AzSqlExt[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

AzSqlExt.dll
Size

27KB
MD5

4cb38c42a48ab02defdb1e038735a833
SHA1

9b15543f0e82d88158ec8706882c1d926acdebe4
SHA256

f691676155a5ce88e8476cc22a8a084b2e4d6e2eb1c8290106fe7113255de829
SHA512

235d524258741080a729dd62b98f97d1dc84f31d998fbdeee1eaca62fd44554bb218aa5c026256fbde505448142f2aeeb4d2d2ea569dbf26abcbb695fd829fa9
SSDEEP

384:mIOkNWEb782IBmUx0BMON9jp6cBLSx0wzpcve+Zv9AWA3Lma5MezISAPTv+WMpVn:mIjo2IBFKN7zLSF+ELT5RzISAjgRg8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AzSqlExt.dll

Files

AzSqlExt.dll
.dll windows:6 windows x86 arch:x86

0db6d1914c8b52724b48eff344a4cacb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AzSqlExt.pdb

Imports

msvcrt

_vsnwprintf
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
swscanf
_wcsicmp
__CxxFrameHandler
_purecall
_stricmp

ntdll

RtlUnwind

kernel32

LoadLibraryA
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess
GetCurrentThread
LocalAlloc
LocalFree

advapi32

GetTokenInformation
OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges

authz

AuthzRegisterSecurityEventSource
AuthzInstallSecurityEventSource
AuthzEnumerateSecurityEventSources
AuthzReportSecurityEvent

ole32

StringFromCLSID
CoTaskMemFree

odbc32

ord136
ord31
ord9
ord145
ord139
ord26
ord176
ord77
ord141
ord72
ord4
ord111

Exports

Exports

AzGenerateAudit
__GetXpVersion
xp_AzManAddRole
xp_AzManAddUserToRole
xp_AzManDeleteRole
xp_AzManRemoveUserFromRole

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0db6d1914c8b52724b48eff344a4cacb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

authz

ole32

odbc32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB