987179b3d656114ed3d2e701d3da3bafa3940c386459be44d59077ccd5358cb1

Sharing

Copy URL Twitter E-mail

General

Target

987179b3d656114ed3d2e701d3da3bafa3940c386459be44d59077ccd5358cb1
Size

2.9MB
MD5

b4030c5e2ebcf2ec986e71f9998387d8
SHA1

1ddedd53a737b3d8cbaf20e7e978d36be221798c
SHA256

987179b3d656114ed3d2e701d3da3bafa3940c386459be44d59077ccd5358cb1
SHA512

6cf32bebb63dae930d22a13223725d239f663edbc72b60dcde4ded25f51fb499883eca48d5d931729b8c006543f4d6c930ddc32a6fc439c6fd8099d6b596d792
SSDEEP

49152:af4la9ltrMZYE5AOCeiyBKRXaZstmTXEyi3HBTbMRgcwxRi4WCtzaUUrulX/PtOw:3laVQPvm+ZezaUUrwPPtWcIfbBajc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
987179b3d656114ed3d2e701d3da3bafa3940c386459be44d59077ccd5358cb1

Files

987179b3d656114ed3d2e701d3da3bafa3940c386459be44d59077ccd5358cb1
.exe windows:6 windows x64 arch:x64

1f4bf288cc99e97043152f360bb4d655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Program Files (x86)\MySQLConf\Release_2019\Pdb\MysqlBackupConf.pdb

Imports

kernel32

EnumSystemLocalesW
IsValidLocale
LCMapStringW
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
IsValidCodePage
GetConsoleMode
QueryPerformanceFrequency
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GetSystemInfo
VirtualAlloc
GetTimeZoneInformation
GetCommandLineW
FindNextFileW
CreateDirectoryW
GetPrivateProfileStringA
WritePrivateProfileSectionW
WritePrivateProfileStringA
GetPrivateProfileSectionNamesW
OutputDebugStringW
GetConsoleOutputCP
ReadConsoleW
SetFilePointerEx
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
FindFirstFileExW
GetUserDefaultLCID
GetTempFileNameW
Sleep
GetProfileIntW
GetTickCount
SearchPathW
GetWindowsDirectoryW
FindResourceExW
GetTempPathW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GlobalFlags
VerifyVersionInfoW
VerSetConditionMask
InitializeCriticalSectionAndSpinCount
GetThreadLocale
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
FileTimeToSystemTime
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
GetLocalTime
GetPrivateProfileIntW
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
GetCurrentProcessId
WideCharToMultiByte
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetProcAddress
GetModuleHandleExW
SetLastError
OutputDebugStringA
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
WritePrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenEventW
MapViewOfFile
OpenFileMappingW
GetLastError
GetCurrentProcess
GetPrivateProfileStringW
GetModuleFileNameW
MultiByteToWideChar
GetLocaleInfoW
lstrcpynW
ResetEvent
WaitForSingleObject
CloseHandle
UnmapViewOfFile
FindResourceW
LoadResource
LockResource
SizeofResource

user32

GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
IntersectRect
EnumDisplayMonitors
LoadCursorW
GetSysColorBrush
SetLayeredWindowAttributes
CharUpperW
SetCursor
ShowOwnedPopups
GetMessageW
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
LoadMenuW
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
OffsetRect
SetRectEmpty
SendDlgItemMessageA
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
TrackMouseEvent
IsZoomed
SetCapture
ReleaseCapture
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
InsertMenuW
GetMenuState
GetMenuStringW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
DeleteMenu
SetWindowRgn
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
DestroyIcon
CheckMenuItem
IsDialogMessageW
LoadImageW
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
DrawEdge
GetCursorPos
EnableWindow
SendMessageW
GetSystemMenu
RemoveMenu
PeekMessageW
TranslateMessage
DispatchMessageW
SetTimer
KillTimer
InvalidateRect
CallWindowProcA
GetClientRect
PtInRect
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
CopyRect
GetSysColor
DrawFrameControl
DrawTextW
DrawFocusRect
LoadIconW
AppendMenuW
IsIconic
GetSystemMetrics
DrawIcon
GetWindowRect
UnregisterClassW
DrawStateW
UpdateWindow
FillRect
GetClassNameW
LoadBitmapW
IsWindow
GetKeyNameTextW
MapVirtualKeyW
GetDC
ReleaseDC
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
MessageBoxW
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetParent
BringWindowToTop
LockWindowUpdate
SetClassLongPtrW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
GetIconInfo
HideCaret
InvertRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
DrawIconEx
ScreenToClient
MapWindowPoints
EqualRect
GetWindowLongW
SetWindowLongW
GetClassLongPtrW
GetParent
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
CheckDlgButton
IsWindowEnabled
SetWindowTextW
GetWindowRgn
GetComboBoxInfo

gdi32

CopyMetaFileW
CreateBitmap
PatBlt
CreateRectRgnIndirect
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush
DeleteDC
ExtTextOutW
SetTextColor
SetBkColor
GetTextMetricsW
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateDIBitmap
CreateDCW
GetTextCharsetInfo
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
EnumFontFamiliesW
SetViewportOrgEx
RestoreDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyW
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
DragFinish
DragQueryFileW
SHAppBarMessage
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
StrStrW

uxtheme

GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeParentBackground
IsAppThemed

ole32

CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayDestroy
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect

oledlg

OleUIBusyW

gdiplus

GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipGetImagePixelFormat
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette

libdiskmgr

DISKMGR_GetValidDisk

libmysql

mysql_query
mysql_error
mysql_init
mysql_close
mysql_options
mysql_real_connect

ws2_32

getaddrinfo
setsockopt
freeaddrinfo
htons
inet_ntop
recv
connect
socket
closesocket
inet_addr
WSAStartup
send

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f4bf288cc99e97043152f360bb4d655

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

libdiskmgr

libmysql

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 606KB - Virtual size: 605KB

.data Size: 34KB - Virtual size: 79KB

.pdata Size: 95KB - Virtual size: 95KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 61KB - Virtual size: 61KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 606KB - Virtual size: 605KB

.data
Size: 34KB - Virtual size: 79KB

.pdata
Size: 95KB - Virtual size: 95KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 61KB - Virtual size: 61KB