32e8001b22842d3a47cd137b60c0091a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

32e8001b22842d3a47cd137b60c0091a_JaffaCakes118
Size

695KB
MD5

32e8001b22842d3a47cd137b60c0091a
SHA1

bc12ece424b87e88e9f7f8365649d55aa6c5df1d
SHA256

6fd01e7c046a0dbee635b69f5457a6d62405fd16faa30b708b8ecf41847867fd
SHA512

1b67d244face54acf04bcf607202157102df93a585d414426516d8b6f0d4873a2403a88b929c61a2854366f4803e8b73f00ab7fcd9d897cd714bfa6e3315abcc
SSDEEP

12288:yXHubF8ELfKnAKfs36k40/PpzWFeWifBDTqUlblsB42KJoT2FZeXYaztppp:yXAXLfKnuKs/RzWFeWeZTqc5sB42KJoR

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PipeCmd.exe
unpack001/hscan.exe
unpack001/hscangui.exe
unpack001/libmySQL.dll
unpack001/oncrpc.dll
unpack001/tools/NTCmd.exe
unpack001/tools/Sqlcmd.exe
unpack001/tools/cygwinb19.dll
unpack001/tools/mysql.exe

Files

32e8001b22842d3a47cd137b60c0091a_JaffaCakes118
.zip
PipeCmd.exe
.exe windows:4 windows x86 arch:x86

16128d6b32aaef62be90549abfbee5dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
LockResource
SizeofResource
GetModuleHandleA
WaitNamedPipeA
SetConsoleTitleA
GetCurrentProcessId
ExitThread
Sleep
CloseHandle
CopyFileA
GetLastError
ReadFile
GetStdHandle
ReadConsoleA
GetComputerNameA
SetConsoleCtrlHandler
CreateFileA
WriteFile
SetConsoleCursorPosition
SetLastError
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA

advapi32

OpenSCManagerA
InitializeSecurityDescriptor
OpenServiceA
CreateServiceA
SetSecurityDescriptorDacl
StartServiceA
CloseServiceHandle

mpr

WNetAddConnection2A
WNetCancelConnection2A

msvcrt

fprintf
_iob
_mbsicmp
fflush
__p___argv
__p___argc
_mbsnbicmp
sprintf
_splitpath
_beginthread
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
conf/common.cgi
conf/ftp_pass.dic
conf/ftp_user.dic
conf/imap_pass.dic
conf/imap_user.dic
conf/ipc_pass.dic
conf/ipc_user.dic
conf/mssql_pass.dic
conf/mssql_user.dic
conf/mysql_pass.dic
conf/mysql_user.dic
conf/nt.cgi
conf/pop_pass.dic
conf/pop_user.dic
conf/rpc.lst
conf/telnet_pass.dic
conf/telnet_user.dic
conf/unix.cgi
hscan.exe
.exe windows:4 windows x86 arch:x86

a12d43068bb05af9291d3267c70d338d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
CompareStringW
CompareStringA
GetFileAttributesA
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
ExitProcess
Sleep
ReadConsoleInputA
CreateThread
LocalFree
GetOEMCP
GetACP
GetCPInfo
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CreateFileA
GetStringTypeW
GetStringTypeA
ReadFile
FlushFileBuffers
SetStdHandle
SetEndOfFile
lstrcpyA
LoadLibraryA
HeapDestroy
HeapReAlloc
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapFree
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
WideCharToMultiByte
HeapAlloc
SetFilePointer
GetModuleHandleA
GetProcAddress
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
CloseHandle
GetVersion
GetCommandLineA
MultiByteToWideChar
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetLastError
DeleteFileA
GetTimeZoneInformation
RtlUnwind
FindClose
FileTimeToSystemTime
TerminateProcess
GetCurrentProcess
FindFirstFileA
FindNextFileA

user32

wsprintfA

advapi32

GetSidIdentifierAuthority
LookupAccountNameA
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
LookupAccountSidA
FreeSid

shell32

ShellExecuteA

odbc32

ord75
ord24
ord41
ord3
ord31

oncrpc

rpc_nt_init
xdr_void
xdr_pmaplist
clnttcp_create
rpc_nt_exit

icmp

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

ws2_32

gethostbyaddr
closesocket
WSAStartup
inet_addr
shutdown
gethostbyname
getservbyport
inet_ntoa
WSACleanup
select
connect
ioctlsocket
socket
send
recv
htons
htonl
ntohl

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetUserEnum
NetApiBufferFree

libmysql

mysql_init
mysql_real_connect
mysql_get_server_info
mysql_close

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hscanconf.ini
hscangui.exe
.exe windows:4 windows x86 arch:x86

9888023affc8c2ea341a5eaa340aa329

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3081
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord825
ord2302
ord4234
ord6334
ord6199
ord4710
ord755
ord470
ord2379
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord4424
ord3640
ord567
ord693
ord800
ord2915
ord540
ord3996
ord941
ord823
ord1829
ord4275
ord3573
ord656
ord3626
ord3663
ord2414
ord1641
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord3136
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord3259
ord2976
ord3830
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord537
ord5953
ord4837
ord3610
ord1146
ord1168
ord6880
ord3092
ord4299
ord6215
ord4224
ord2864
ord3874
ord4220
ord2584
ord3654
ord2438
ord2863
ord1644
ord860
ord858
ord3301
ord2370
ord2301
ord5572
ord1949
ord818
ord2152
ord1233
ord6270
ord1175
ord3798
ord5280
ord4353
ord5265
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord2985
ord3262
ord4465
ord4079
ord5277
ord3147
ord2982
ord5261
ord2124
ord2446
ord3749
ord1727
ord5065
ord2648
ord6376
ord2055
ord5302
ord4441
ord2725
ord5731
ord3402
ord1576

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__p__commode
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
_controlfp
__p__fmode
time
ctime
exit
atoi
mbstowcs
__set_app_type
strncat
_strlwr
_except_handler3
system
__dllonexit
_local_unwind2
_chdir
_findfirst
_findnext
_findclose
remove
fprintf
fseek
fgets
fclose
clock
strncpy
strchr
sprintf
strstr
__CxxFrameHandler
fopen
_stricmp
_setmbcp

kernel32

GetPrivateProfileStringA
Sleep
GetFileAttributesA
lstrcpyA
CreateThread
LocalFree
CloseHandle
GetPrivateProfileIntA
WinExec
LocalAlloc
GetCurrentDirectoryA
GetModuleHandleA
SetCurrentDirectoryA
GetStartupInfoA
WritePrivateProfileStringA

user32

SendMessageA
GetWindow
LoadIconA
LoadMenuA
TrackPopupMenu
IsIconic
GetSystemMetrics
DrawIcon
InvalidateRect
wsprintfA
GetSubMenu
EnableWindow
SetForegroundWindow
UpdateWindow
SetMenuDefaultItem
GetCursorPos
GetClientRect
GetWindowRect
FindWindowA

gdi32

CreateSolidBrush

comdlg32

GetOpenFileNameA

advapi32

GetSidSubAuthorityCount
FreeSid
GetSidSubAuthority
LookupAccountSidA
LookupAccountNameA
GetSidIdentifierAuthority
AllocateAndInitializeSid

shell32

Shell_NotifyIconA
ShellExecuteA

oncrpc

rpc_nt_exit
clnttcp_create
xdr_pmaplist
xdr_void
rpc_nt_init

icmp

IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

ws2_32

socket
htonl
recv
send
ioctlsocket
select
htons
WSAStartup
inet_addr
gethostbyname
ntohl
WSACleanup
inet_ntoa
shutdown
getservbyport
gethostbyaddr
closesocket
connect

wininet

InternetCloseHandle
InternetOpenA
InternetConnectA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetApiBufferFree
NetUserEnum

odbc32

ord24
ord41
ord3
ord31
ord75

libmysql

mysql_init
mysql_real_connect
mysql_get_server_info
mysql_close

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
libmySQL.dll
.dll windows:4 windows x86 arch:x86

006c49710d9884ca7c15f8d95eeb51d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

getservbyname
ntohs
WSAGetLastError
htons
ioctlsocket
closesocket
shutdown
recv
setsockopt
send
WSACleanup
WSAStartup
socket
gethostbyname
connect

kernel32

GetFullPathNameA
SetEnvironmentVariableW
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
GetOEMCP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetCurrentThreadId
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetLastError
InterlockedIncrement
DeleteCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
CreateSemaphoreA
InterlockedDecrement
Sleep
ReadFile
WriteFile
HeapDestroy
HeapCreate
CompareStringW
CompareStringA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetFileType
GetStartupInfoA
LoadLibraryA
GetCommandLineA
GetVersion
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
LCMapStringW
GetACP
VirtualFree
VirtualAlloc
RtlUnwind
SetHandleCount
GetStdHandle
IsValidCodePage
GetLocaleInfoA
SetLastError
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
LCMapStringA
GetCurrentDirectoryA
SetFilePointer
GetCPInfo
IsValidLocale
GetProcAddress
EnumSystemLocalesA
GetUserDefaultLCID
RaiseException
GetDriveTypeA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStringsW

advapi32

RegOpenKeyExA
RegEnumValueA
RegCloseKey

Exports

Exports

_dig_vec
bmove_upp
delete_dynamic
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
max_allowed_packet
my_casecmp
my_end
my_init
my_malloc
my_memdup
my_no_flags_free
my_realloc
my_strdup
my_thread_end
my_thread_init
myodbc_remove_escape
mysql_affected_rows
mysql_change_user
mysql_character_set_name
mysql_close
mysql_connect
mysql_create_db
mysql_data_seek
mysql_debug
mysql_drop_db
mysql_dump_debug_info
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_client_info
mysql_get_host_info
mysql_get_proto_info
mysql_get_server_info
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_row_seek
mysql_row_tell
mysql_select_db
mysql_send_query
mysql_shutdown
mysql_stat
mysql_store_result
mysql_thread_id
mysql_thread_safe
mysql_use_result
net_buffer_length
set_dynamic
strcend
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oncrpc.dll
.dll windows:1 windows x86 arch:x86

2125b46849b9f195b9b037623de522f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetConsoleCtrlHandler
VirtualFree
GetFileType
GlobalMemoryStatus
GetCurrentProcessId
WriteFile
ExitProcess
RtlUnwind
GetFileAttributesA
GetEnvironmentStrings
GetCurrentThreadId
GetStdHandle
CloseHandle
GetModuleHandleA
GetLocalTime
GetModuleFileNameA
GetCommandLineA
SetFilePointer
CreateFileA
RaiseException
LeaveCriticalSection
InitializeCriticalSection
DeleteFileA
GetVersion
GetTimeZoneInformation
ReadFile
GetLastError
GetStartupInfoA
GetProcAddress
EnterCriticalSection
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc

wsock32

socket
setsockopt
send
select
recvfrom
ntohs
ntohl
listen
ioctlsocket
htons
htonl
getsockname
getprotobyname
gethostname
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
recv
WSAStartup
WSAGetLastError
WSACleanup
sendto

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

MessageBoxA
EnumThreadWindows

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
_null_auth
authnone_create
authunix_create
authunix_create_default
bcmp
bcopy
bzero
clnt_broadcast
clnt_create
clnt_pcreateerror
clnt_perrno
clnt_perror
clnt_spcreateerror
clnt_sperrno
clnt_sperror
clntraw_create
clnttcp_create
clntudp_bufcreate
clntudp_create
get_myaddress
getrpcbyname
getrpcbynumber
pmap_getmaps
pmap_getport
pmap_set
pmap_unset
rpc_createerr
rpc_nt_exit
rpc_nt_init
svc_fdset
svc_getreq
svc_getreqset
svc_register
svc_run
svc_sendreply
svc_unregister
svcerr_auth
svcerr_decode
svcerr_noproc
svcerr_noprog
svcerr_progvers
svcerr_systemerr
svcerr_weakauth
svcraw_create
svctcp_create
svcudp_bufcreate
svcudp_create
xdr_array
xdr_authunix_parms
xdr_bool
xdr_bytes
xdr_callhdr
xdr_callmsg
xdr_char
xdr_des_block
xdr_double
xdr_enum
xdr_float
xdr_free
xdr_int
xdr_long
xdr_netobj
xdr_opaque
xdr_opaque_auth
xdr_pmap
xdr_pmaplist
xdr_pointer
xdr_reference
xdr_replymsg
xdr_short
xdr_string
xdr_u_char
xdr_u_int
xdr_u_long
xdr_u_short
xdr_union
xdr_vector
xdr_void
xdr_wrapstring
xdrmem_create
xdrrec_create
xdrrec_endofrecord
xdrrec_eof
xdrrec_skiprecord
xdrstdio_create
xprt_register
xprt_unregister

Sections

CODE
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugin/fpe2k.hsp
plugin/luenum.hsp
plugin/qpop.hsp
plugin/sunftp.hsp
tools/NTCmd.exe
.exe windows:4 windows x86 arch:x86

73767e539e9720aff83d4da1db391803

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
DuplicateHandle
GetCurrentProcess
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetLastError
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
HeapReAlloc
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
CloseHandle
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
ReadFile
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
FlushFileBuffers
GetFileAttributesA
CreateProcessA
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/Sqlcmd.exe
.exe windows:4 windows x86 arch:x86

794cb112594371ed14da81bc0592ca2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

ord24
ord3
ord75
ord41
ord43
ord11
ord13

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
CloseHandle
LoadLibraryA
SetStdHandle
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
HeapReAlloc
VirtualAlloc
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
GetOEMCP
GetProcAddress
GetLastError
ReadFile
FlushFileBuffers
SetFilePointer
GetCPInfo
GetACP

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/cygwinb19.dll
.dll windows:4 windows x86 arch:x86

0f068abeaa3b9ee1380205dbc1e98308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
IsValidSecurityDescriptor
IsValidSid
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
SetKernelObjectSecurity
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CreateProcessAsUserA
DeregisterEventSource
GetFileSecurityA
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameA
InitializeSecurityDescriptor

kernel32

Beep
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeEnvironmentStringsA
FreeLibrary
GetCommState
GetCommTimeouts
GetCommandLineA
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleA
ClearCommBreak
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStringsA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
CloseHandle
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetThreadContext
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
HeapAlloc
CopyFileA
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
CreateDirectoryA
LeaveCriticalSection
LoadLibraryA
LockFile
LockFileEx
MapViewOfFile
MapViewOfFileEx
MoveFileA
MoveFileExA
OpenEventA
OpenFileMappingA
CreateEventA
OpenProcess
OpenSemaphoreA
PeekConsoleInputA
PeekNamedPipe
PulseEvent
PurgeComm
CreateFileA
ReadConsoleInputA
CreateFileMappingA
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
ScrollConsoleScreenBufferA
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
CreateMutexA
SetEvent
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetPriorityClass
SetStdHandle
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
CreatePipe
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TransmitCommChar
CreateProcessA
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
CreateSemaphoreA
WriteConsoleInputA
WriteFile
BackupRead
WriteProcessMemory
CreateThread
DeleteFileA
BackupSeek
DuplicateHandle
EnterCriticalSection
BackupWrite
EscapeCommFunction
ExitProcess
ExitThread

user32

DefWindowProcA
DispatchMessageA
FindWindowA
GetMessageA
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationA
KillTimer
CharToOemA
MessageBoxA
MsgWaitForMultipleObjects
OemToCharW
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
SendMessageA
SetTimer
SetUserObjectSecurity
CreateWindowExA

Exports

Exports

__assert
__assertfail
__cygwin32_stack_trace
__cygwin_environ
__empty
__eprintf
__errno
__infinity
__main
__srget
__swbuf
__vc__10pinfo_listi
_abort
_abs
_access
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_asctime
_asin
_asinf
_asinh
_asinhf
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_chmod
_chown
_chroot
_clearerr
_clock
_close
_closedir
_closelog
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_cuserid
_cwait
_daylight
_difftime
_div
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_fabs
_fabsf
_fchmod
_fclose
_fcntl
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fopen
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_frexp
_frexpf
_fscanf
_fseek
_fsetpos
_fstat
_fstatfs
_fsync
_ftell
_ftime
_ftruncate
_fwrite
_gcvt
_gcvtf
_get_osfhandle
_getc
_getchar
_getcwd
_getdomainname
_getdtablesize
_getegid
_getenv
_geteuid
_getgid
_getgrent
_getgrgid
_getgrnam
_getgroups
_gethostname
_getlogin
_getmntent
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getrusage
_gets
_gettimeofday
_getuid
_getw
_getwd
_gmtime
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_index
_infinity
_infinityf
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_kill
_labs
_ldexp
_ldexpf
_ldiv
_link
_localeconv
_localtime
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lseek
_lstat
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mkstemp
_mktemp
_mktime
_modf
_modff
_mount
_nan
_nanf
_nextafter
_nextafterf
_nice
_ntohl
_ntohs
_open
_opendir
_openlog
_pathconf
_pclose
_perror
_pipe
_popen
_pow
_powf
_printf
_putc
_putchar
_putenv
_puts
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_regcomp
_regerror
_regexec
_regfree
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scanf
_select
_setbuf
_setegid
_setenv
_seteuid
_setgid
_setgrent
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setsid
_settimeofday
_setuid
_setvbuf
_sigaction
_sigaddset
_sigdelset
_sigemptyset
_sigfillset
_sigismember
_signal
_significand
_significandf
_sigpending
_sigprocmask
_sigsuspend
_sin
_sinf
_sinh
_sinhf
_siprintf
_sleep
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_sprintf
_sqrt
_sqrtf
_srand
_sscanf
_stat
_statfs
_strace_wm
_strcasecmp
_strcat
_strchr
_strcmp
_strcoll
_strcpy
_strcspn
_strdup
_strerror
_strftime
_strlen
_strlwr
_strncasecmp
_strncat
_strncmp
_strncpy
_strpbrk
_strrchr
_strsep
_strspn
_strstr
_strtod
_strtodf
_strtok
_strtol
_strtoul
_strupr
_strxfrm
_swab
_symlink
_sync
_sysconf
_syslog
_system
_tan
_tanf
_tanh
_tanhf
_tcdrain
_tcflow
_tcflush
_tcgetattr
_tcgetpgrp
_tcsendbreak
_tcsetattr
_tcsetpgrp
_tempnam
_time
_times
_timezone
_tmpfile
_tmpnam
_toascii
_tolower
_toupper
_truncate
_ttyname
_tzname
_tzset
_umask
_umount
_uname
_ungetc
_unlink
_unsetenv
_usleep
_utime
_utimes
_vfiprintf
_vfork
_vfprintf
_vhangup
_vprintf
_vsprintf
_wait
_waitpid
_wcscmp
_wcslen
_wcstombs
_wctomb
_wprintf
_write
_writev
abort
abs
accept
access
acos
acosf
acosh
acoshf
alarm
asctime
asin
asinf
asinh
asinhf
atan
atan2
atan2f
atanf
atanh
atanhf
atexit
atof
atoff
atoi
atol
bcmp
bcopy
bind
bsearch
bzero
cabs
cabsf
calloc
cbrt
cbrtf
ceil
ceilf
cfgetispeed
cfgetospeed
cfsetispeed
cfsetospeed
chdir
chmod
chown
chroot
cleanup_glue
clearerr
clock
close
closedir
closelog
connect
copysign
copysignf
cos
cosf
cosh
coshf
creat
ctermid
ctime
cuserid
cwait
cygwin32_attach_handle_to_fd
cygwin32_conv_to_full_posix_path
cygwin32_conv_to_full_win32_path
cygwin32_conv_to_posix_path
cygwin32_conv_to_win32_path
cygwin32_detach_dll
cygwin32_getshared
cygwin32_internal
cygwin32_posix_path_list_p
cygwin32_posix_to_win32_path_list

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/mysql.exe
.exe windows:4 windows x86 arch:x86

eebae69bbcdbf0cf9d738e09705f99ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cygwinb19

__swbuf
abort
access
atoi
atol
bcmp
bzero
calloc
chdir
close
closedir
connect
dll_crt0__FP11per_process
dll_dllcrt0
endpwent
exit
fclose
fcntl
fdopen
fflush
fgets
fileno
fopen
fprintf
fputc
fputs
free
fstat
fwrite
getcwd
getenv
geteuid
__errno
gethostbyname
getlogin
getpid
getpwent
getpwnam
getpwuid
getrusage
getservbyname
getsockopt
getuid
inet_addr
ioctl
isatty
kill
longjmp
lseek
lstat
malloc
memcpy
memmove
memset
open
opendir
printf
putenv
puts
qsort
read
readdir
realloc
realpath
select
setjmp
setlocale
setpwent
__main
setsockopt
shutdown
sigaction
sigdelset
signal
sigprocmask
sleep
socket
sprintf
stat
strcasecmp
strcat
strchr
strcmp
strcoll
strcpy
strdup
strncasecmp
strncmp
strncpy
strrchr
strstr
strtok
sysconf
system
tcflow
tcflush
tcgetattr
tcsetattr
tempnam
_exit
times
unlink
usleep
vsprintf
write

kernel32

GetModuleHandleA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16128d6b32aaef62be90549abfbee5dd

Headers

File Characteristics

Imports

kernel32

advapi32

mpr

msvcrt

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 20KB - Virtual size: 16KB

a12d43068bb05af9291d3267c70d338d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

odbc32

oncrpc

icmp

ws2_32

wininet

mpr

netapi32

libmysql

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 7.3MB

9888023affc8c2ea341a5eaa340aa329

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oncrpc

icmp

ws2_32

wininet

mpr

netapi32

odbc32

libmysql

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 7.3MB

.rsrc Size: 8KB - Virtual size: 5KB

006c49710d9884ca7c15f8d95eeb51d4

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 108KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 88KB - Virtual size: 126KB

.reloc Size: 8KB - Virtual size: 7KB

2125b46849b9f195b9b037623de522f2

Headers

File Characteristics

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 7.3MB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 7.3MB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 88KB - Virtual size: 126KB

.reloc
Size: 8KB - Virtual size: 7KB

CODE
Size: 49KB - Virtual size: 52KB

DATA
Size: 8KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.text
Size: 325KB - Virtual size: 324KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 7KB

.edata
Size: 17KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 19KB - Virtual size: 19KB

.stab
Size: 16KB - Virtual size: 15KB

.stabstr
Size: 25KB - Virtual size: 24KB

.text
Size: 152KB - Virtual size: 152KB

.bss
Size: - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 16KB

.rdata
Size: 21KB - Virtual size: 20KB

.idata
Size: 3KB - Virtual size: 2KB

.stab
Size: 15KB - Virtual size: 14KB

.stabstr
Size: 25KB - Virtual size: 25KB