c:\Ck2000\components\ChilkatDotNet2\release\ChilkatDotNet2.pdb
Static task
static1
1 signatures
General
-
Target
SQLi_Dumper.rar
-
Size
4.3MB
-
MD5
2f659253f6e9631d061f06c377a57b6a
-
SHA1
22dc1887b995bc22e895ea150d336130784f1f50
-
SHA256
e2616952fe5257232bd0701262fa5b9d245f43b5e0f5bfcae7f8d2e3665bca99
-
SHA512
4f07908684a7e8680c4459d39a2f6987531ae351e482b9d02aff239a9525d1cf647784a1c4548a1ce9b43066395fa1e37dc5d14b8b4ec28a946f30717fb99808
-
SSDEEP
98304:fTdi0IFLIZoTPTOME8GlqIFSYNrirFDUqIhhYdDBM0ncOVX9LmuXXDO2+:JPFMTo8IiDUqIADcOVX9SunD3+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/ChilkatDotNet2.dll unpack001/ControlsGui.dll unpack001/SQLi Dumper-cleaned.exe
Files
-
SQLi_Dumper.rar.rar
-
ChilkatDotNet2.dll.dll windows:4 windows x86 arch:x86
df14ae5e0ef0bf3ed00e41ee4d3f519e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcr80
_rmdir
remove
clock
rename
realloc
malloc
isdigit
strtol
strpbrk
fgets
fputc
fgetc
printf
_setmode
__iob_func
__FrameUnwindFilter
_cexit
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
_fileno
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
srand
towupper
towlower
isalnum
atoi
floor
__timezone
_time64
_mktime64
_localtime64
_gmtime64
_filelengthi64
_filelength
fwrite
fread
ferror
ftell
_telli64
fseek
_atoi64
qsort
memmove
rand
memchr
fopen
fprintf
fclose
_wcsicmp
getenv
sprintf
toupper
tolower
sscanf
memcpy
memset
??2@YAPAXI@Z
strrchr
_purecall
strstr
_stricmp
strncmp
_strnicmp
strncpy
__CxxFrameHandler3
strchr
??3@YAXPAX@Z
kernel32
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathW
GetTempPathA
GetModuleFileNameW
CopyFileW
CopyFileA
GetModuleFileNameA
DeleteFileA
SetCurrentDirectoryW
SetCurrentDirectoryA
RemoveDirectoryW
CreateDirectoryA
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
CreateFileA
MoveFileW
MoveFileA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
CloseHandle
GetFileTime
SetFileTime
FormatMessageA
WriteFile
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
CreateFileW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
FileTimeToDosDateTime
GetSystemTime
GetLocalTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetTimeZoneInformation
InterlockedExchange
InterlockedCompareExchange
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetComputerNameA
GetOEMCP
GetACP
GetTickCount
Sleep
GetLastError
LocalFree
GetModuleHandleA
GetDiskFreeSpaceA
GetDriveTypeA
FreeLibrary
WideCharToMultiByte
SetLastError
GetStdHandle
GetFileType
SetEndOfFile
FlushFileBuffers
CreateFileMappingA
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryA
LocalAlloc
CreateThread
DeviceIoControl
MultiByteToWideChar
IsDBCSLeadByte
GetCPInfo
ReadFile
DeleteFileW
advapi32
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
CryptGetProvParam
OpenServiceA
StartServiceA
ControlService
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
CryptAcquireContextW
CryptEnumProvidersA
CryptDestroyKey
CryptGenKey
CryptGetUserKey
RegEnumValueA
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegDeleteValueA
CryptExportKey
CryptImportKey
CryptDeriveKey
CryptDestroyHash
CryptHashData
SetFileSecurityA
SetFileSecurityW
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptCreateHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegOpenKeyExA
GetUserNameA
OpenProcessToken
msvcm80
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
crypt32
CryptMsgControl
CertAddEncodedCertificateToStore
CertGetSubjectCertificateFromStore
CertDeleteCertificateFromStore
CertSaveStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateStore
CertCreateCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CryptDecodeObject
CertSetCertificateContextProperty
CertFreeCertificateContext
CertVerifyRevocation
CertNameToStrW
PFXVerifyPassword
PFXImportCertStore
CryptEncryptMessage
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptEncodeObject
CryptSignMessage
CryptDecryptMessage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CryptMsgGetParam
ws2_32
listen
connect
socket
gethostbyname
bind
getsockname
accept
recv
send
WSAGetLastError
gethostname
closesocket
__WSAFDIsSet
htons
inet_addr
getpeername
inet_ntoa
ntohs
ioctlsocket
setsockopt
WSAStartup
select
shutdown
shell32
ShellExecuteA
mscoree
_CorDllMain
Sections
.text Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 304KB - Virtual size: 337KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 164KB - Virtual size: 162KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ControlsGui.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
X:\SQLi Dumper v.8.3 SRC\ControlsGui\obj\Release\ControlsGui.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 123KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DIC/dic_admin.txt
-
DIC/dic_file_dump.txt
-
GeoIP.dat
-
SQLi Dumper-cleaned.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SQLi Dumper.pdb
-
Settings.xml
-
TXT/URL List (2).txt
-
TXT/URL Trash.txt