bf1caf94d49ecf57fedd47320210faee

Sharing

Copy URL Twitter E-mail

General

Target

bf1caf94d49ecf57fedd47320210faee
Size

3.5MB
MD5

bf1caf94d49ecf57fedd47320210faee
SHA1

5e9bff1a25f7e2d75c0b9e30ce13612d6665b488
SHA256

8b3443a40d033c61365d1ea6dff34c1c7f75b2ba1ee3a0164e21feae668e1212
SHA512

4f0a4cf975dec061c2131d0f7bb5c8329dfe2d7a1691941438bae198b8686620c5bb690761f2b4efc5c8aae9a803af22cf4cf18f50be3262cd6164e93372d366
SSDEEP

24576:0mK8jWYRZTuRNGaDWXZvPaLfMo8KSfkLfXY1C:01wWYRZaRJ4ZvPazM/rfaX2C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1caf94d49ecf57fedd47320210faee

Files

bf1caf94d49ecf57fedd47320210faee
.exe windows:5 windows x86 arch:x86

d331c57e70386ee804902bd490639803

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\ade\build\sb_0-26265460-1512806305.06\release\client\RelWithDebInfo\mysql_plugin.pdb

Imports

kernel32

IsProcessorFeaturePresent
GetCurrentProcessId
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
EncodePointer
HeapSetInformation
InterlockedExchange
WaitForMultipleObjects
ResetEvent
SetEvent
CreateEventA
InterlockedCompareExchange
TerminateThread
OpenThread
WaitForSingleObject
TryEnterCriticalSection
LoadLibraryA
Sleep
GetLocaleInfoA
GetFullPathNameA
GetFileAttributesA
GetWindowsDirectoryA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetFileSizeEx
GetStdHandle
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
CreateFileA
CloseHandle
TlsAlloc
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsFree
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
MoveFileA
GetLastError
DeleteFileA
GetLogicalDrives
GetFileAttributesExA
GetTempPathA
GetTempFileNameA
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA

msvcr100

qsort
ldiv
_dup2
freopen
_fileno
_purecall
??3@YAXPAX@Z
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
fwrite
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fread
ferror
fseek
ftell
_endthreadex
_beginthreadex
_time64
strnlen
iscntrl
isspace
fputs
strncmp
atoi
_stat64
_fstat64
_close
_open_osfhandle
_get_osfhandle
_umask
calloc
_set_abort_behavior
signal
strerror_s
getenv
_set_invalid_parameter_handler
_tzset
sprintf
toupper
memmove
_findfirst64i32
_findnext64i32
_findclose
strtoul
strtol
putchar
_strtoui64
_strtoi64
vfprintf
fputc
fflush
realloc
memcpy
free
malloc
_errno
exit
_stricmp
fopen
fclose
strncpy
strrchr
strncat
printf
puts
_snprintf
strchr
memset
_popen
fgets
_pclose
_strnicmp
__iob_func
fprintf
_initterm_e
_getcwd
_fdopen
_strdup
_unlink
_putenv
_chdir

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumValueA

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d331c57e70386ee804902bd490639803

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr100

advapi32

ws2_32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 3.2MB - Virtual size: 3.6MB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 3.2MB - Virtual size: 3.6MB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB