malware[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

malware.zip
Size

3.5MB
MD5

02b871a2ffda43be5c94b07fc4fa0c8a
SHA1

f88635a8afbc569d95229c466c187665b15b1200
SHA256

22874dcf55e4b6105383e81f4be964f48cb351d60d46905221c501032e0c60fe
SHA512

0a6ceb362d907000a331b81602109eec9e4b0c839e714149368f7dcc66acc9c88dd5394f900d1b10df2701868cef7cbe3a98a3f1516608260858cbfec45a41c3
SSDEEP

98304:I/EYs/MgexAo+wKphs6dm93lYUK0N99tSyIbd8/I9cRYp0:IoQTd6O3lk0T9tSyI58/Igr

Score

N/A

Malware Config

Signatures

Files

malware.zip
.zip
23a1fd5456gsd4f564sa56d4s56d15sa4s.dat
asfas65f56a4sdsad65a476d4a65dad4a4.dat
com.php
.js
icon.vbs
.vbs
php5ts.dll
.dll windows x86

a88f60a043cf39c8ba73973e5f14e26e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopyInd
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
VarCmp
LHashValOfNameSys
VarAdd
VarCat
VarSu
VarMul
VarAnd
VarDiv
VarEqv
VarIdiv
VarImp
VarMod
VarOr
VarPow
VarXor
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
LoadRegTypeLi
SafeArrayGetVartype
VariantChangeType
SafeArrayPutElement
GetActiveObject
SafeArrayGetDim
VariantInit
VariantClear
SysFreeString
SafeArrayGetElement
VarNot
VarNeg
VarInt
VarFix
VarAbs
VarRound
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
LoadTypeLi

advapi32

RegCloseKey
RegNotifyChangeKeyValue
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegEnumKeyA
RegQueryValueA
GetFileSecurityA
AccessCheck
OpenProcessToken
DuplicateToken
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
GetUserNameA

ws2_32

setsockopt
bind
closesocket
ioctlsocket
connect
getsockopt
WSACleanup
WSAStartup
WSAGetLastError
htons
recv
shutdown
recvfrom
sendto
gethostname
ntohl
getprotobyname
getprotobynumber
socket
WSASetLastError
ntohs
inet_ntoa
getpeername
getsockname
accept
htonl
__WSAFDIsSet
select
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
WSAStringToAddressA
WSAAddressToStringA
send
listen

odbc32

ord10
ord15
ord14
ord23
ord9
ord4
ord6
ord18
ord63
ord19
ord51
ord45
ord3
ord49
ord48
ord12
ord72
ord58
ord21
ord17
ord57
ord11
ord43
ord13
ord59
ord7
ord41
ord50
ord1
ord2
ord20
ord61
ord42
ord70
ord53
ord52
ord67
ord66
ord65
ord47
ord60
ord56
ord40
ord54
ord16

kernel32

OpenFileMappingA
MapViewOfFileEx
GetExitCodeProcess
DuplicateHandle
CreatePipe
GetStdHandle
GetFullPathNameA
GetBinaryTypeA
GetCurrentProcess
MoveFileExA
SetLastError
GetSystemTime
SystemTimeToFileTime
CreateFileA
DeviceIoControl
GetFileAttributesExA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetTimeZoneInformation
GetLocalTime
GetCurrentProcessId
SetEnvironmentVariableA
GetEnvironmentVariableA
Sleep
GetDiskFreeSpaceA
LockFileEx
UnlockFileEx
GetModuleHandleA
GetComputerNameA
GetFileAttributesA
CreateHardLinkA
TerminateProcess
SetErrorMode
SetFilePointer
GetACP
CreateMutexA
ReleaseMutex
InterlockedCompareExchange
CreateProcessA
GetCurrentDirectoryA
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CreateWaitableTimerA
SetWaitableTimer
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
CreateFileMappingA
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
GetFileType
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
GetWindowsDirectoryA
LocalFree
FormatMessageA
GetSystemDirectoryA
OutputDebugStringA
GetVersion
GetVersionExA
GetLastError
LoadLibraryA
GetProcAddress
InterlockedIncrement
GetCurrentThreadId
CloseHandle
SetEvent
CreateEventA
WaitForSingleObject
IsDBCSLeadByte
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FreeLibrary
SetFileTime

