2947550eebc343a1d21c29064bea26586d3305b64e6d4f9688db14b70fe8bc28[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2947550eebc343a1d21c29064bea26586d3305b64e6d4f9688db14b70fe8bc28.exe
Size

156KB
MD5

e4049176c0b3d9be7c683866682fffa0
SHA1

75932b145a2bea1a1587b68516807334d963fc38
SHA256

2947550eebc343a1d21c29064bea26586d3305b64e6d4f9688db14b70fe8bc28
SHA512

ae15528bfe80ec644dfc930ed32e5d581614ded2b403553699c9cb0e84ca543454ecc92e9657a0037c6068ed49a9923fdb216188dc9711d73a455c20616344ac
SSDEEP

3072:cLkv5cjbWpec3QpMYi4XEbxoTf2ZAMEqDoL0HosFwl:cLkv5cnWpD3Qpy4XKoTOAMEqzo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2947550eebc343a1d21c29064bea26586d3305b64e6d4f9688db14b70fe8bc28.exe

Files

2947550eebc343a1d21c29064bea26586d3305b64e6d4f9688db14b70fe8bc28.exe
.dll windows:4 windows x86 arch:x86

4c457bc905cd9f9b42d92d1651a6bd42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\wsdb\db2nt_v82fps\s060120\engn\lib\db2syspn.pdb

Imports

db2sys

sqloxlatchinit_app
sqlt_system_error
sqloDelAllQueues2
sqloxult_app
sqloMapUnexpectedFileSystemErrorToZRC
sqloxltc_app
pdtEntry4
pdLogPrintf
pdtData3
?ImInTheEngine@@3HA
pdtData1
sqloIsServerProductInstalled
sqloStr2Flag
pdtError
pdtData2
pdtEntry
pdtEntry2
sqloWaitInterrupt
sqloSetMPPNodeNum
sqloGetInstanceOwnerName
pdtEntry3
pdtExit1
pdtEntry1
pdtExit
pdLog
pdtEntry5
sqltData3
sqloGetAppProcFlag
sqloGetEnvInternal
pdLogSysRC
sqloclose
sqloread
sqloopenp
sqloInstallPath
?sqloGetPwdInfo@@YAHPAD0@Z
?userid16Bit@@3PADA
sqloAmIWin2K
sqlt_logerr_data
?bImOnTheApplicationSide@@3HA
sqlt_logadmin
sqloLogAndMapFileSystemErrorToZrc
sqlorest
sqlo_acs_fblk
sqltData2
sqlt_logerr_str
sqloacss
sqlo_acs_gblk
sqlolngs
sqlogmblkEx
sqltData
sqlofmblkEx
sqltExit
sqltError
sqltEntry
?bWin2KTerminalService@@3HA
sqlo_track_drop_latch
sqlomcpi
sqlo_track_get_latch
sqlo_track_wait_latch
sqloSpinLockConflict
sqlogins

db2app

?Im16Bit@@3HA
sqlfcsys

db2wint

g_sqlzUseLatchTracking
sqlz_platform
sqlz_krcbp
sqloNTNodeNum
MemFcmFromAddr
MemFcmToAddr
g_sqltCompTraceFlags

db2osse

ossLockGetConflict
g_bIsPlatformID_Win32OnNT
g_bIsPlatformID_Win2k
@ossWin32Lock8ReleaseInternal@4
g_bIsPlatformID_Win2k3
ossSnprintf
ossSetSecurityAttributesForOSS
@ossWin32Lock8ExchangeInternal@4
g_bIsPlatformID_WinXP

db2g11n

sqlnlstoup2

db2sec

secSplitUserid

advapi32

GetSidSubAuthority
CreateServiceA
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges
LsaNtStatusToWinError
LsaAddAccountRights
LsaClose
LsaOpenPolicy
SetEntriesInAclW
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
LogonUserA
ImpersonateLoggedOnUser
EqualPrefixSid
EqualSid
OpenThreadToken
OpenProcessToken
RevertToSelf
LookupAccountNameA
IsValidSid
FreeSid
AllocateAndInitializeSid
LookupAccountSidA
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetLengthSid
GetNamedSecurityInfoA
GetNamedSecurityInfoW
GetSecurityInfo
SetSecurityInfo
CopySid
GetKernelObjectSecurity
SetKernelObjectSecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
IsValidAcl
InitializeAcl
AddAce
GetAce
AddAccessAllowedAce
AddAccessDeniedAce
LsaRemoveAccountRights
LookupAccountNameW
SetNamedSecurityInfoW

user32

wsprintfW

netapi32

NetGetAnyDCName
NetApiBufferAllocate
NetGetDCName
NetShareDel
NetShareAdd
NetUserChangePassword
NetUserDel
NetUserAdd
NetShareGetInfo
NetLocalGroupDelMembers
NetLocalGroupAddMembers
NetWkstaGetInfo
NetGroupGetUsers
NetLocalGroupAdd
NetServerEnum
NetServerGetInfo
NetUserEnum
NetGroupEnum
NetUserGetInfo
NetUserGetGroups
NetUserGetLocalGroups
NetLocalGroupGetMembers
NetLocalGroupEnum
NetApiBufferFree

msvcr71

??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
wcsncmp
_strnicmp
wcslen
wcscat
_stricmp
strncpy
sprintf
wcscpy
wcscmp
wcschr

kernel32

ResumeThread
SuspendThread
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
HeapReAlloc
HeapFree
GetProcessHeap
FormatMessageA
GetUserDefaultLangID
TlsFree
GetCurrentThreadId
FindNextFileA
FindFirstFileA
DeleteFileA
GetFullPathNameA
RemoveDirectoryA
FindClose
GetFileAttributesA
CreateDirectoryA
Sleep
FreeLibrary
SetLastError
GetEnvironmentVariableA
LocalAlloc
GetComputerNameW
LocalFree
CreateEventA
DuplicateHandle
GetCurrentProcessId
GetComputerNameA
LoadLibraryA
OpenFileMappingA
OpenEventA
GetModuleHandleA
GetCurrentThread
GetCurrentProcess
OpenProcess
MultiByteToWideChar
CloseHandle
SetEvent
WaitForSingleObject
ResetEvent
MapViewOfFileEx
CreateFileMappingA
GetLastError
WideCharToMultiByte
GetProcAddress

Exports

Exports

?LSAstring@@3PADA
?sqloInitChckPwd@@YAHXZ
?sqloSpecialLogonHandling@@YAXFPAEPAD1@Z
?sqlo_ms_error@@YAHII@Z
?toString@SQLO_IPCWAITPOST@@QBEXQADI@Z
sqloANSIStringToWCString
sqloAddAdminRightsToGroup
sqloAddOrRemoveAce
sqloAddOrRemoveClientAce
sqloAddOrRemoveDB2UsersGroupAce
sqloAddOwnerAceToSecurityDescriptor
sqloAddRightsToGroup
sqloAddSIDToGroup
sqloAddUser
sqloAddUserRightsToGroup
sqloAddUsersGroupAllAccess
sqloAddUsersGroupWriteAccess
sqloAmIADomainController
sqloBuildEveryoneSid
sqloBuildLocalServiceSid
sqloBuildNetworkServiceSid
sqloBuildSecurityDescriptor
sqloBuildSystemSid
sqloCheckDomainList
sqloCheckSecGroupsMembership
sqloChgPassword
sqloChgUserPassword
sqloConstructResourceNameForAddress
sqloConvertSidToStringSidA
sqloConvertSidToStringSidW
sqloCopyFileSecurityInfoA
sqloCopyFileSecurityInfoW
sqloCopyNamedSecurityInfoA
sqloCopyNamedSecurityInfoW
sqloCreateDB2AdministratorsGroupAndAddRights
sqloCreateDB2UsersGroupAndAddRights
sqloCreateDirectory
sqloCreateGroup
sqloCreateNetworkShare
sqloCreateSecurityDescriptor
sqloCreateSecurityServerMemory
sqloCreateService
sqloDelUser
sqloDeleteNetworkShare
sqloDestroySecurityDescriptor
sqloEnumerateAgents
sqloExecuteOtherEDUExitList
sqloFncPtrFromID
sqloFreeSDMemory
sqloGetAccountSID
sqloGetAppProcFlag
sqloGetComputerNameA
sqloGetCurrentUser
sqloGetCurrentUserSID
sqloGetDB2AdministratorsGroupName
sqloGetDB2AdministratorsGroupSID
sqloGetDB2UsersGroupName
sqloGetDB2UsersGroupSID
sqloGetDefaultSecurityAttributes
sqloGetDomainName
sqloGetEdu_pGp
sqloGetLSAstring
sqloGetLogonUserDomain
sqloGetTlsParm
sqloGetUserFromAccessToken
sqloGetUserSidForProcess
sqloGetUserSidForThread
sqloGetVolumeNameForVolumeMountPoint
sqloGetWin2KUserDir
sqloGlobalGroupHasSID
sqloGroupHasSID
sqloHandleFromID
sqloImpersonateLocalSystem
sqloInitEDUWaitPost
sqloInitIPCWaitPost
sqloInitLsaString
sqloInitSecurityAttribute
sqloInitWin2KLibs
sqloIsCurrentUserAuthorized
sqloIsDomainSameAsCompName
sqloIsExtendedSecurityEnabled
sqloIsLocalAdmin
sqloIsSUInstall
sqloIsThisUserALocalAdmin
sqloNetGetAnyDCNameW
sqloNetGetDCNameW
sqloPostIPCWaitPost
sqloRemoveDirectory
sqloRemoveSIDFromGroup
sqloResetIPCWaitPost
sqloRetrieveAccessTokenHandle
sqloSaveUserDomainInCache
sqloSecFreeMemory
sqloSecurityServerisDown
sqloSecurityServerisUp
sqloSendSecurityResponse
sqloSetEffectiveUser@4
sqloSetFileSecurityInfo
sqloSetNamedSecurityInfoA
sqloSetNamedSecurityInfoW
sqloSetPrivilegeA
sqloSetPrivilegeW
sqloSetSecurityFlag
sqloSetUserRightsForService
sqloStoreTidHandle
sqloTermEDUWaitPost
sqloTermIPCWaitPost
sqloThreadChainDeque
sqloThreadChainEnque
sqloTransferHandleOwnership
sqloTrustedClient
sqloUseTokenSupport
sqloUserToUidGid
sqloWCStringToANSIString
sqloWaitForSecurityRequest
sqloWaitIPCWaitPost
sqloXferIPCWaitPostOwnership
sqlo_create_static_data
sqlo_create_static_data_anchors
sqlo_get_static_data
sqlo_get_static_data_engine
sqlo_get_userpw
sqlo_my_platform
sqlo_my_product
sqlo_my_product@0
sqlo_remove_static_data
sqlo_remove_static_data_anchors
sqlo_val_auth
sqlo_validate_pwd
sqlockpw_int
sqloggr2
sqloguid
sqlogus2
sqloisus
sqlolgr
sqlolgr3
sqlonamt
sqlorlog
sqlosignature
sqlovlog
sqlzThisIsADB2Library

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c457bc905cd9f9b42d92d1651a6bd42

Headers

File Characteristics

PDB Paths

Imports

db2sys

db2app

db2wint

db2osse

db2g11n

db2sec

advapi32

user32

netapi32

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 3KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 3KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 8KB - Virtual size: 6KB