SQLRayCLI[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SQLRayCLI.exe
Size

4.6MB
MD5

5513a3dc0c8872659886cf388fdab31e
SHA1

75f3e3192f7e609a28f17411da685d384a8f1b99
SHA256

9cfac085e4756ef55ffaba67307c1df15bfe14ea600065ad094f9c43c8499aa2
SHA512

e2f11372d15f17b5059646f34707bb88ef37fbb26729fc5b82f86bfcc4372d8050f26bdd8cc799ea55c99a326b0b9122841af85581da9dbcd2d00ad925d13be2
SSDEEP

98304:Gx6o7DEgTsuvi9fR106kiPZ5KjLQW9p0pxJ:Gx6YDxTlvqfR1Qzj0cWpr

Score

1^/10

Malware Config

Signatures

Files

SQLRayCLI.exe
.exe windows:4 windows x64 arch:x64

Code Sign

5a:68:0f:10:fd:11:f8:a7:41:da:d7:72:91:da:d5:a9
Certificate

Issuer

CN=Vegetables Inc.

Not Before

30/05/2024, 05:00

Not After

06/06/2034, 05:00

Subject

CN=Vegetables Inc.

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:46:83:cc:39:3d:7e:58:89:16:13:80:2c:63:88:95:eb:88:b3:3b:64:a9:cc:b4:7b:2b:f1:60:c7:21:4a:99:b9:84:4e:d5:51:af:6d:95:48:ff:c8:6c:ae:96:96:dd:9b:d5:f0:5e:bb:2e:ab:01:12:c6:1f:40:aa:64:3b:b3
Signer

Actual PE Digest

3f:46:83:cc:39:3d:7e:58:89:16:13:80:2c:63:88:95:eb:88:b3:3b:64:a9:cc:b4:7b:2b:f1:60:c7:21:4a:99:b9:84:4e:d5:51:af:6d:95:48:ff:c8:6c:ae:96:96:dd:9b:d5:f0:5e:bb:2e:ab:01:12:c6:1f:40:aa:64:3b:b3

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 728B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 3.5MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

5a:68:0f:10:fd:11:f8:a7:41:da:d7:72:91:da:d5:a9Certificate

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

3f:46:83:cc:39:3d:7e:58:89:16:13:80:2c:63:88:95:eb:88:b3:3b:64:a9:cc:b4:7b:2b:f1:60:c7:21:4a:99:b9:84:4e:d5:51:af:6d:95:48:ff:c8:6c:ae:96:96:dd:9b:d5:f0:5e:bb:2e:ab:01:12:c6:1f:40:aa:64:3b:b3Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 800B

.rdata Size: 5KB - Virtual size: 5KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 4KB - Virtual size: 4KB

.xdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 728B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 132B

.rsrc Size: 316KB - Virtual size: 316KB

.enigma1 Size: 3.5MB - Virtual size: 4KB

.enigma2 Size: 700KB - Virtual size: 700KB

5a:68:0f:10:fd:11:f8:a7:41:da:d7:72:91:da:d5:a9
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

3f:46:83:cc:39:3d:7e:58:89:16:13:80:2c:63:88:95:eb:88:b3:3b:64:a9:cc:b4:7b:2b:f1:60:c7:21:4a:99:b9:84:4e:d5:51:af:6d:95:48:ff:c8:6c:ae:96:96:dd:9b:d5:f0:5e:bb:2e:ab:01:12:c6:1f:40:aa:64:3b:b3
Signer

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 800B

.rdata
Size: 5KB - Virtual size: 5KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 4KB - Virtual size: 4KB

.xdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 728B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 132B

.rsrc
Size: 316KB - Virtual size: 316KB

.enigma1
Size: 3.5MB - Virtual size: 4KB

.enigma2
Size: 700KB - Virtual size: 700KB