General

Malware Config

Signatures

Files

• fabcd65b060d87a831ea29dbae3e64e86944751732dbf4627db9b7211451882c

  .dll windows x86

  e727717b6229f2c8cc7fa226585523ec

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  php5

  zend_llist_prepend_element

  zend_startup_module

  zend_llist_count

  zend_get_extension

  sapi_get_request_time

  zend_compile_file

  zend_unregister_ini_entries

  zend_get_executed_lineno

  get_active_function_name

  zend_atoi

  php_info_print_table_start

  php_info_print_table_header

  php_info_print_table_row

  php_info_print_table_end

  zend_is_auto_global

  zend_llist_add_element

  _zend_hash_init_ex

  zend_hash_copy

  destroy_zend_class

  expand_filepath

  php_base64_decode

  php_sprintf

  php_stream_locate_url_wrapper

  php_plain_files_wrapper

  tsrm_realpath

  php_printf

  zend_is_executing

  zend_get_executed_filename

  core_globals

  php_check_open_basedir

  zend_do_delayed_early_binding

  sapi_module

  ap_php_snprintf

  zend_get_hash_value

  zend_compile_string

  zend_rebuild_symbol_table

  zend_execute

  destroy_op_array

  _erealloc

  OnUpdateBool

  _zend_hash_init

  _zend_bailout

  zend_hash_exists

  _zend_hash_add_or_update

  zend_function_dtor

  zend_do_inheritance

  zend_extensions

  zend_llist_apply_with_argument

  zend_hash_find

  zend_str_tolower_dup

  _efree

  zend_register_ini_entries

  _estrdup

  zend_lookup_class_ex

  _estrndup

  executor_globals

  _zval_ptr_dtor

  compiler_globals

  zend_hash_internal_pointer_reset_ex

  zend_initialize_class_data

  zend_hash_destroy

  _emalloc

  add_assoc_string_ex

  add_next_index_zval

  _array_init

  add_assoc_bool_ex

  add_assoc_long_ex

  zend_error

  zend_parse_parameters

  cfg_get_string

  kernel32

  OpenFileMappingA

  CreateFileMappingA

  MapViewOfFile

  UnmapViewOfFile

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  DisableThreadLibraryCalls

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  MapViewOfFileEx

  ReleaseMutex

  WaitForSingleObject

  CloseHandle

  CreateMutexA

  OpenMutexA

  msvcr90

  __CppXcptFilter

  _adjust_fdiv

  _amsg_exit

  _initterm_e

  _initterm

  _decode_pointer

  _encoded_null

  _malloc_crt

  _encode_pointer

  _crt_debugger_hook

  strncpy

  exit

  __iob_func

  fflush

  signal

  asctime

  fprintf

  raise

  fread

  malloc

  free

  tmpfile

  rewind

  strncmp

  isalnum

  isalpha

  strchr

  _setjmp3

  _getpid

  fopen

  fwrite

  fclose

  _localtime64

  _stat64i32

  _fstat64i32

  memset

  __clean_type_info_names_internal

  _unlock

  __dllonexit

  _lock

  _onexit

  _except_handler4_common

  _fileno

  _close

  _time64

  memcpy

  Exports

  Exports

  extension_version_info

  get_module

  hcache_compile_file

  hcache_zend_startup

  zend_extension_entry

  Sections

  .text

  Size: 45KB - Virtual size: 44KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 22KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 688B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