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateInstanceEx
MkParseDisplayName
CreateBindCtx
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
OleLoadFromStream
CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
CoTaskMemFree

user32

DestroyWindow
SendMessageA
GetMessageA
CreateWindowExA
RegisterClassA
DefWindowProcA
SetTimer
PostQuitMessage
KillTimer
PostThreadMessageA
MessageBoxA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PeekMessageA
GetSystemMetrics
UnregisterClassA

dnsapi

DnsQuery_A
DnsRecordListFree

msvcrt

_HUGE
fclose
fread
_finite
tolower
strstr
_CIpow
toupper
printf
_errno
_controlfp
_beginthreadex
strrchr
strncmp
__mb_cur_max
_isctype
_pctype
strchr
memmove
memchr
getenv
_iob
fprintf
_ftol
strtol
_setjmp3
realloc
exit
longjmp
free
calloc
fopen
time
setlocale
strerror
strncpy
strtoul
fwrite
qsort
vsprintf
__p__environ
localtime
ctime
asctime
gmtime
atol
localeconv
_fpclass
_isnan
rewind
_get_osfhandle
ftell
fflush
fseek
setvbuf
strtok
_daylight
_timezone
_tzset
_access
_getpid
_memicmp
_strdup
_fdopen
_open_osfhandle
putchar
mktime
fgets
sscanf
floor
strftime
_CIacos
_atoi64
strtod
strncat
strpbrk
atof
strcspn
mblen
getc
ceil
_CIasin
_CIsinh
_CIcosh
_CItanh
_hypot
_strcmpi
_CIfmod
_close
strspn
remove
_setmode
_creat
_mktemp
putc
strcmp
clearerr
abort
_vsnprintf
fputc
vfprintf
_stat
_wfopen
_wstat
_initterm
_adjust_fdiv
_stricmp
_strnicmp
_isatty
_fileno
_fstat
_write
_unlink
_lseek
_read
_chsize
_open
_getcwd
_chmod
_mkdir
_rmdir
_putenv
malloc
_snprintf
sprintf
atoi
_umask
_dup
strcoll

