWindows
GetMenuItemInfoW
SetMenuItemInfoW
PeekMessageW
GetSysColorBrush
DialogBoxParamW
LoadIconW
BeginDeferWindowPos
MessageBoxA
DeferWindowPos
PtInRect

gdi32

SetDCBrushColor
ExtTextOutW
CreateBitmap
SetROP2
RoundRect
SetStretchBltMode
StretchBlt
EndPage
EndDoc
Rectangle
MoveToEx
LineTo
GetTextExtentPoint32W
CreateFontW
CreatePen
SaveDC
RestoreDC
FillRgn
CreatePatternBrush
SetBkColor
CreatePolygonRgn
GetTextExtentExPointW
CreateCompatibleDC
CreateDIBSection
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreateSolidBrush
SetBkMode
SetTextColor
GetDeviceCaps
SelectObject
DeleteObject
ExtCreatePen
GetStockObject
BitBlt
CreateDCW
DeleteDC
StartPage
StartDocW
TextOutW
CreateRectRgn
SelectClipRgn
SetViewportOrgEx
GetDIBits

winspool.drv

ord203

comdlg32

GetOpenFileNameW
ChooseFontW
ChooseColorW
ReplaceTextW
FindTextW
GetSaveFileNameW
PrintDlgW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
ImpersonateLoggedOnUser
GetUserNameA
ReportEventA
RegisterEventSourceA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken

shell32

SHGetPathFromIDListW
DragFinish
ShellExecuteW
SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
DragQueryPoint

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

secur32

DeleteSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
CompleteAuthToken

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cff8d780e6721fd899d3548a2bd316b1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shfolder

odbc32

comctl32

wininet

wsock32

gdiplus

msimg32

shlwapi

htmlayout

ws2_32

winmm

rpcrt4

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

secur32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 2.9MB - Virtual size: 3.2MB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 219KB - Virtual size: 218KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 2.9MB - Virtual size: 3.2MB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 219KB - Virtual size: 218KB