93e58b87be9e6f8ab1c7d95b9a38f0e602dfc7aa3dbcbcc5d6ee44b00f3da1d8

Sharing

Copy URL Twitter E-mail

General

Target

93e58b87be9e6f8ab1c7d95b9a38f0e602dfc7aa3dbcbcc5d6ee44b00f3da1d8
Size

116KB
MD5

af69be6514f6733a8476a4a2d5edc0bc
SHA1

88d07983e507f013fe28b73f2bf934c9fe82671e
SHA256

93e58b87be9e6f8ab1c7d95b9a38f0e602dfc7aa3dbcbcc5d6ee44b00f3da1d8
SHA512

8eaad56d2a87b6fca8cae51d0cc92c62e58e79f0201e336383d520d3f03a9cf4a13ebd0d9d28592a0172288902686a183767708211862a0813f948cda1b77412
SSDEEP

1536:SyDFydBxkMLwwm7leUKO24nQ1kOVEH6qzQHGvIuss5nax/8UTXPn4fcT:EBxbLFDA5QdDHoIG5nax/8UT/4fcT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93e58b87be9e6f8ab1c7d95b9a38f0e602dfc7aa3dbcbcc5d6ee44b00f3da1d8

Files

93e58b87be9e6f8ab1c7d95b9a38f0e602dfc7aa3dbcbcc5d6ee44b00f3da1d8
.exe windows x86

4b9d60f945724a1fb67299a9e558bdad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

php8ts

smart_str_realloc@@8
zend_array_dup@@4
_estrdup@@4
php_win32_ioutil_open_w
zend_str_tolower_copy@@12
__zend_realloc
_safe_malloc@@12
zend_one_char_string
php_raw_url_decode
zend_llist_get_next_ex
zend_strndup@@8
php_poll2
zend_unregister_ini_entries_ex
_estrndup@@8
php_win32_cp_conv_cur_to_w
php_select
zend_ini_deactivate
php_win32_code_to_errno
zend_vspprintf
php_register_known_variable
php_win32_cp_conv_utf8_to_w
php_win32_console_fileno_has_vt100
zend_hash_add@@12
zend_hash_index_update@@12
gettimeofday
virtual_getcwd
php_escape_html_entities_ex
php_format_date
php_socket_strerror
sapi_send_headers
php_socket_error_str
zend_spprintf
php_win32_ioutil_normalize_path_w
display_ini_entries
__zend_malloc
zend_sort
php_ini_scanned_path
php_print_info
php_request_startup
zend_hash_str_find@@12
sapi_deactivate
php_win32_cp_cli_do_restore
php_getopt
_php_stream_get_line
get_zend_version
zend_extensions
php_win32_cp_get_by_id
sapi_globals_offset
zend_error
zend_str_tolower_dup@@8
virtual_realpath
php_ini_scanned_files
compiler_globals_offset
executor_globals_offset
zend_string_init_interned
php_win32_cp_cli_do_setup
zend_hash_destroy@@4
zend_is_auto_global
zval_ptr_dtor
zend_register_constant
php_win32_console_fileno_set_vt100
core_globals_offset
php_output_end_all
zend_llist_copy
reflection_method_ptr
zend_load_extension
php_module_shutdown
sapi_startup
php_module_startup
virtual_fopen
object_init_ex
zend_destroy_file_handle
reflection_zend_extension_ptr
php_ini_builder_define
tsrm_shutdown
zend_llist_sort
php_ini_builder_prepend
reflection_function_ptr
zend_hash_sort_ex@@16
zend_print_zval
sapi_module
zend_llist_destroy
php_handle_auth_data
_zend_new_array@@4
virtual_chdir
php_set_sock_blocking
zend_hash_index_del@@8
zend_ini_boolean_displayer_cb
php_network_populate_name_from_sockaddr
__zend_strdup
php_register_variable_safe
smart_str_erealloc@@8
ts_allocate_id
php_network_freeaddresses
php_win32_cp_use_unicode
zend_string_tolower_ex@@8
zend_stream_init_filename
zend_strpprintf
zend_llist_apply_with_argument
zend_hash_str_add@@16
php_win32_cp_conv_ascii_to_w
zend_register_ini_entries_ex
php_network_getaddresses
php_win32_console_fileno_is_console
module_registry
zend_eval_string_ex
zend_execute_scripts
zend_hash_apply_with_arguments
zend_objects_store_del@@4
php_win32_ioutil_stat_ex_w
zend_hash_index_find@@8
zend_empty_string
php_tsrm_startup
php_win32_cp_conv_to_w
zend_llist_get_first_ex
OnUpdateBool
zend_wrong_parameters_none_error@@0
gc_possible_root@@4
php_error_docref
zend_parse_parameters
zend_strip
zend_hash_copy@@12
php_module_shutdown_wrapper
php_printf
zend_highlight
tsrm_get_ls_cache
zend_known_strings
open_file_for_scanning
zend_printf
zend_ce_exception
_emalloc@@4
zend_stream_init_fp
_efree@@4
php_output_write
reflection_class_ptr
zend_read_property
php_info_print_module
php_lint_script
php_request_shutdown
php_ini_opened_path
zend_llist_apply
php_import_environment_variables
php_get_highlight_struct
php_execute_script
reflection_extension_ptr
php_win32_cp_conv_w_to_cur
php_register_variable
virtual_cwd_activate
php_win32_cp_get_orig
zend_hash_str_update@@16
_zend_hash_init@@16
php_handle_aborted_connection
zif_dl@@8
zend_write
_php_stream_free
zend_register_bool_constant
zend_call_known_function
_php_stream_open_wrapper_ex
ap_php_snprintf
php_win32_console_is_own
add_assoc_stringl_ex
sapi_shutdown

ws2_32

setsockopt
htons
recv
ntohs
socket
send
getsockname
listen
shutdown
closesocket
bind
accept
WSAGetLastError

shell32

CommandLineToArgvW

kernel32

GetCurrentProcessId
SetConsoleCtrlHandler
GetCommandLineW
LocalFree
SetLastError
GetACP
GetLastError
GetConsoleTitleW
SetConsoleTitleW
SetUnhandledExceptionFilter
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

vcruntime140

strchr
strrchr
__current_exception
__current_exception_context
memset
_except_handler4_common
strstr
memmove
memcpy
_setjmp3

api-ms-win-crt-runtime-l1-1-0

exit
_getpid
_errno
_set_errno
signal
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
strerror
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_seh_filter_exe
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type

api-ms-win-crt-stdio-l1-1-0

ferror
__p__commode
fopen
__acrt_iob_func
__stdio_common_vsprintf
_set_fmode
fflush
fclose
clearerr
_read
fseek
fread
feof
_lseek
__stdio_common_vfprintf
__p__fmode
_setmode
fwrite
_fileno
_open
fgets
_write
_close
ftell

api-ms-win-crt-string-l1-1-0

toupper
wcsncmp
strncpy
_stricmp
_strdup
strncmp

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atoi
strtol

api-ms-win-crt-time-l1-1-0

_ctime32_s
_ftime32

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

OPENSSL_Applink
php_cli_get_shell_callbacks
sapi_cli_single_write

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b9d60f945724a1fb67299a9e558bdad

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

ws2_32

shell32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB