1385102cceb12602fa00aa30450001b5467b67b42220d74531a8d0e1f48f0e05

Sharing

Copy URL Twitter E-mail

General

Target

1385102cceb12602fa00aa30450001b5467b67b42220d74531a8d0e1f48f0e05
Size

57KB
MD5

91a83d14ffd6ce940e60a4c7a5358b02
SHA1

4f87accfed5f26676f76149a9c67545616c507e6
SHA256

1385102cceb12602fa00aa30450001b5467b67b42220d74531a8d0e1f48f0e05
SHA512

a3902846aee0a5a8bbab2999db0749323d6edacf06d93e4c7e2d9f96e2f96071636b0a44ef0e11dc3756a2c067cd2d84930323e3aa866cc27311459c75fb22c7
SSDEEP

768:+ygrh4Ohh75rsv2TG088hLcb86WuzEJA2O3SY0wxqsyrE3UulJpSuQGwcYkGmPe:+ysh56Wu4C3Sh1gFlJpSTG9YkGmPe

Score

N/A

Malware Config

Signatures

Files

1385102cceb12602fa00aa30450001b5467b67b42220d74531a8d0e1f48f0e05
.exe windows x86

338064b05de5ab2d42db0d0f54c61acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

php5

_zend_hash_index_update_or_next_insert
zend_hash_del_key_or_index
php_set_sock_blocking
spprintf
OnUpdateBool
php_network_getaddresses
zend_hash_apply_with_arguments
zend_execute_scripts
zend_ini_boolean_displayer_cb
php_select
gettimeofday
zend_register_ini_entries
php_network_freeaddresses
php_register_variable_safe
vspprintf
php_handle_special_queries
php_handle_auth_data
php_url_decode
_estrdup
zend_hash_index_find
zend_llist_get_first_ex
php_socket_strerror
php_escape_html_entities_ex
_erealloc
php_network_populate_name_from_sockaddr
sapi_send_headers
php_poll2
ap_php_snprintf
php_asctime_r
php_localtime_r
zend_unregister_ini_entries
_safe_malloc
php_ini_scanned_files
zend_read_property
zend_printf
reflection_extension_ptr
zend_eval_string_ex
gc_remove_zval_from_buffer
zend_strndup
php_module_shutdown_wrapper
zend_register_constant
php_getopt
zend_ini_deactivate
_php_stream_free
sapi_shutdown
get_zend_version
php_output_write
php_module_shutdown
zend_is_auto_global
_zend_hash_add_or_update
zend_hash_copy
php_execute_script
_zval_ptr_dtor
php_handle_aborted_connection
_efree
zend_strip
display_ini_entries
php_get_highlight_struct
sapi_globals
php_ini_scanned_path
reflection_ptr
reflection_zend_extension_ptr
_emalloc
sapi_module
executor_globals
zend_hash_destroy
php_output_end_all
reflection_method_ptr
zend_exception_get_default
zend_llist_copy
zend_load_extension
compiler_globals
zend_hash_apply
php_register_variable
php_ini_opened_path
php_lint_script
reflection_function_ptr
module_registry
zend_call_method
zend_str_tolower_dup
php_printf
zend_error
tsrm_realpath
php_module_startup
_php_stream_open_wrapper_ex
zif_dl
core_globals
php_print_info
php_request_startup
zend_extensions
_zend_hash_init
php_import_environment_variables
sapi_startup
zend_highlight
zend_hash_find
php_info_print_module
_php_stream_get_line
_object_init_ex
open_file_for_scanning
zend_qsort
zend_hash_sort
_estrndup
zend_llist_destroy
php_request_shutdown
reflection_class_ptr
sapi_deactivate
zend_llist_sort
zend_llist_get_next_ex
zend_llist_apply

ws2_32

htons
ntohs
getsockname
setsockopt
recv
bind
socket
closesocket
send
listen
accept
WSAGetLastError

msvcr90

_stricmp
_setmode
_read
_close
_open
_setjmp3
memset
_strdup
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_getcwd
_stat32
toupper
_chdir
strncpy
strtol
signal
strerror
strncmp
exit
fclose
getenv
fseek
realloc
ftell
strrchr
fwrite
_fmode
_fileno
fprintf
fopen
printf
isalnum
fgetc
_errno
fflush
strchr
__iob_func
strstr
rewind
malloc
free
memmove
memcpy

kernel32

GetCurrentThreadId
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedExchange
GetTickCount
QueryPerformanceCounter

Exports

Exports

php_cli_get_shell_callbacks
sapi_cli_single_write

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

338064b05de5ab2d42db0d0f54c61acd

Headers

DLL Characteristics

File Characteristics

Imports

php5

ws2_32

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB