91412ff75b8215933444d7109904287c27c5ee999f3cf0a9ca8b7508650d03ed

Sharing

Copy URL Twitter E-mail

General

Target

91412ff75b8215933444d7109904287c27c5ee999f3cf0a9ca8b7508650d03ed
Size

220KB
MD5

4caf978c83889c8cc295f88c4c6fe310
SHA1

eec37419055176b9cf536e4a8f155b5089b01072
SHA256

91412ff75b8215933444d7109904287c27c5ee999f3cf0a9ca8b7508650d03ed
SHA512

53bcd54dbd428660398840090175ca6bff0677935f51ee115a0eb473a2276954b04fb8edc1036928e76d90bbb837baac2c1d7a4346eb8fd10c8eca9d46f49c42
SSDEEP

6144:hbwx6n0iz/AuTwMW3+r6lXjJmhw0w9jcCMRQ:hbA+IFMO+8jJn9nM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91412ff75b8215933444d7109904287c27c5ee999f3cf0a9ca8b7508650d03ed

Files

91412ff75b8215933444d7109904287c27c5ee999f3cf0a9ca8b7508650d03ed
.dll windows x86

b82bac845702d5ae061e6744a98e5895

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php8ts

xmlCharEncInFunc
_zend_handle_numeric_str_ex@@12
zend_hash_internal_pointer_reset_ex@@8
php_localtime_r
zend_update_property
xmlNewTextLen
zend_fetch_class
zend_ce_traversable
xmlNodeSetContent
xmlNodeSetContentLen
zend_hash_index_update@@12
php_get_nan
zend_read_property
xmlNewText
_efree@@4
_emalloc@@4
xmlNodeDump
zend_unmangle_property_name_ex
ap_php_snprintf
convert_to_null@@4
add_assoc_string_ex
php_random_bytes
zend_fetch_resource_ex
php_stream_context_set_option
core_globals_offset
PHP_MD5InitArgs
php_url_parse
php_stream_context_get_option
php_url_free
_php_stream_free
_php_stream_read
zend_array_dup@@4
add_index_str
PHP_MD5Final
add_index_stringl
php_le_stream_context
_php_stream_write
_php_stream_get_line
zend_register_resource
zend_fetch_resource2_ex
add_assoc_long_ex
PHP_MD5Update
php_stream_xport_crypto_enable
php_file_le_pstream
_php_stream_eof
php_stream_xport_crypto_setup
_php_stream_getc
php_stream_context_alloc
make_digest
file_globals_id
php_file_le_stream
_php_stream_xport_create
add_index_bool
zend_spprintf
php_stream_locate_url_wrapper
xmlGetIntSubset
zend_array_destroy@@4
rc_dtor_func@@4
zend_hash_str_add@@16
zend_hash_index_del@@8
xmlBuildURI
xmlNodeGetBase
zend_hash_move_forward_ex@@8
zend_hash_get_current_key_type_ex@@8
zend_hash_str_update@@16
zend_hash_add@@12
zend_hash_get_current_key_ex@@16
xmlStrcmp
zend_hash_copy@@12
zend_hash_del@@8
virtual_realpath
php_libxml_switch_context
zend_strndup@@8
php_get_current_user
zend_str_tolower@@8
xmlGetLastError
xmlCharStrdup
xmlParseDocument
php_libxml_disable_entity_loader
xmlFreeParserCtxt
php_get_inf
xmlCreateMemoryParserCtxt
zend_throw_exception_object
OnUpdateBool
php_stream_filter_remove
php_session_start
zend_declare_property_ex
ts_resource_ex
xmlNewNode
zend_parse_arg_str_or_long_slow@@16
zend_parse_arg_str_slow@@12
php_escape_html_entities
zend_register_ini_entries_ex
xmlFindCharEncodingHandler
php_output_start_default
zend_update_property_string
zend_object_std_dtor
xmlEncodeSpecialChars
OnUpdateString
zend_strpprintf
zend_error_cb
zend_ce_error
php_info_print_table_end
zend_string_tolower_ex@@8
zend_zval_type_name
zend_hash_index_add@@12
xmlNewDocNode
ts_allocate_id
php_write
zend_is_auto_global
OnUpdateLong
zend_try_assign_typed_ref_arr
zend_ini_long
zend_string_init_interned
compiler_globals_offset
zend_ini_boolean_displayer_cb
php_output_get_contents
zend_register_long_constant
zend_parse_parameters
add_next_index_str
tsrm_get_ls_cache
zend_empty_array
zend_call_method
zend_argument_value_error
sapi_globals_offset
add_next_index_stringl
_convert_to_string@@4
_php_stream_seek
php_check_open_basedir
xmlNewDoc
xmlNewChild
zend_parse_arg_bool_slow@@12
zend_argument_type_error
zend_register_string_constant
xmlBuildQName
object_properties_init
zend_unregister_ini_entries_ex
php_error_docref
xmlCharEncCloseFunc
display_ini_entries
zend_wrong_parameter_error@@20
zend_wrong_parameters_none_error@@0
zend_call_known_function
sapi_add_header_ex
zend_register_internal_class_ex
zend_register_list_destructors_ex
zend_type_error
zend_wrong_parameters_count_error@@8
zend_declare_typed_property
std_object_handlers
xmlDocSetRootElement
ps_globals_id
zend_is_unwind_exit
php_output_discard
_php_stream_filter_append
php_stream_filter_create
zend_throw_error
zend_object_std_init@@8
xmlDocDumpMemory
php_output_get_length
zend_ce_exception
php_info_print_table_start
zend_known_strings
xmlCharEncOutFunc
__zend_malloc
_erealloc@@8
executor_globals_offset
zend_gcvt
php_base64_encode
zend_hash_destroy@@4
smart_str_erealloc@@8
zval_ptr_dtor
xmlStringTextNoenc
_zend_hash_init@@16
xmlSetNsProp
xmlSearchNs
xmlBufferContent
zend_hash_str_find@@12
xmlCopyNode
xmlBufferFree
zend_hash_find@@8
xmlBufferCreate
_estrndup@@8
convert_to_boolean@@4
_zend_bailout
zend_standard_class_def
xmlSetNs
php_libxml_xmlCheckUTF8
_estrdup@@4
xmlFree
zend_error
zend_hash_next_index_insert@@8
instanceof_function_slow@@8
zend_objects_store_del@@4
zend_hash_update@@12
_safe_emalloc@@12
gc_possible_root@@4
xmlStrEqual
zend_unset_property
_zend_new_array@@4
concat_function@@12
zend_hash_get_current_data_ex@@8
zend_binary_strncasecmp@@20
array_set_zval_key
php_info_print_table_row
zval_get_long_func@@8
zend_clear_exception
xmlFreeDoc
zend_is_true@@4
xmlUnlinkNode
add_assoc_zval_ex
xmlNewNs
xmlBufferCreateStatic
_is_numeric_string_ex@@28
zval_get_string_func@@4
object_init_ex
zend_hash_index_find@@8
xmlFreeNode
zend_empty_string
php_base64_decode_ex
xmlNodeSetName
xmlSearchNsByHref
xmlStrlen
zval_get_double_func@@4
xmlDocCopyNode
xmlAddChild
_call_user_function_impl
zend_hash_str_del@@12
zend_long_to_str@@4
xmlCreateFileParserCtxt
xmlSetProp

vcruntime140

memcmp
memchr
_setjmp3
memcpy
strchr
strrchr
strstr
__std_type_info_destroy_list
memset
_except_handler4_common

api-ms-win-crt-time-l1-1-0

strftime
__timezone
_time32

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
_strnicmp
strncmp
strncpy

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_cexit
_errno
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

_write
_close
__stdio_common_vsscanf
_read
_open

api-ms-win-crt-filesystem-l1-1-0

_fstat32
_unlink

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter

api-ms-win-crt-math-l1-1-0

floor

Exports

Exports

get_module

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b82bac845702d5ae061e6744a98e5895

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 12KB