heidisql[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

heidisql.exe
Size

3.7MB
MD5

04aefd7a2ed263b146196595d46db08f
SHA1

2eaab7a91cc7f8b9dc4556b9ab91d43219b301a8
SHA256

b9bd3f9f0d7a718dfdd15f46d2282b8fff5fc45066f2c455f80db65796abaa8c
SHA512

2714819f970c028ebf1b439b5432b17c9e05806f53c7aa7818aaf453a7392be0dcbc4236ad01d9a5d78b6b28adbfe315578afc153b16b249c6a71ff3718df8f4
SSDEEP

49152:bktDstUuz8GzP4hHBk/yuGI7s8/s/5cDVZB/GqZ5dgNHegU5bF2GObjQ:NtUuz8q0k/oyX/+I0mHjFr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
heidisql.exe

Files

heidisql.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
madTraceProcess
mysql_authentication_dialog_ask

Sections

UPX0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE