0b8e86d9da191da9d87fdaf2fd779520N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0b8e86d9da191da9d87fdaf2fd779520N.exe
Size

3.7MB
MD5

0b8e86d9da191da9d87fdaf2fd779520
SHA1

c22eb75b38a1e4c61e0f3c2078d9921ed0e61b80
SHA256

50665aa5c681edb4cdebfa88ecb6e7f7f550e7849c9989ac71749f8a79395143
SHA512

55aa5a4a4785e96f22573f86e4baaa92b88ea461fdcf4aa208f5b0f05154b818dd76c8a9406b4df750da9fcac5e76d289a750c88e962472505d73f0219dbf7a5
SSDEEP

24576:/T7pXO0eOVtrBC2e03yheGQIAM5RNGa+WXux7fk88q86G+TbVOlf6ef+vn:r740bz3lWAM5RJxuZfeB6HTsJ62O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0b8e86d9da191da9d87fdaf2fd779520N.exe

Files

0b8e86d9da191da9d87fdaf2fd779520N.exe
.exe windows:6 windows x64 arch:x64

5d43848be1c3adefa8a721b85563a895

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\winx64-packages\build\client\RelWithDebInfo\mysqlcheck.pdb

Imports

kernel32

ReadConsoleA
GetLastError
SetNamedPipeHandleState
SetEvent
WaitForSingleObject
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
WaitNamedPipeA
GetACP
GetConsoleCP
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
Sleep
OpenThread
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetConsoleMode
FreeLibrary
LoadLibraryExA
FormatMessageA
GetFileAttributesA
GetFullPathNameA
CancelIo
QueueUserAPC
FindClose
FindFirstFileA
FindNextFileA
SwitchToFiber
DeleteFiber
CreateFiber
GetStdHandle
FlushFileBuffers
GetFileAttributesExA
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetCurrentProcess
ResetEvent
WaitForMultipleObjects
GetLogicalDrives
SetLastError
DisconnectNamedPipe
PeekNamedPipe
GetOverlappedResult
WriteConsoleW
GetConsoleMode
CloseHandle
CreateFileA
TlsFree
GetLocaleInfoA
LeaveCriticalSection
CreateEventA
EnterCriticalSection
HeapSize
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
RtlUnwind
ReadConsoleW
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
HeapReAlloc
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTimeZoneInformation
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
GetFileType
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW

advapi32

CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
CryptGenRandom

ws2_32

getnameinfo
WSAIoctl
WSASetLastError
shutdown
setsockopt
send
recv
htonl
getsockopt
getpeername
ioctlsocket
connect
WSAGetLastError
__WSAFDIsSet
freeaddrinfo
getaddrinfo
socket
getsockname
closesocket
getservbyname
ntohs
WSACleanup
WSAStartup
select

Sections

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d43848be1c3adefa8a721b85563a895

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 548KB - Virtual size: 548KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 1.7MB - Virtual size: 2.2MB

.pdata Size: 31KB - Virtual size: 30KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.zero Size: 8KB - Virtual size: 4KB

.text
Size: 548KB - Virtual size: 548KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 1.7MB - Virtual size: 2.2MB

.pdata
Size: 31KB - Virtual size: 30KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

.zero
Size: 8KB - Virtual size: 4KB