Exports

Exports

GetSMErrorText
OnUpdateBaseDir
OnUpdateBool
OnUpdateLong
OnUpdateLongGEZero
OnUpdateReal
OnUpdateString
OnUpdateStringUnempty
PHP_3HAVAL128Init
PHP_3HAVAL160Init
PHP_3HAVAL192Init
PHP_3HAVAL224Init
PHP_3HAVAL256Init
PHP_3TIGERInit
PHP_4HAVAL128Init
PHP_4HAVAL160Init
PHP_4HAVAL192Init
PHP_4HAVAL224Init
PHP_4HAVAL256Init
PHP_4TIGERInit
PHP_5HAVAL128Init
PHP_5HAVAL160Init
PHP_5HAVAL192Init
PHP_5HAVAL224Init
PHP_5HAVAL256Init
PHP_ADLER32Copy
PHP_ADLER32Final
PHP_ADLER32Init
PHP_ADLER32Update
PHP_CRC32BFinal
PHP_CRC32BUpdate
PHP_CRC32Copy
PHP_CRC32Final
PHP_CRC32Init
PHP_CRC32Update
PHP_GOSTFinal
PHP_GOSTInit
PHP_GOSTUpdate
PHP_HAVAL128Final
PHP_HAVAL160Final
PHP_HAVAL192Final
PHP_HAVAL224Final
PHP_HAVAL256Final
PHP_HAVALUpdate
PHP_MD2Final
PHP_MD2Init
PHP_MD2Update
PHP_MD4Final
PHP_MD4Init
PHP_MD4Update
PHP_MD5Final
PHP_MD5Init
PHP_MD5Update
PHP_RIPEMD128Final
PHP_RIPEMD128Init
PHP_RIPEMD128Update
PHP_RIPEMD160Final
PHP_RIPEMD160Init
PHP_RIPEMD160Update
PHP_RIPEMD256Final
PHP_RIPEMD256Init
PHP_RIPEMD256Update
PHP_RIPEMD320Final
PHP_RIPEMD320Init
PHP_RIPEMD320Update
PHP_SALSA10Init
PHP_SALSA20Init
PHP_SALSAFinal
PHP_SALSAUpdate
PHP_SHA1Final
PHP_SHA1Init
PHP_SHA1Update
PHP_SHA224Final
PHP_SHA224Init
PHP_SHA224Update
PHP_SHA256Final
PHP_SHA256Init
PHP_SHA256Update
PHP_SHA384Final
PHP_SHA384Init
PHP_SHA384Update
PHP_SHA512Final
PHP_SHA512Init
PHP_SHA512Update
PHP_SNEFRUFinal
PHP_SNEFRUInit
PHP_SNEFRUUpdate
PHP_TIGER128Final
PHP_TIGER160Final
PHP_TIGER192Final
PHP_TIGERUpdate
PHP_WHIRLPOOLFinal
PHP_WHIRLPOOLInit
PHP_WHIRLPOOLUpdate
TSMClose
TSendMail
UTF8ToHtml
UTF8Toisolat1
ValidateFormat
XML_GetUserData
_DllMain@12
__docbDefaultSAXHandler
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlParserDebugEntities
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
_array_init
_convert_to_string
_ecalloc
_efree
_emalloc
_erealloc
_estrdup
_estrndup
_libiconv_version
_mysqlnd_debug
_mysqlnd_end_psession
_mysqlnd_get_client_stats
_mysqlnd_init
_mysqlnd_palloc_free_cache
_mysqlnd_palloc_free_thd_cache_reference
_mysqlnd_palloc_init_cache
_mysqlnd_palloc_init_thd_cache
_mysqlnd_palloc_rinit
_mysqlnd_palloc_rshutdown
_mysqlnd_poll
_mysqlnd_restart_psession
_object_and_properties_init
_object_init
_object_init_ex
_php_emit_fd_setsize_warning
_php_error_log
_php_find_ps_module
_php_find_ps_serializer
_php_get_stream_filters_hash
_php_glob_stream_get_count
_php_glob_stream_get_path
_php_glob_stream_get_pattern
_php_math_basetolong
_php_math_basetozval
_php_math_longtobase
_php_math_number_format
_php_math_round
_php_math_zvaltobase
_php_regcomp@12
_php_regerror@16
_php_regexec@20
_php_regfree@4
_php_stream_alloc
_php_stream_cast
_php_stream_copy_to_mem
_php_stream_copy_to_stream
_php_stream_copy_to_stream_ex
_php_stream_eof
_php_stream_filter_alloc
_php_stream_filter_append
_php_stream_filter_flush
_php_stream_filter_prepend
_php_stream_flush
_php_stream_fopen
_php_stream_fopen_from_fd
_php_stream_fopen_from_file
_php_stream_fopen_from_pipe
_php_stream_fopen_temporary_file
_php_stream_fopen_tmpfile
_php_stream_fopen_with_path
_php_stream_free
_php_stream_get_line
_php_stream_get_url_stream_wrappers_hash
_php_stream_getc
_php_stream_make_seekable
_php_stream_memory_create
_php_stream_memory_get_buffer
_php_stream_memory_open
_php_stream_mkdir
_php_stream_mmap_range
_php_stream_mmap_unmap
_php_stream_mmap_unmap_ex
_php_stream_open_wrapper_as_file
_php_stream_open_wrapper_ex
_php_stream_opendir
_php_stream_passthru
_php_stream_printf
_php_stream_putc
_php_stream_puts
_php_stream_read
_php_stream_readdir
_php_stream_rmdir
_php_stream_scandir
_php_stream_seek
_php_stream_set_option
_php_stream_sock_open_from_socket
_php_stream_sock_open_host
_php_stream_stat
_php_stream_stat_path
_php_stream_tell
_php_stream_temp_create
_php_stream_temp_open
_php_stream_truncate_set_size
_php_stream_write
_php_stream_xport_create
_safe_emalloc
_safe_erealloc
_safe_malloc
_safe_realloc
_strtoi64
_xml_zval_strdup
_zend_bailout
_zend_get_parameters_array
_zend_get_parameters_array_ex
_zend_hash_add_or_update
_zend_hash_index_update_or_next_insert
_zend_hash_init
_zend_hash_init_ex
_zend_hash_merge
_zend_hash_quick_add_or_update
_zend_list_addref
_zend_list_delete
_zend_list_find
_zend_mem_block_size
_zend_mm_alloc
_zend_mm_block_size
_zend_mm_free
_zend_mm_realloc
_zend_ts_hash_add_or_update
_zend_ts_hash_index_update_or_next_insert
_zend_ts_hash_init
_zend_ts_hash_init_ex
_zend_ts_hash_quick_add_or_update
_zval_copy_ctor_func
_zval_dtor_func
_zval_internal_dtor
_zval_internal_ptr_dtor
_zval_ptr_dtor
add_assoc_bool_ex
add_assoc_double_ex
add_assoc_function
add_assoc_long_ex
add_assoc_null_ex
add_assoc_resource_ex
add_assoc_string_ex
add_assoc_stringl_ex
add_assoc_zval_ex
add_char_to_string
add_function
add_get_assoc_string_ex
add_get_assoc_stringl_ex
add_get_index_double
add_get_index_long
add_get_index_string
add_get_index_stringl
add_index_bool
add_index_double
add_index_long
add_index_null
add_index_resource
add_index_string
add_index_stringl
add_index_zval
add_next_index_bool
add_next_index_double
add_next_index_long
add_next_index_null
add_next_index_resource
add_next_index_string
add_next_index_stringl
add_next_index_zval
add_property_bool_ex
add_property_double_ex
add_property_long_ex
add_property_null_ex
add_property_resource_ex
add_property_string_ex
add_property_stringl_ex
add_property_zval_ex
add_string_to_string
adler32
ap_php_asprintf
ap_php_slprintf
ap_php_snprintf
ap_php_vasprintf
ap_php_vslprintf
ap_php_vsnprintf
arcfour_LTX__is_block_algorithm
arcfour_LTX__mcrypt_algorithm_version
arcfour_LTX__mcrypt_decrypt
arcfour_LTX__mcrypt_encrypt
arcfour_LTX__mcrypt_get_algo_iv_size
arcfour_LTX__mcrypt_get_algorithms_name
arcfour_LTX__mcrypt_get_block_size
arcfour_LTX__mcrypt_get_key_size
arcfour_LTX__mcrypt_get_size
arcfour_LTX__mcrypt_get_supported_key_sizes
arcfour_LTX__mcrypt_self_test
arcfour_LTX__mcrypt_set_key
attribute
attributeDecl
basic_globals_id
bitwise_and_function
bitwise_not_function
bitwise_or_function
bitwise_xor_function
blowfish_LTX__is_block_algorithm
blowfish_LTX__mcrypt_algorithm_version
blowfish_LTX__mcrypt_decrypt
blowfish_LTX__mcrypt_encrypt
blowfish_LTX__mcrypt_get_algorithms_name
blowfish_LTX__mcrypt_get_block_size
blowfish_LTX__mcrypt_get_key_size
blowfish_LTX__mcrypt_get_size
blowfish_LTX__mcrypt_get_supported_key_sizes
blowfish_LTX__mcrypt_self_test
blowfish_LTX__mcrypt_set_key
blowfish_compat_LTX__is_block_algorithm
blowfish_compat_LTX__mcrypt_algorithm_version
blowfish_compat_LTX__mcrypt_decrypt
blowfish_compat_LTX__mcrypt_encrypt
blowfish_compat_LTX__mcrypt_get_algorithms_name
blowfish_compat_LTX__mcrypt_get_block_size
blowfish_compat_LTX__mcrypt_get_key_size
blowfish_compat_LTX__mcrypt_get_size
blowfish_compat_LTX__mcrypt_get_supported_key_sizes
blowfish_compat_LTX__mcrypt_self_test
blowfish_compat_LTX__mcrypt_set_key
boolean_not_function
boolean_xor_function
call_user_function
call_user_function_ex
cast_128_LTX__is_block_algorithm
cast_128_LTX__mcrypt_algorithm_version
cast_128_LTX__mcrypt_decrypt
cast_128_LTX__mcrypt_encrypt
cast_128_LTX__mcrypt_get_algorithms_name
cast_128_LTX__mcrypt_get_block_size
cast_128_LTX__mcrypt_get_key_size
cast_128_LTX__mcrypt_get_size
cast_128_LTX__mcrypt_get_supported_key_sizes
cast_128_LTX__mcrypt_self_test
cast_128_LTX__mcrypt_set_key
cast_256_LTX__is_block_algorithm
cast_256_LTX__mcrypt_algorithm_version
cast_256_LTX__mcrypt_decrypt
cast_256_LTX__mcrypt_encrypt
cast_256_LTX__mcrypt_get_algorithms_name
cast_256_LTX__mcrypt_get_block_size
cast_256_LTX__mcrypt_get_key_size
cast_256_LTX__mcrypt_get_size
cast_256_LTX__mcrypt_get_supported_key_sizes
cast_256_LTX__mcrypt_self_test
cast_256_LTX__mcrypt_set_key
cdataBlock
cfg_get_double
cfg_get_entry
cfg_get_long
cfg_get_string
characters
checkNamespace
comment
compare_function
compile_file
compile_filename
compile_string
compiler_globals_id
compress
compress2
compressBound
concat_function
config_zval_dtor
convert_scalar_to_number
convert_to_array
convert_to_boolean
convert_to_double
convert_to_long
convert_to_long_base
convert_to_null
convert_to_object
core_globals_id
crc32
decrement_function
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
des_LTX__is_block_algorithm
des_LTX__mcrypt_algorithm_version
des_LTX__mcrypt_decrypt
des_LTX__mcrypt_encrypt
des_LTX__mcrypt_get_algorithms_name
des_LTX__mcrypt_get_block_size
des_LTX__mcrypt_get_key_size
des_LTX__mcrypt_get_size
des_LTX__mcrypt_get_supported_key_sizes
des_LTX__mcrypt_self_test
des_LTX__mcrypt_set_key
destroy_op_array
destroy_zend_class
destroy_zend_function
display_ini_entries
display_link_numbers
div_function
do_bind_class
do_bind_function
do_bind_inherited_class
docbCreateFileParserCtxt
docbCreatePushParserCtxt
docbDefaultSAXHandlerInit
docbEncodeEntities
docbFreeParserCtxt
docbParseChunk
docbParseDoc
docbParseDocument
docbParseFile
docbSAXParseDoc
docbSAXParseFile
dom_node_class_entry
dom_object_get_node
dummy_indent
elementDecl
empty_fcall_info
empty_fcall_info_cache
endDocument
endElement
end_mcrypt
enigma_LTX__is_block_algorithm
enigma_LTX__mcrypt_algorithm_version
enigma_LTX__mcrypt_decrypt
enigma_LTX__mcrypt_encrypt
enigma_LTX__mcrypt_get_algo_iv_size
enigma_LTX__mcrypt_get_algorithms_name
enigma_LTX__mcrypt_get_block_size
enigma_LTX__mcrypt_get_key_size
enigma_LTX__mcrypt_get_size
enigma_LTX__mcrypt_get_supported_key_sizes
enigma_LTX__mcrypt_self_test
enigma_LTX__mcrypt_set_key
entityDecl
execute
execute_internal
executor_globals_id
expand_filepath
expand_filepath_ex
externalSubset
file_globals_id
file_handle_dtor
flock
fnmatch
free_estring
function_add_ref
gc_collect_cycles
gc_globals_ctor
gc_globals_dtor
gc_globals_id
gc_init
gc_remove_zval_from_buffer
gc_reset
gc_zobj_possible_root
gc_zval_possible_root
getColumnNumber
getEntity
getLineNumber
getNamespace
getParameterEntity
getPublicId
getSystemId
get_active_class_name
get_active_function_name
get_binary_op
get_crc_table
get_timezone_info
get_unary_op
get_zend_version
gettimeofday
glob
globalNamespace
globfree
gost_LTX__is_block_algorithm

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run.vbs
.vbs
winhost32.exe
.exe windows x86

a61e99669aa897c4902cf1fb72861e6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

php5ts

php_execute_script
core_globals_id
zend_is_auto_global
zend_ini_deactivate
sapi_deactivate
php_body_write
zend_load_extension
get_zend_version
php_printf
php_print_info
php_end_ob_buffers
php_request_startup
compiler_globals_id
executor_globals_id
php_getopt
sapi_startup
ts_resource_ex
php_lint_script
zend_hash_destroy
zend_hash_apply
zend_hash_sort
zend_qsort
zend_hash_copy
_zend_hash_init
zend_llist_destroy
zend_llist_apply
zend_llist_sort
zend_llist_copy
zend_extensions
zend_strndup
_php_stream_free
gc_remove_zval_from_buffer
zend_register_constant
_php_stream_open_wrapper_ex
virtual_fopen
zend_printf
open_file_for_scanning
zend_strip
php_get_highlight_struct
zend_highlight
zend_eval_string_ex
_emalloc
_zend_hash_add_or_update
_php_stream_get_line
_estrndup
_efree
reflection_extension_ptr
reflection_class_ptr
reflection_method_ptr
reflection_function_ptr
_object_init_ex
zend_call_method
_zval_ptr_dtor
zend_exception_get_default
zend_read_property
reflection_ptr
zend_str_tolower_dup
module_registry
zend_hash_find
display_ini_entries
php_info_print_module
php_ini_opened_path
php_ini_scanned_files
php_request_shutdown
php_module_shutdown
sapi_shutdown
tsrm_shutdown
php_module_startup
sapi_globals_id
php_import_environment_variables
sapi_module
php_register_variable
php_handle_aborted_connection
php_module_shutdown_wrapper
zend_error
tsrm_startup
zif_dl

msvcrt

_stricmp
_strdup
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
fgetc
ftell
fseek
rewind
strrchr
_setjmp3
_fmode
malloc
strchr
__mb_cur_max
_isctype
_pctype
realloc
printf
fclose
strstr
getenv
exit
free
fprintf
fflush
_errno
fwrite
_iob
_setmode

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a88f60a043cf39c8ba73973e5f14e26e

Headers

File Characteristics

Imports

oleaut32

advapi32

ws2_32

odbc32

kernel32

ole32

user32

dnsapi

msvcrt

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 164KB - Virtual size: 277KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 180KB - Virtual size: 179KB

a61e99669aa897c4902cf1fb72861e6b

Headers

File Characteristics

Imports

php5ts

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 228B

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 164KB - Virtual size: 277KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 180KB - Virtual size: 179KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 228B

.rsrc
Size: 4KB - Virtual size: 2KB