06b64624732f89483bc20df0b6bdfad0_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

06b64624732f89483bc20df0b6bdfad0_NEAS
Size

3.1MB
MD5

06b64624732f89483bc20df0b6bdfad0
SHA1

e483f4b2157042414037ddd96eebe79f71772657
SHA256

cae47592dde1690213e5dda406fd14e5728eeef10e30f595dc513e0f41c88c9a
SHA512

0766f608c0cb8e2925f60300e0f5d2c7f7867521ac34e93bb0f0a0c50134e75602414904eb94b4fc3ae33d1136bc5901de0365d077a2efe4aecd36fd9edfb240
SSDEEP

49152:aQjwZei234irV/pPHDdgm69JNzYQLFL9wmSOhClAl2TEhwfYQ8/+T/ZyEd7:Fr3/rV/pKT9Lk418K2TEG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06b64624732f89483bc20df0b6bdfad0_NEAS

Files

06b64624732f89483bc20df0b6bdfad0_NEAS
.exe windows:6 windows x64 arch:x64

5a397be5bf7d3a0b328c481047426487

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\OT\Oganza Server\vc14\x64\Release\oganza.pdb

Imports

libmysql

mysql_fetch_row
mysql_fetch_field
mysql_init
mysql_fetch_lengths
mysql_insert_id
mysql_real_escape_string
mysql_free_result
mysql_store_result
mysql_get_client_info
mysql_errno
mysql_real_query
mysql_commit
mysql_rollback
mysql_error
mysql_real_connect
mysql_options
mysql_close

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?classic@locale@std@@SAAEBV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Xout_of_range@std@@YAXPEBD@Z
_Thrd_sleep
_Xtime_get_ticks
_Cnd_signal
_Cnd_wait
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
_Thrd_start
_Mtx_destroy
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_init
_Cnd_init
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?toupper@?$ctype@D@std@@QEBADD@Z
_Strxfrm
?uncaught_exception@std@@YA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?id@?$collate@D@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Random_device@std@@YAIXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
_Cnd_timedwait
_Mtx_current_owns
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?exceptions@ios_base@std@@QEAAXH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Mtx_destroy_in_situ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
_Strcoll

ws2_32

htons
WSASetLastError
WSAGetLastError
WSASocketW
bind
listen
closesocket
WSAStringToAddressW
WSACleanup
WSAStartup
WSARecv
getsockopt
htonl
getpeername
shutdown
WSASend
setsockopt
ntohl
ioctlsocket

mswsock

AcceptEx
GetAcceptExSockaddrs

kernel32

SleepEx
VirtualFree
CreateFileMappingA
UnmapViewOfFile
MapViewOfFileEx
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW
CreateFileA
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
RaiseException
RtlUnwindEx
GetCurrentProcessId
CreateMutexW
ReleaseMutex
MultiByteToWideChar
TlsSetValue
SetLastError
GetCurrentProcess
SetPriorityClass
SetConsoleTitleA
GetQueuedCompletionStatus
WaitForMultipleObjects
TerminateThread
QueueUserAPC
VerSetConditionMask
VerifyVersionInfoA
CreateIoCompletionPort
CreateWaitableTimerA
CreateEventW
SetEvent
GetModuleHandleA
CloseHandle
WaitForSingleObject
SetWaitableTimer
TlsGetValue
TlsAlloc
TlsFree
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
GetSystemTimeAsFileTime
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
LoadLibraryExA
FormatMessageA
InitializeCriticalSection
Sleep
CreateThread
VirtualAlloc
VirtualProtect
LocalFree
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQuery

vcruntime140

__std_exception_copy
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
strrchr
memcmp
__DestructExceptionObject
memset
memcpy
strstr
strchr
memchr
__std_type_info_compare
__C_specific_handler
_purecall
memmove
__CxxFrameHandler3
__std_exception_destroy
__std_terminate
__RTDynamicCast

api-ms-win-crt-runtime-l1-1-0

abort
system
signal
_exit
_initterm
_configure_narrow_argv
__p___argc
_errno
_initialize_narrow_environment
_get_initial_narrow_environment
exit
strerror
__p___argv
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_c_exit
_invalid_parameter_noinfo_noreturn
_beginthreadex
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
realloc
_callnewh
calloc
free

api-ms-win-crt-time-l1-1-0

strftime
_mktime64
_difftime64
_localtime64
_gmtime64
_time64
clock

api-ms-win-crt-string-l1-1-0

_strnicmp
strncmp
toupper
_stricmp
strlen
tolower
isspace
strncpy
strcmp

api-ms-win-crt-stdio-l1-1-0

ferror
feof
fputs
clearerr
fgets
fwrite
getc
_pclose
_popen
setvbuf
tmpfile
ungetc
__stdio_common_vfscanf
fputc
fflush
__acrt_iob_func
tmpnam
__stdio_common_vsprintf
fread
__p__commode
_fseeki64
putchar
_ftelli64
__stdio_common_vswprintf_s
fopen
__p__fmode
fclose
getchar
puts
_set_fmode
__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

__setusermatherr
cos
atan
acos
logf
exp
log10
log
pow
tanh
round
atan2
fmod
ldexp
asin
tan
ceil
log2
log2f
ceilf
floor
roundf
sin
sinh
sqrt
cosh

api-ms-win-crt-convert-l1-1-0

strtol
strtoul

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-filesystem-l1-1-0

rename
remove

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a397be5bf7d3a0b328c481047426487

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libmysql

msvcp140

ws2_32

mswsock

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 591KB - Virtual size: 591KB

.data Size: 47KB - Virtual size: 92KB

.pdata Size: 99KB - Virtual size: 99KB

.rsrc Size: 244KB - Virtual size: 243KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 591KB - Virtual size: 591KB

.data
Size: 47KB - Virtual size: 92KB

.pdata
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 244KB - Virtual size: 243KB

.reloc
Size: 9KB - Virtual size: 8KB