is-QPOLS[.]tmp[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

is-QPOLS.tmp.zip
Size

49KB
MD5

9e17cde4a861f8241298b50e68ffa000
SHA1

28d564dd2eb39333c82ea4bbc0912ceb78b81e58
SHA256

5158a5be3d5e82b233cf8493150ed8ff4cb1946cbef16bc97efc69b7152c2349
SHA512

9f49a9b8878e40d6a99624fa0203a599c80c1c724aa8f26697b550be329a351506e99e624f7016f6a553e33c11091ae60be25d33376ff82efa54ecef4459bb16
SSDEEP

1536:aHNtpmDrVbQiM9Pni9G0XswbIp6JE+SpxD:2E1M9h0XsAIp6JE+oxD

Score

N/A

Malware Config

Signatures

Files

is-QPOLS.tmp.zip
.zip

Password: infected
is-QPOLS.tmp
.exe windows x64

153a1d06c33fe073d44d693642b005e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

php7

zend_unregister_ini_entries
php_format_date
_zend_hash_add@@24
php_escape_html_entities_ex
gettimeofday
php_win32_ioutil_chdir_w
_zend_hash_index_update@@24
zend_vspprintf
_zend_handle_numeric_str_ex@@24
add_assoc_stringl_ex
php_select
_zend_hash_update@@24
_estrndup@@16
php_poll2
zend_strndup@@16
zend_llist_get_next_ex
php_raw_url_decode
_safe_malloc@@24
__zend_realloc
php_win32_ioutil_open_w
_estrdup@@8
smart_str_realloc@@16
_array_init
php_handle_auth_data
php_set_sock_blocking
zend_hash_index_del@@16
zend_ini_boolean_displayer_cb
php_network_populate_name_from_sockaddr
php_register_variable_safe
smart_str_erealloc@@16
php_network_freeaddresses
zend_llist_apply_with_argument
php_sys_stat_ex
php_network_getaddresses
zend_execute_scripts
zend_hash_apply_with_arguments
zend_hash_index_find@@16
zend_llist_get_first_ex
OnUpdateBool
_zend_hash_str_add@@32
php_error_docref0
zend_parse_parameters
zend_hash_copy@@24
php_module_shutdown_wrapper
php_printf
zend_highlight
open_file_for_scanning
php_win32_ioutil_normalize_path_w
zend_printf
zend_ce_exception
_emalloc@@8
_efree@@8
php_output_write
reflection_class_ptr
zend_read_property
php_info_print_module
php_lint_script
zend_llist_apply
php_import_environment_variables
php_get_highlight_struct
php_execute_script
reflection_extension_ptr
zend_spprintf
php_register_variable
php_win32_cp_get_orig
php_win32_cp_conv_utf8_to_w
_zend_hash_init@@32
php_win32_code_to_errno
php_handle_aborted_connection
zif_dl
display_ini_entries
php_win32_cp_conv_cur_to_w
reflection_ptr
zend_sort
php_ini_scanned_path
php_print_info
php_request_startup
zend_hash_str_find@@24
sapi_deactivate
php_win32_cp_cli_do_restore
php_getopt
_zend_hash_str_update@@32
_php_stream_get_line
get_zend_version
tsrm_realpath
zend_extensions
executor_globals
zend_error
php_socket_error_str
zend_llist_destroy
module_registry
php_win32_cp_get_by_id
php_win32_ioutil_getcwd_w
zend_eval_string_ex
sapi_send_headers
_zval_ptr_dtor
zend_hash_apply@@16
zend_strip
zend_call_method
php_request_shutdown
php_ini_opened_path
_php_stream_free
_php_stream_open_wrapper_ex
php_win32_console_is_own
zend_ini_deactivate
sapi_globals
_object_init_ex
__zend_malloc
zend_str_tolower_dup@@16
php_ini_scanned_files
php_win32_cp_cli_do_setup
zend_hash_destroy@@8
zend_register_constant
core_globals
php_win32_cp_use_unicode
php_win32_console_fileno_set_vt100
compiler_globals
php_output_end_all
zend_llist_copy
reflection_method_ptr
zend_load_extension
php_module_shutdown
php_win32_cp_conv_ascii_to_w
sapi_startup
php_module_startup
zend_is_auto_global_str
reflection_zend_extension_ptr
php_socket_strerror
zend_llist_sort
php_win32_cp_conv_w_to_cur
zend_register_ini_entries
php_win32_cp_conv_to_w
reflection_function_ptr
zend_hash_sort_ex@@32
sapi_module
ap_php_snprintf
sapi_shutdown

ws2_32

send
listen
WSAGetLastError
setsockopt
htons
bind
recv
accept
ntohs
socket
getsockname
closesocket

shell32

CommandLineToArgvW

kernel32

RtlVirtualUnwind
GetModuleHandleW
IsDebuggerPresent
SetConsoleCtrlHandler
SetLastError
GetCommandLineW
GetACP
LocalFree
GetLastError
GetConsoleTitleW
SetConsoleTitleW
RtlCaptureContext
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead

vcruntime140

memmove
memcpy
strstr
strchr
strrchr
__C_specific_handler
memset
__intrinsic_setjmp

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_set_errno
_errno
_get_errno
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
exit
signal
_seh_filter_exe
_set_app_type
strerror
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit

api-ms-win-crt-stdio-l1-1-0

ftell
ferror
fopen
__acrt_iob_func
fflush
fclose
clearerr
__p__commode
_read
fseek
fgetc
__stdio_common_vfprintf
_setmode
_close
__stdio_common_vsprintf
_fseeki64
_set_fmode
fread
_write
fgets
_open
_fileno
rewind
fwrite
_wfopen
__p__fmode
_ftelli64
_lseek
feof

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
free

api-ms-win-crt-string-l1-1-0

_strdup
wcsncmp
toupper
strncpy
strncmp
isalnum
_stricmp
strcmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_ctime64_s
_ftime64

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

OPENSSL_Applink
php_cli_get_shell_callbacks
sapi_cli_single_write

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

153a1d06c33fe073d44d693642b005e1

Headers

DLL Characteristics

File Characteristics

Imports

php7

ws2_32

shell32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 17KB - Virtual size: 27KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 17KB - Virtual size: 27KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB