F:\pb2\build\sb_0-4846558-1328017823.59\release\client\RelWithDebInfo\mysql.pdb
Static task
static1
Behavioral task
behavioral1
Sample
b7ee085190380baa9e80d485d6929e9982322985ef8a5fc380e79054b3d90a63.exe
Resource
win7-20240729-en
General
-
Target
b7ee085190380baa9e80d485d6929e9982322985ef8a5fc380e79054b3d90a63.exe
-
Size
4.0MB
-
MD5
801ee9e65d9d316a8d5958fe9e18eac9
-
SHA1
cfc812c4f8d321376a74f135ea4d913dd0d574b7
-
SHA256
b7ee085190380baa9e80d485d6929e9982322985ef8a5fc380e79054b3d90a63
-
SHA512
9619a120fdabaa13669c9dcfe460a61641f69549cb4ca8ca6176097a8490874b0b881766fee265923191f66c7e0f511f243ed12e7664729e10d6995e2fae0c2a
-
SSDEEP
24576:GkliAPwmOqW0qsznh7cUsk826UEF2KrpkL9Tv4RNGazxxa0fho8KWfk9fImEcw86:DwmVbh3YdrsTwRJzxxaIh/bf0INH8v94
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b7ee085190380baa9e80d485d6929e9982322985ef8a5fc380e79054b3d90a63.exe
Files
-
b7ee085190380baa9e80d485d6929e9982322985ef8a5fc380e79054b3d90a63.exe.exe windows:5 windows x86 arch:x86
48e399bd416ff7fb230f3793b93b5015
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LeaveCriticalSection
GetLocaleInfoA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateFileA
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
OpenEventA
GetConsoleCP
InterlockedIncrement
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
CreateMutexA
ReleaseMutex
ReadConsoleA
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleMode
GetConsoleMode
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
TryEnterCriticalSection
OpenThread
TerminateThread
InterlockedCompareExchange
CreateEventA
GetFileAttributesA
GetFullPathNameA
FindClose
FindNextFileA
FindFirstFileA
FreeLibrary
FormatMessageA
LoadLibraryExA
ReadFile
WriteFile
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
DuplicateHandle
GetCurrentProcess
GetFileAttributesExA
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
CancelIo
EnterCriticalSection
DisconnectNamedPipe
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
SetStdHandle
GetFileType
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeA
WriteConsoleW
GetModuleFileNameW
SetHandleCount
GetStartupInfoA
FatalAppExitA
SetLastError
InterlockedDecrement
GetCurrentThread
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetTickCount
VirtualAlloc
SetFilePointer
RtlUnwind
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryW
RaiseException
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
PeekNamedPipe
Sleep
SetEnvironmentVariableW
secur32
GetUserNameExW
FreeCredentialsHandle
DeleteSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken
InitializeSecurityContextW
advapi32
RegOpenKeyExA
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetTokenInformation
LookupAccountNameW
EqualSid
IsValidSid
RegEnumValueA
ws2_32
getsockname
freeaddrinfo
closesocket
WSAGetLastError
socket
getaddrinfo
ntohs
connect
WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
select
recv
send
setsockopt
shutdown
getnameinfo
getpeername
htonl
WSASetLastError
getservbyname
Sections
.text Size: 807KB - Virtual size: 807KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.9MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE