heidisql[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

heidisql.exe
Size

3.9MB
MD5

07d3b16e28683c11678cc32ded802f5f
SHA1

5f5be190f8f14003f3e8b8da4cff6728e5388a6a
SHA256

8f7e1c08d148195d796ca6766c2b3c0c510d94ab209397ee0ab01ed770cc0698
SHA512

34f64178585d0de735bf97025d8d37a5713c5d3a4d93f008d72fdc933d0729a0fab6e304712d93ccf3a1e2b2a9840ba56a03c86a08306135b92f5266ff5e5411
SSDEEP

49152:y2Vp5XTDOZhaGh8Akq35pECkOHodQt0KN/9T8FjSwX20Uh0ZUsaUBXF1U9Ap0jZf:zVTHWl8Akq3MFdQnN/9YfVC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

heidisql.exe
.exe windows:5 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:21:7f:5a:0f:e0:e4:bb:f1:b4:7c:7d:84:5c:f3:5d
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06/09/2016, 07:51

Not After

06/09/2017, 07:51

Subject

CN=Open Source Developer\, Ansgar Becker,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c11616e736540686569646973716c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:9b:14:88:76:a8:48:fa:a1:36:cc:7d:d3:e2:a4:43:a9:48:3e:b1
Signer

Actual PE Digest

eb:9b:14:88:76:a8:48:fa:a1:36:cc:7d:d3:e2:a4:43:a9:48:3e:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
madTraceProcess
mysql_authentication_dialog_ask

Sections

UPX0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

2f:21:7f:5a:0f:e0:e4:bb:f1:b4:7c:7d:84:5c:f3:5dCertificate

Extended Key Usages

Key Usages

eb:9b:14:88:76:a8:48:fa:a1:36:cc:7d:d3:e2:a4:43:a9:48:3e:b1Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 5.2MB

UPX1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 133KB - Virtual size: 136KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

2f:21:7f:5a:0f:e0:e4:bb:f1:b4:7c:7d:84:5c:f3:5d
Certificate

eb:9b:14:88:76:a8:48:fa:a1:36:cc:7d:d3:e2:a4:43:a9:48:3e:b1
Signer

UPX0
Size: - Virtual size: 5.2MB

UPX1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 133KB - Virtual size: 136KB