db06092f5fdc1a766884c9a5901244a1

Sharing

Copy URL Twitter E-mail

General

Target

db06092f5fdc1a766884c9a5901244a1
Size

248KB
MD5

db06092f5fdc1a766884c9a5901244a1
SHA1

0d72450f3e66bdd663e11f2fd88a35b86f59eb63
SHA256

e83d48025acd501d52fb77899b10b1cdfe95b67f143aabf690d4fbb3b84277ca
SHA512

a1e90d29b5bfe0ed9ce0db8229c239bb514092810c99f616a9c63e84c4e58202c3c6c239179f676395fa8d55473fd4318477560742eceda825e6e8fc20541ce5
SSDEEP

3072:LTaX5jk+Ua896vHKGYjQYzk11gZUIkJrgMEuPp1U6T9PNGxKmhqeWBsswQcmOHmT:LcUaqGYQG47pgYpKENGImAJBsAhq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db06092f5fdc1a766884c9a5901244a1

Files

db06092f5fdc1a766884c9a5901244a1
.dll windows:4 windows x64 arch:x64

e0fff4d7f97e57233e1ec26aa6c52fd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_stricmp
_unlock
abort
atoi
atol
calloc
fputc
free
fwrite
localeconv
malloc
memcpy
realloc
signal
strcat
strcmp
strcpy
strerror
strlen
strncmp
strncpy
toupper
vfprintf
wcslen

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

perl530

PL_charclass
PerlIO_findFILE
PerlIO_printf
Perl_av_clear
Perl_av_exists
Perl_av_extend
Perl_av_fetch
Perl_av_len
Perl_av_make
Perl_av_pop
Perl_av_push
Perl_av_store
Perl_av_undef
Perl_call_method
Perl_croak_nocontext
Perl_croak_xs_usage
Perl_cvgv_from_hek
Perl_dowantarray
Perl_get_context
Perl_get_cv
Perl_get_sv
Perl_hv_clear
Perl_hv_common
Perl_hv_common_key_len
Perl_markstack_grow
Perl_mg_find
Perl_mg_get
Perl_mg_set
Perl_mg_size
Perl_newRV
Perl_newRV_noinc
Perl_newSV
Perl_newSV_type
Perl_newSViv
Perl_newSVnv
Perl_newSVpv
Perl_newSVpvn
Perl_newSVpvn_flags
Perl_newSVuv
Perl_newXS_deffile
Perl_newXS_flags
Perl_safesyscalloc
Perl_safesysfree
Perl_safesysmalloc
Perl_safesysrealloc
Perl_stack_grow
Perl_sv_2bool_flags
Perl_sv_2io
Perl_sv_2iv_flags
Perl_sv_2mortal
Perl_sv_2nv_flags
Perl_sv_2pv_flags
Perl_sv_2pvbyte
Perl_sv_2pvutf8
Perl_sv_2uv_flags
Perl_sv_backoff
Perl_sv_catpv
Perl_sv_catpvn_flags
Perl_sv_copypv_flags
Perl_sv_free
Perl_sv_free2
Perl_sv_grow
Perl_sv_isa
Perl_sv_len
Perl_sv_mortalcopy_flags
Perl_sv_newmortal
Perl_sv_setiv
Perl_sv_setiv_mg
Perl_sv_setnv
Perl_sv_setpv
Perl_sv_setpvf_nocontext
Perl_sv_setpvn
Perl_sv_setsv_flags
Perl_sv_unref_flags
Perl_sv_upgrade
Perl_sv_utf8_downgrade
Perl_sv_utf8_upgrade_flags_grow
Perl_warn_nocontext
Perl_xs_boot_epilog
Perl_xs_handshake

libpq__

PQbackendPID
PQbinaryTuples
PQcancel
PQclear
PQcmdStatus
PQconnectdb
PQconsumeInput
PQdb
PQendcopy
PQerrorMessage
PQexec
PQexecParams
PQexecPrepared
PQfinish
PQflush
PQfmod
PQfname
PQfreeCancel
PQfreemem
PQfsize
PQftable
PQftablecol
PQftype
PQgetCancel
PQgetCopyData
PQgetResult
PQgetisnull
PQgetlength
PQgetvalue
PQhost
PQisBusy
PQnfields
PQnotifies
PQntuples
PQoidValue
PQoptions
PQparameterStatus
PQpass
PQport
PQprepare
PQprotocolVersion
PQputCopyData
PQputCopyEnd
PQresultErrorField
PQresultStatus
PQsendQuery
PQsendQueryParams
PQsendQueryPrepared
PQserverVersion
PQsetErrorVerbosity
PQsetNoticeProcessor
PQsocket
PQstatus
PQtrace
PQtransactionStatus
PQuntrace
PQuser
lo_close
lo_creat
lo_export
lo_import
lo_import_with_oid
lo_lseek
lo_open
lo_read
lo_tell
lo_truncate
lo_unlink
lo_write

Exports

Exports

boot_DBD__Pg

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0fff4d7f97e57233e1ec26aa6c52fd0

Headers

File Characteristics

Imports

msvcrt

kernel32

perl530

libpq__

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 184KB

.data Size: 10KB - Virtual size: 10KB

.rdata Size: 32KB - Virtual size: 31KB

.pdata Size: 3KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 73B

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 185KB - Virtual size: 184KB

.data
Size: 10KB - Virtual size: 10KB

.rdata
Size: 32KB - Virtual size: 31KB

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 73B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB