c86f6fa225aebdffde73c3cec73887306769601ae216c77a210d750c89d8e9c6

Sharing

Copy URL Twitter E-mail

General

Target

c86f6fa225aebdffde73c3cec73887306769601ae216c77a210d750c89d8e9c6
Size

822KB
MD5

40058ce73a7d5cf4b43c35187fd00c35
SHA1

393eb7651b70346cf84901ced1bd3142c9bd7161
SHA256

c86f6fa225aebdffde73c3cec73887306769601ae216c77a210d750c89d8e9c6
SHA512

8a5c9a9921f0b5a0e76fa5b7f9da8bba7ba5a414a77d7cc5e6be17655ebcb2afd32d73c1bba8229786965f68ecc6690530bff937b9abc47426ac540c02221d65
SSDEEP

12288:gAIbwEx1SivT3GJiajs1njbFogqJ1m413luA7JZvDssfpBznLCSZw2hoOBW:gAoTSRiajInhq/m4Pu2R5fjznDhdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c86f6fa225aebdffde73c3cec73887306769601ae216c77a210d750c89d8e9c6

Files

c86f6fa225aebdffde73c3cec73887306769601ae216c77a210d750c89d8e9c6
.dll windows x86

58ee3c2f99004a5a8326b4cab2107f9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php8ts

zend_ini_string_ex
zend_throw_exception
add_property_long_ex
smart_str_erealloc@@8
_try_convert_to_string@@4
zend_string_init_interned
executor_globals_offset
compiler_globals_offset
zend_ini_boolean_displayer_cb
_erealloc@@8
php_info_print_table_end
_safe_erealloc@@16
php_strlcpy
__zend_malloc
_php_stream_open_wrapper_ex
_php_stream_free
zend_register_long_constant
zend_parse_parameters
tsrm_get_ls_cache
_zend_new_array@@4
zend_argument_value_error
_safe_emalloc@@12
php_pcre_match_impl
ap_php_slprintf
zend_hash_next_index_insert@@8
add_next_index_long
zend_array_dup@@4
php_strlcat
_estrdup@@4
_convert_to_string@@4
_php_stream_write
php_check_open_basedir
zend_hash_str_find@@12
zval_get_long_func@@8
zend_fetch_resource2_ex
zend_argument_type_error
add_assoc_long_ex
object_properties_init
_estrndup@@8
php_error_docref
display_ini_entries
pcre_get_compiled_regex_cache
ap_php_snprintf
zend_known_strings
php_info_print_table_start
zend_spprintf
add_assoc_zval_ex
_emalloc@@4
zend_array_destroy@@4
zend_object_std_init@@8
_efree@@4
zend_throw_error
php_info_print_table_row
php_file_le_stream
file_globals_id
zend_wrong_parameters_none_error@@0
zend_zval_type_name
php_file_le_pstream
std_object_handlers
zend_hash_str_update@@16
add_assoc_stringl_ex
zend_register_internal_class_ex
zend_error
zend_object_std_dtor
add_next_index_string
zend_register_ini_entries_ex
add_property_str_ex
GetSMErrorText
add_property_string_ex
object_init_ex
zend_hash_index_find@@8
object_init
zend_empty_string
OnUpdateBool
zend_ce_value_error
zend_add_attribute
TSendMail

winmm

timeSetEvent
timeBeginPeriod

ws2_32

getaddrinfo
WSAWaitForMultipleEvents
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
recv
WSAStartup
getprotobyname
getservbyname
getnameinfo
gethostname
socket
select
WSAGetLastError
WSACleanup
closesocket
connect
ioctlsocket
getpeername
getsockname
htonl
htons
ntohs
send

secur32

AcquireCredentialsHandleA
InitializeSecurityContextA
DeleteSecurityContext
QueryContextAttributesA
FreeContextBuffer
EncryptMessage
DecryptMessage
EnumerateSecurityPackagesA
FreeCredentialsHandle

crypt32

CertFreeCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertNameToStrA

kernel32

TerminateProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
LockFileEx
UnlockFileEx
CloseHandle
GetLastError
GetCurrentProcessId
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
WideCharToMultiByte
CreateFileA
GetCurrentThreadId
Sleep
GetCurrentProcess
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetVersionExA

advapi32

ImpersonateLoggedOnUser
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
LookupPrivilegeValueA
GetUserNameA
LogonUserA
OpenProcessToken

vcruntime140

_setjmp3
__std_type_info_destroy_list
strrchr
memmove
memset
memcpy
strstr
strchr
_except_handler4_common
memchr

api-ms-win-crt-string-l1-1-0

isalpha
isdigit
_stricmp
strncmp
isxdigit
iscntrl
isalnum
strtok_s
strpbrk
isgraph
strncpy

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc

api-ms-win-crt-stdio-l1-1-0

_open_osfhandle
_get_osfhandle
_close
_tempnam
putchar
getchar
fwrite
fread
fputs
fgets
fseek
fclose
__acrt_iob_func
fopen
ftell
getc
rewind
ungetc
_chsize
_lseek
putc
fflush
_open
__stdio_common_vfprintf
_write
_read
_setmode
_commit
__stdio_common_vsprintf
_fileno

api-ms-win-crt-time-l1-1-0

_gmtime64
__tzname
_time64
clock
_localtime64
_utime64
_tzset
_ctime64
__daylight

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

atol
strtol
atoi
strtoul

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_fstat64i32
_findnext64i32
_findfirst64i32
_stat64i32
_access
_rmdir
_findclose
_unlink
rename

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
exit
_exit
abort
_cexit
_getpid
_initialize_onexit_table
_errno
strerror
_execute_onexit_table

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-conio-l1-1-0

_getch

Exports

Exports

get_module

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58ee3c2f99004a5a8326b4cab2107f9c

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

winmm

ws2_32

secur32

crypt32

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

Exports

Exports

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 83KB - Virtual size: 88KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 83KB - Virtual size: 88KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 17KB