SQLRayGUI[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SQLRayGUI.exe
Size

6.8MB
MD5

cf6463e6b1d13c90ef82b33895f6448d
SHA1

293029fdb68adddc0f88a575995f22ca5d5bea1d
SHA256

3c86144c7cdc84e102a6c390622f6140398374f678d73522703d7c3b8983d37c
SHA512

9697a0ee51d7f78d2c60d515726888ac6ec9dcb6f5699a8d93c6643084264d6e4a999bf3e92496c87ff76fe18039fac3beac62187b634957d23b51ded7a5808b
SSDEEP

98304:B/t+8L5EXCQZHWV6shoPiI9JUAOu3vTEjMS5t:V5mHWV6LOuLg5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SQLRayGUI.exe

Files

SQLRayGUI.exe
.exe windows:6 windows x64 arch:x64

87542e2dcac1505969cd2922d54aeafe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
QueryPerformanceFrequency
ResetEvent
CreateEventW
InitializeSListHead
RtlVirtualUnwind
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
CreateIoCompletionPort
IsDebuggerPresent
GetQueuedCompletionStatusEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFileCompletionNotificationModes
GetCurrentThreadId
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LoadLibraryExW
EncodePointer
GetSystemInfo
GetModuleHandleA
GetProcAddress
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetLastError
QueryPerformanceCounter
CloseHandle
SwitchToThread
ReleaseSRWLockExclusive
OutputDebugStringW
AcquireSRWLockExclusive
OutputDebugStringA
GetFileAttributesW
LCIDToLocaleName
HeapReAlloc
HeapFree
GetUserDefaultUILanguage
GetProcessHeap
FreeLibrary
HeapAlloc
LoadLibraryW
GetTempPathW
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
SetFilePointerEx
GetSystemTimeAsFileTime
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
FindClose
GetFinalPathNameByHandleW
WaitForSingleObject
SetHandleInformation
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateThread
TlsFree

user32

ClipCursor
GetClipCursor
GetMessageA
DispatchMessageA
SetWindowLongW
GetSystemMenu
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
EnumDisplayMonitors
ToUnicodeEx
GetKeyboardLayout
EnumChildWindows
MapVirtualKeyExW
GetAsyncKeyState
GetKeyboardState
MsgWaitForMultipleObjectsEx
SetMenu
IsProcessDPIAware
GetDC
GetWindowLongPtrW
GetMenu
CheckMenuItem
MonitorFromWindow
IsWindowVisible
IsIconic
MonitorFromPoint
SystemParametersInfoA
ShowCursor
SetWindowDisplayAffinity
RegisterRawInputDevices
GetMessageW
RedrawWindow
EnableMenuItem
AdjustWindowRectEx
GetAncestor
PostQuitMessage
RegisterWindowMessageA
ShowWindow
CreateAcceleratorTableW
TranslateAcceleratorW
GetClientRect
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
SetWindowLongPtrW
GetKeyState
VkKeyScanW
AppendMenuW
DestroyAcceleratorTable
DestroyIcon
GetForegroundWindow
SetMenuItemInfoW
CreateMenu
SendInput
SetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
FlashWindowEx
GetActiveWindow
SetCursorPos
SendMessageW
LoadCursorW
InvalidateRgn
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowPos
GetMonitorInfoW
GetCursorPos
RegisterClassExW
SetCursor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ReleaseCapture
DestroyWindow
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowPlacement
GetWindowRect
ClientToScreen
GetWindowLongW
CreateIcon
DefWindowProcW

bcrypt

BCryptGenRandom

advapi32

EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
RegQueryValueExW
EventRegister
RegCloseKey
RegOpenKeyExW
EventSetInformation

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

ole32

OleInitialize
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
RevokeDragDrop

shell32

DragQueryFileW
SHAppBarMessage
SHCreateItemFromParsingName
SHGetKnownFolderPath
DragFinish

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

crypt32

CertDuplicateCertificateContext
CertOpenStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertCloseStore
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain
CertDuplicateStore

ws2_32

bind
setsockopt
freeaddrinfo
getpeername
socket
WSASocketW
WSAIoctl
WSAGetLastError
connect
shutdown
getsockopt
recv
ioctlsocket
send
WSASend
WSAStartup
closesocket
WSACleanup
getsockname
getaddrinfo

ntdll

NtCreateFile
NtWriteFile
NtReadFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

secur32

ApplyControlToken
DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
EncryptMessage
QueryContextAttributesW
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage

uxtheme

SetWindowTheme

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
round
floor
trunc

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
_wcsicmp
wcslen

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_register_thread_local_exe_atexit_callback
_cexit
_seh_filter_exe
_set_app_type
__p___argv
_configure_narrow_argv
terminate
__p___argc
_exit
_initialize_narrow_environment
exit
_initterm_e
_initterm
abort
_register_onexit_function
_get_initial_narrow_environment
_c_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
_callnewh
free

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87542e2dcac1505969cd2922d54aeafe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

bcrypt

advapi32

comctl32

ole32

shell32

gdi32

dwmapi

crypt32

ws2_32

ntdll

secur32

uxtheme

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 10KB - Virtual size: 14KB

.pdata Size: 175KB - Virtual size: 174KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 316KB - Virtual size: 316KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 10KB - Virtual size: 14KB

.pdata
Size: 175KB - Virtual size: 174KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 316KB - Virtual size: 316KB

.reloc
Size: 25KB - Virtual size: 25KB