8ed231e298844fe65c060f7f56c2477ac5e5f66554f04c91a715eccac458e21d

Sharing

Copy URL Twitter E-mail

General

Target

8ed231e298844fe65c060f7f56c2477ac5e5f66554f04c91a715eccac458e21d
Size

1.9MB
MD5

2efbf54797080f6c769fedef6aeccf56
SHA1

a9baa53a8b1b3766ab0ae581d60054c342957f18
SHA256

8ed231e298844fe65c060f7f56c2477ac5e5f66554f04c91a715eccac458e21d
SHA512

71c1b91a7b37139f5e5e1f678ac60269982a372b6662bf56d25b711ed23a1c57600c0f724cfd535386454da6281dbd886eee01c3018bd8bae05d99cd6c2f1dc0
SSDEEP

24576:ElCOnOoaFzMrqll97WWd9T1RNGap8Df3q8KBflnfPP:A2Fz7vDT1RJp8b39EfZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ed231e298844fe65c060f7f56c2477ac5e5f66554f04c91a715eccac458e21d

Files

8ed231e298844fe65c060f7f56c2477ac5e5f66554f04c91a715eccac458e21d
.exe windows:4 windows x86 arch:x86

e5df0192e7a7b06391c28b38fbe7f554

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\build\mysql-5.0.41-winbuild\mysql-community-nt-5.0.41-build\client\RelWithDebInfo\mysqlcheck.pdb

Imports

wsock32

WSASetLastError
inet_addr
gethostbyname
getpeername
shutdown
closesocket
setsockopt
send
recv
select
__WSAFDIsSet
inet_ntoa
WSAStartup
WSACleanup
getservbyname
ntohs
socket
WSAGetLastError
ioctlsocket
htons
connect

kernel32

PeekNamedPipe
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
SetCurrentDirectoryA
SetStdHandle
GetFileInformationByHandle
SetEndOfFile
GetLocaleInfoW
LCMapStringW
LCMapStringA
RaiseException
SetEnvironmentVariableA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetLastError
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
OpenEventA
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
InterlockedIncrement
ReadFile
WriteFile
WaitForMultipleObjects
GetFileAttributesExA
CreateEventA
ResetEvent
SetThreadPriority
FindClose
FindNextFileA
FindFirstFileA
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
SetConsoleCtrlHandler
WideCharToMultiByte
GetTimeZoneInformation
SetEnvironmentVariableW
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
ExitThread
ResumeThread
CreateThread
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
FatalAppExitA
GetTickCount
GetCurrentProcessId
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
VirtualAlloc
IsBadWritePtr
VirtualProtect
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetFilePointer
InterlockedExchange
HeapSize
LoadLibraryA
GetACP
GetOEMCP
CompareStringA

advapi32

RegEnumValueA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 911B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5df0192e7a7b06391c28b38fbe7f554

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

advapi32

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 8KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 911B

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 8KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 911B