39bd17bea61b54e5e85b82d249c6f29e142a7079593410a5420bfc9c3125b117

Sharing

Copy URL Twitter E-mail

General

Target

39bd17bea61b54e5e85b82d249c6f29e142a7079593410a5420bfc9c3125b117
Size

9.2MB
MD5

3b30c942c897f2ce7b47bb01be10ccb0
SHA1

e06f26f47d2addbb9010e4f11fe92da8e5f171fd
SHA256

39bd17bea61b54e5e85b82d249c6f29e142a7079593410a5420bfc9c3125b117
SHA512

39e26ef9d9777a4de49858f1f0d94b20fa2c061eeca4d3f7e10f69faeb8f1c01b56a3f0901700a4f3a4f2bd0e44cccd2feba0e32aeeba8af1eb221d6ee0ec426
SSDEEP

196608:B8LqCxkWC1/pWJ1ld3djROzbjKod9hb1O0krXA3h75WwBCHRtK1gmivF8Zq7wBpF:4qhWC1/pWJ1ld3djROzbjKod9hb1O0kI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39bd17bea61b54e5e85b82d249c6f29e142a7079593410a5420bfc9c3125b117

Files

39bd17bea61b54e5e85b82d249c6f29e142a7079593410a5420bfc9c3125b117
.dll windows x64

cf39ff985ff12d4c40a3e0757c156fef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

php8

zval_get_long_func@@16
php_check_open_basedir
zend_argument_type_error
zend_register_string_constant
php_sig_png
add_assoc_long_ex
object_properties_init
php_stream_stdio_ops
zend_strndup@@16
zend_unregister_ini_entries_ex
_estrndup@@16
php_win32_cp_conv_cur_to_w
php_error_docref
display_ini_entries
zend_wrong_parameter_error@@40
zend_wrong_parameters_none_error@@0
zend_objects_not_comparable
_php_stream_seek
_php_stream_write
zend_register_internal_class_ex
php_win32_code_to_errno
zend_wrong_parameters_count_error@@16
add_assoc_bool_ex
_php_stream_copy_to_mem
std_object_handlers
php_win32_cp_get_by_id
instanceof_function_slow@@16
_php_stream_cast
php_win32_cp_conv_utf8_to_w
php_file_le_pstream
_php_stream_eof
_safe_emalloc@@24
php_file_le_stream
zend_value_error
zend_argument_value_error
php_sig_riff
_efree@@8
zend_hash_str_find@@24
_zend_new_array@@8
zend_parse_parameters
php_win32_ioutil_fopen_w
zend_register_long_constant
_php_stream_read
_php_stream_free
_php_stream_open_wrapper_ex
zend_object_std_init@@16
php_verror
zend_wrong_param_count
zend_ini_boolean_displayer_cb
zend_string_init_interned
zend_ini_long
php_sig_gif
php_write
_emalloc@@8
_php_stream_tell
php_win32_ioutil_normalize_path_w
php_info_print_table_start
ap_php_snprintf
_erealloc@@16
uncompress
compress
_estrdup@@8
zend_error
zend_vspprintf
__zend_malloc
__zend_strdup
php_sig_jpg
php_win32_cp_conv_w_to_cur
php_win32_ioutil_getcwd_w
php_sig_webp
libiconv_close
libiconv_open
zend_fetch_resource2_ex
libiconv
zend_throw_error
zend_parse_arg_long_slow@@24
php_win32_cp_use_unicode
zend_zval_type_name
deflateEnd
inflateEnd
adler32
inflateReset
crc32
deflateReset
deflateInit2_
deflate
inflateReset2
inflateInit2_
inflateValidate
inflate
php_info_print_table_end
php_sig_bmp
php_is_image_avif
add_next_index_long
php_info_print_table_row
zend_object_std_dtor
php_win32_cp_conv_ascii_to_w
_php_stream_memory_open
zend_register_ini_entries_ex
_ecalloc@@16
add_assoc_string_ex
zend_parse_arg_str_slow@@24
php_open_temporary_file
object_init_ex
zend_hash_index_find@@16
add_index_double
php_win32_cp_conv_to_w
zval_get_double_func@@8
php_win32_ioutil_unlink_w

user32

ReleaseDC
GetClientRect
PrintWindow
IsWindow
GetDC
GetWindowRect
GetDesktopWindow

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetPixel
CreateCompatibleDC

kernel32

QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
TerminateProcess
SetLastError
GetACP
GetLastError
GetCurrentProcessId
CreateFileA
GetFileSizeEx
ReadFile
CloseHandle
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObjectEx
SetThreadPriority
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable

vcruntime140

memcpy
memmove
longjmp
memset
strstr
memchr
memcmp
strchr
__intrinsic_setjmp
strrchr
__std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

_close
__acrt_iob_func
__stdio_common_vfscanf
fopen
fread
__stdio_common_vfprintf
ungetc
feof
_rmtmp
fputs
_open
__stdio_common_vsscanf
fseek
tmpfile
rewind
fgets
fclose
fwrite
getc
putc
ftell
fflush
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
calloc

api-ms-win-crt-runtime-l1-1-0

_errno
exit
abort
_beginthreadex
_initterm
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_set_errno

api-ms-win-crt-string-l1-1-0

strncmp
isupper
_stricmp
isdigit
islower
strcmp
isspace
wcsncmp
strncpy

api-ms-win-crt-utility-l1-1-0

bsearch
qsort
rand
srand

api-ms-win-crt-math-l1-1-0

ceil
cos
atanf
exp
logf
_fdopen
rint
round
log2
sqrt
floorf
log10
tan
floor
pow
sqrtf
roundf
atan2
fmod
sin
log

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoul
strtol

Exports

Exports

get_module
php_gd_libgdimageptr_from_zval_p

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf39ff985ff12d4c40a3e0757c156fef

Headers

DLL Characteristics

File Characteristics

Imports

php8

user32

gdi32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rodata Size: 1KB - Virtual size: 1KB

.rdata Size: 3.7MB - Virtual size: 3.7MB

.data Size: 32KB - Virtual size: 347KB

.pdata Size: 138KB - Virtual size: 138KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rodata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 32KB - Virtual size: 347KB

.pdata
Size: 138KB - Virtual size: 138KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 15KB