AzSqlExt[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AzSqlExt.dll
Size

27KB
MD5

cc0c2cf2ebd58234c45c5d0c046abb79
SHA1

ce4f115a3e8b4bf62e141d7250e6bed40c62b96a
SHA256

89332187b496e54be770657eca28b65bc46a368c9ac850e7bfd01fcf5a7d9fb6
SHA512

ea6ebc809da7380b080a28d8ca48989fc2b58ec087426d251484383251e76a9ccc0f6a1b3157bbdf51e4429d9d0d05d3ebd4adcefa3797afe8fb4e971de255a8
SSDEEP

384:RkNWEb7T2IBmUx0BMON9jp6cBLSx0wzpcve+Zv9AWA3Lma5MeLISXzyVuWyWMg9t:In2IBFKN7zLSF+ELT5RLISXYnnJg8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AzSqlExt.dll

Files

AzSqlExt.dll
.dll windows:6 windows x86 arch:x86

0db6d1914c8b52724b48eff344a4cacb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AzSqlExt.pdb

Imports

msvcrt

_vsnwprintf
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
swscanf
_wcsicmp
__CxxFrameHandler
_purecall
_stricmp

ntdll

RtlUnwind

kernel32

LoadLibraryA
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess
GetCurrentThread
LocalAlloc
LocalFree

advapi32

GetTokenInformation
OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges

authz

AuthzRegisterSecurityEventSource
AuthzInstallSecurityEventSource
AuthzEnumerateSecurityEventSources
AuthzReportSecurityEvent

ole32

StringFromCLSID
CoTaskMemFree

odbc32

ord136
ord31
ord9
ord145
ord139
ord26
ord176
ord77
ord141
ord72
ord4
ord111

Exports

Exports

AzGenerateAudit
__GetXpVersion
xp_AzManAddRole
xp_AzManAddUserToRole
xp_AzManDeleteRole
xp_AzManRemoveUserFromRole

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0db6d1914c8b52724b48eff344a4cacb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

authz

ole32

odbc32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB