dbdata16[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

dbdata16.dll
Size

802KB
MD5

684b0c1383fc76db0a51a37609610d84
SHA1

a139468754d44a3dc5a2a1c8d8eb7ee1e319a4cb
SHA256

aa1aa289eb9c05811c23f04e3896da467507e38001bdf8e288ed7004621c8f6c
SHA512

569291565b3df4ae01317a64c282e2d4b825cad132184e40feedecce487138fed4682bca5970073a6112d8ab44d5d0f54121c4306557e1cebe0a9488a5b85163
SSDEEP

24576:iXOo/y/xLOfTNs91SnddvRTnF+ubty8E5h/:/zWvRTMut6r/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbdata16.dll

Files

dbdata16.dll
.dll windows:5 windows x86 arch:x86

5eedae5e49cc62bc714cea029152fa1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\1600_rc1\obj\nt_ms_x86_p\dbdata16.pdb

Imports

kernel32

LoadLibraryExW
OutputDebugStringW
LoadLibraryW
GetFullPathNameW
LoadLibraryA
FormatMessageA
GetProcAddress
FreeLibrary
GetLastError
CreateMutexA
WaitForSingleObject
ReleaseMutex
IsValidCodePage
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
Sleep
CloseHandle
SetEvent
WaitForSingleObjectEx
CreateEventA
GetCurrentThreadId
GetModuleFileNameA
GetCurrentProcessId
ResetEvent
GetExitCodeProcess
CreateProcessA
MapViewOfFile
UnmapViewOfFile
WaitForMultipleObjects
CreateFileMappingA
DuplicateHandle
ReleaseSemaphore
GetCurrentProcess
GetCurrentThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreA
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetOEMCP
GetSystemDefaultLangID
QueryPerformanceCounter
GetSystemTime
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
IsDBCSLeadByte
GetLocalTime
FlushFileBuffers
GetFileAttributesA
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetLastError
WaitNamedPipeA
CreateFileA
GetFullPathNameA
GetModuleHandleA
LocalFree
GetSystemDirectoryA
GetWindowsDirectoryA
VirtualQuery
GetComputerNameExA
GetVersionExA
SetErrorMode
VerSetConditionMask
VerifyVersionInfoW
GetStdHandle
OpenProcess
GetEnvironmentVariableA
ExpandEnvironmentStringsA
IsDebuggerPresent
DebugBreak
ProcessIdToSessionId
SetCurrentDirectoryA
GetCurrentDirectoryA
LocalAlloc
OpenMutexA
OpenFileMappingA
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
GetOverlappedResult
CreateNamedPipeA
RtlUnwind
GetCommandLineA
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
AreFileApisANSI
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
GetDriveTypeW
CreateThread
ExitThread
ResumeThread
IsProcessorFeaturePresent
RaiseException
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetStringTypeW
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
GetModuleFileNameW
HeapSize
FindClose
FindFirstFileExW
GetFileAttributesExW
WriteConsoleW
CreateFileW
GetCurrentDirectoryW
CompareStringW
LCMapStringW
CreateDirectoryW

user32

EndDialog
GetDlgItem
SetForegroundWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
DialogBoxParamA
EnumWindows
GetWindowThreadProcessId
CharUpperA
CharLowerA
IsCharAlphaA
GetForegroundWindow
LoadStringA
LoadStringW
MessageBoxA
SetWindowLongA
wsprintfW

advapi32

FreeSid
InitializeSid
GetSidSubAuthority
LsaRemoveAccountRights
LsaAddAccountRights
LsaEnumerateAccountRights
LsaOpenPolicy
LsaClose
LsaFreeMemory
StartServiceA
QueryServiceStatus
QueryServiceConfig2A
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
OpenThreadToken
AccessCheck
ImpersonateSelf
MapGenericMask
RevertToSelf
GetFileSecurityA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
DeregisterEventSource
RegisterEventSourceA
ReportEventA
AddAccessAllowedAce
AddAce
EqualSid
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
SetKernelObjectSecurity
SetSecurityDescriptorDacl
CloseEventLog
GetOldestEventLogRecord
OpenEventLogA
ReadEventLogA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
ChangeServiceConfigA
ChangeServiceConfig2A
CloseServiceHandle

ws2_32

__WSAFDIsSet
gethostbyname
gethostbyaddr
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
WSASetLastError
WSAGetLastError
WSAStartup
WSACleanup
gethostname
inet_ntoa
inet_addr
ntohs
ntohl
htons
htonl
bind
accept

shell32

ShellExecuteExA
ord680

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

AsaCommand_BeginExecuteNonQueryDirect
AsaCommand_BeginExecuteReaderDirect
AsaCommand_Cancel
AsaCommand_EndExecuteNonQuery
AsaCommand_EndExecuteReader
AsaCommand_ExecuteNonQuery
AsaCommand_ExecuteReader
AsaCommand_Fini
AsaCommand_FreeOutputParameterValues
AsaCommand_Prepare
AsaConnectionStringParser_Fini
AsaConnectionStringParser_GetParameter
AsaConnectionStringParser_GetParameterCount
AsaConnectionStringParser_Init
AsaConnectionStringParser_ParseConnectionString
AsaConnection_BeginTransaction
AsaConnection_Close
AsaConnection_CloseDataReaders
AsaConnection_DtcEnlist
AsaConnection_GetWhereabouts
AsaConnection_IsAlive
AsaConnection_Open
AsaConnection_PoolCache
AsaConnection_PoolReuse
AsaConnection_SendTransactionCookie
AsaConnection_SetMessageCallback
AsaDataReader_Close
AsaDataReader_FetchRows
AsaDataReader_FreeColumnNames
AsaDataReader_FreeSchema
AsaDataReader_FreeValue
AsaDataReader_FreeValues
AsaDataReader_GetColumnNames
AsaDataReader_GetSchema
AsaDataReader_GetValue
AsaDataReader_GetValueL
AsaDataReader_GetValues
AsaDataReader_HasRows
AsaDataReader_IsDBNull
AsaDataReader_NextResult
AsaDataReader_Read
AsaDataReader_ReadBytes
AsaDataReader_ReadBytesCE
AsaDataReader_ReadChars
AsaDataReader_ReadCharsCE
AsaException_Fini
AsaException_GetErrorCount
AsaException_GetErrorInfo
AsaTransaction_Commit
AsaTransaction_Rollback
AsaTransaction_RollbackToName
AsaTransaction_Save
Asa_GetString
SAConnectionStringBuilder_FreeLinksOptions
SAConnectionStringBuilder_ParseLinksOptions
SADataSourceEnumerator_FreeResults
SADataSourceEnumerator_GetDataSources
SATrace_FireEvent
Unmanaged_Fini
Unmanaged_FreeMemory
Unmanaged_Init
Unmanaged_ZeroMemory
_AsaCommand_BeginExecuteNonQueryDirect@24
_AsaCommand_BeginExecuteReaderDirect@24
_AsaCommand_Cancel@4
_AsaCommand_EndExecuteNonQuery@16
_AsaCommand_EndExecuteReader@20
_AsaCommand_ExecuteNonQuery@24
_AsaCommand_ExecuteReader@28
_AsaCommand_Fini@4
_AsaCommand_FreeOutputParameterValues@8
_AsaCommand_Prepare@36
_AsaConnectionStringParser_Fini@4
_AsaConnectionStringParser_GetParameter@32
_AsaConnectionStringParser_GetParameterCount@8
_AsaConnectionStringParser_Init@4
_AsaConnectionStringParser_ParseConnectionString@12
_AsaConnection_BeginTransaction@12
_AsaConnection_Close@4
_AsaConnection_CloseDataReaders@4
_AsaConnection_DtcEnlist@8
_AsaConnection_GetWhereabouts@12
_AsaConnection_IsAlive@8
_AsaConnection_Open@16
_AsaConnection_PoolCache@4
_AsaConnection_PoolReuse@4
_AsaConnection_SendTransactionCookie@12
_AsaConnection_SetMessageCallback@8
_AsaDataReader_Close@4
_AsaDataReader_FetchRows@12
_AsaDataReader_FreeColumnNames@12
_AsaDataReader_FreeSchema@12
_AsaDataReader_FreeValue@12
_AsaDataReader_FreeValues@12
_AsaDataReader_GetColumnNames@12
_AsaDataReader_GetSchema@12
_AsaDataReader_GetValue@12
_AsaDataReader_GetValueL@24
_AsaDataReader_GetValues@12
_AsaDataReader_HasRows@8
_AsaDataReader_IsDBNull@12
_AsaDataReader_NextResult@8
_AsaDataReader_Read@8
_AsaDataReader_ReadBytes@36
_AsaDataReader_ReadBytesCE@32
_AsaDataReader_ReadChars@36
_AsaDataReader_ReadCharsCE@32
_AsaException_Fini@4
_AsaException_GetErrorCount@8
_AsaException_GetErrorInfo@36
_AsaTransaction_Commit@4
_AsaTransaction_Rollback@4
_AsaTransaction_RollbackToName@8
_AsaTransaction_Save@8
_Asa_GetString@16
_SAConnectionStringBuilder_FreeLinksOptions@8
_SAConnectionStringBuilder_ParseLinksOptions@12
_SADataSourceEnumerator_FreeResults@8
_SADataSourceEnumerator_GetDataSources@8
_SATrace_FireEvent@4
_Unmanaged_Fini@0
_Unmanaged_FreeMemory@4
_Unmanaged_Init@8
_Unmanaged_ZeroMemory@8

Sections

.text
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5eedae5e49cc62bc714cea029152fa1b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

shell32

version

Exports

Exports

Sections

.text Size: 521KB - Virtual size: 521KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 142KB - Virtual size: 152KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 521KB - Virtual size: 521KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 142KB - Virtual size: 152KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 33KB