F:\pb2\build\sb_0-4846558-1328017823.59\release\client\RelWithDebInfo\mysql.pdb
Static task
static1
Behavioral task
behavioral1
Sample
577d8e3991ca41b9ff9ce7fccb0a7d52f2d7c7a3c7eeb300a9bd32ef159e5bf5N.exe
Resource
win7-20241023-en
General
-
Target
577d8e3991ca41b9ff9ce7fccb0a7d52f2d7c7a3c7eeb300a9bd32ef159e5bf5N.exe
-
Size
4.0MB
-
MD5
a782f712e05deddb53ae0d84f7014e90
-
SHA1
b3248b88e332da444e4769d69101686f298f793a
-
SHA256
577d8e3991ca41b9ff9ce7fccb0a7d52f2d7c7a3c7eeb300a9bd32ef159e5bf5
-
SHA512
d7b3beac3dd31c94a3f7d01c79887399348aaa8116c8c138905892c687087514cc705e9fa50dfcd7de84c35e4df8307f448b5064ee447b54482fc1204579454c
-
SSDEEP
24576:GkliAPwmOqW0qsznh7cUsk826UEF2KrpkL9Tv4RNGazxxa0fho8KWfk9fImEcw8O:DwmVbh3YdrsTwRJzxxaIh/bf0INH8v94
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 577d8e3991ca41b9ff9ce7fccb0a7d52f2d7c7a3c7eeb300a9bd32ef159e5bf5N.exe
Files
-
577d8e3991ca41b9ff9ce7fccb0a7d52f2d7c7a3c7eeb300a9bd32ef159e5bf5N.exe.exe windows:5 windows x86 arch:x86
48e399bd416ff7fb230f3793b93b5015
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LeaveCriticalSection
GetLocaleInfoA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateFileA
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
OpenEventA
GetConsoleCP
InterlockedIncrement
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
CreateMutexA
ReleaseMutex
ReadConsoleA
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleMode
GetConsoleMode
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
TryEnterCriticalSection
OpenThread
TerminateThread
InterlockedCompareExchange
CreateEventA
GetFileAttributesA
GetFullPathNameA
FindClose
FindNextFileA
FindFirstFileA
FreeLibrary
FormatMessageA
LoadLibraryExA
ReadFile
WriteFile
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
DuplicateHandle
GetCurrentProcess
GetFileAttributesExA
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
CancelIo
EnterCriticalSection
DisconnectNamedPipe
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
SetStdHandle
GetFileType
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeA
WriteConsoleW
GetModuleFileNameW
SetHandleCount
GetStartupInfoA
FatalAppExitA
SetLastError
InterlockedDecrement
GetCurrentThread
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetTickCount
VirtualAlloc
SetFilePointer
RtlUnwind
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryW
RaiseException
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
PeekNamedPipe
Sleep
SetEnvironmentVariableW
secur32
GetUserNameExW
FreeCredentialsHandle
DeleteSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken
InitializeSecurityContextW
advapi32
RegOpenKeyExA
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetTokenInformation
LookupAccountNameW
EqualSid
IsValidSid
RegEnumValueA
ws2_32
getsockname
freeaddrinfo
closesocket
WSAGetLastError
socket
getaddrinfo
ntohs
connect
WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
select
recv
send
setsockopt
shutdown
getnameinfo
getpeername
htonl
WSASetLastError
getservbyname
Sections
.text Size: 807KB - Virtual size: 807KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.9MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE