php[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

php.exe
Size

32KB
MD5

5e2ed4750d1c47aef713f743641d1353
SHA1

7dd7a1365e4dcde6d293feca913948a3f800a82e
SHA256

bc8c410802c8c1b6512d77855202ca09a14d9039ce63380f173533db39cc7f73
SHA512

fe9f1f693ab75230fc74b06d9c140439963dd850230a30c53f5d3cca2240761cb8564c51c858154a4b40803a9ac8bd57c871a74d556a23f03c8f3965d323d2d8
SSDEEP

384:tSYEdse0RtoSU8PSAjs9ydso29XH6LFBT/z55KqvyoOrKDNxN:/VvdPSANdbOY7X7k6N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
php.exe

Files

php.exe
.exe windows x86

fb4611b3f4aca2b370f855b3b3eaadaf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

php5ts

zend_is_auto_global
zend_ini_deactivate
sapi_deactivate
zend_load_extension
sapi_module
get_zend_version
php_printf
php_print_info
php_end_ob_buffers
php_request_startup
php_body_write
compiler_globals_id
executor_globals_id
sapi_startup
ts_resource_ex
tsrm_startup
core_globals_id
zend_hash_apply
zend_hash_sort
zend_qsort
zend_hash_copy
_zend_hash_init
zend_llist_destroy
zend_llist_apply
zend_llist_sort
zend_llist_copy
zend_extensions
zend_strndup
_php_stream_free
zend_register_constant
_php_stream_open_wrapper_ex
virtual_fopen
php_execute_script
php_lint_script
zend_printf
open_file_for_scanning
zend_strip
php_get_highlight_struct
zend_highlight
zend_eval_string_ex
_emalloc
_zend_hash_add_or_update
_php_stream_get_line
_estrndup
reflection_extension_ptr
reflection_class_ptr
reflection_method_ptr
reflection_function_ptr
_object_init_ex
zend_call_method
_zval_ptr_dtor
zend_exception_get_default
zend_read_property
reflection_ptr
zend_str_tolower_copy
module_registry
zend_hash_find
display_ini_entries
php_info_print_module
php_ini_opened_path
php_ini_scanned_files
php_request_shutdown
php_module_shutdown
sapi_shutdown
tsrm_shutdown
php_module_startup
_efree
sapi_globals_id
php_import_environment_variables
php_register_variable
php_handle_aborted_connection
php_module_shutdown_wrapper
zend_hash_destroy
zend_error

msvcrt

_stricmp
_strdup
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
fgetc
ftell
fseek
rewind
strrchr
_setjmp3
_fmode
malloc
strchr
__mb_cur_max
_isctype
_pctype
realloc
printf
fclose
strstr
getenv
exit
free
fflush
_errno
fwrite
_iob
fprintf
_setmode

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb4611b3f4aca2b370f855b3b3eaadaf

Headers

File Characteristics

Imports

php5ts

msvcrt

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 220B

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 220B

.rsrc
Size: 4KB - Virtual size: 2KB