6b41fd850b00eb7e18106d9ed00dd0d46cf6f7b0e1589dca1494199eaf4e8233

Sharing

Copy URL Twitter E-mail

General

Target

6b41fd850b00eb7e18106d9ed00dd0d46cf6f7b0e1589dca1494199eaf4e8233
Size

25KB
MD5

ac0f97103c908762ce2c4d137a56d4f9
SHA1

20e0850fd24044cf3740bb16c93bc3585f3309c6
SHA256

6b41fd850b00eb7e18106d9ed00dd0d46cf6f7b0e1589dca1494199eaf4e8233
SHA512

d6ad5cb4e75e00eb64642d456c90f2c2029b583969d869ac23f74b084a31d425f5fea5274fb2619e8965da1e3991995b81c079b573eb0ef8de9db3abb2c68bd5
SSDEEP

768:hNcqNwBXROJrBbKxjkhgWnmLqpcvqAU4WtbkNz7HEbU:zf6BH3q94W+z7HEb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b41fd850b00eb7e18106d9ed00dd0d46cf6f7b0e1589dca1494199eaf4e8233

Files

6b41fd850b00eb7e18106d9ed00dd0d46cf6f7b0e1589dca1494199eaf4e8233
.dll windows x86

3e535de5c183722bb4f40582c391ff75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php8ts

php_file_le_stream
php_file_le_pstream
_php_stream_copy_to_mem
php_pdo_stmt_set_column_count
zend_one_char_string
add_assoc_long_ex
zend_fetch_resource2_ex
_zend_new_array@@4
add_assoc_zval_ex
add_assoc_string_ex
zend_empty_string
pdo_raise_impl_error
zend_get_gc_buffer_grow
_emalloc@@4
_efree@@4
zend_throw_error
expand_filepath
pdo_throw_exception
zend_wrong_parameters_count_error@@8
convert_to_long@@4
zend_wrong_parameter_error@@20
php_error_docref
zval_get_long_func@@8
zend_call_function
php_check_open_basedir
_estrdup@@4
_safe_emalloc@@12
php_pdo_unregister_driver
tsrm_get_ls_cache
executor_globals_offset
_try_convert_to_string@@4
__zend_strdup
zval_ptr_dtor
zend_parse_arg_long_slow@@12
zend_i64_to_str@@8
pdo_get_long_param
__zend_calloc
zend_release_fcall_info_cache
core_globals_offset
php_pdo_get_exception
add_next_index_long
add_next_index_string
_ecalloc@@8
zend_parse_arg_str_slow@@12
zend_hash_index_find@@8
zend_throw_exception_ex
zend_fcall_info_init
php_info_print_table_start
php_info_print_table_header
zend_declare_class_constant_long
php_info_print_table_end
php_pdo_get_dbh_ce
php_info_print_table_row
php_pdo_register_driver

libsqlite3

sqlite3_reset
sqlite3_column_double
sqlite3_column_blob
sqlite3_bind_int
sqlite3_step
sqlite3_column_name
sqlite3_column_bytes
sqlite3_bind_null
sqlite3_column_int64
sqlite3_data_count
sqlite3_column_decltype
sqlite3_stmt_readonly
sqlite3_bind_text
sqlite3_column_type
sqlite3_bind_parameter_index
sqlite3_column_count
sqlite3_bind_blob
sqlite3_libversion
sqlite3_aggregate_context
sqlite3_create_collation
sqlite3_set_authorizer
sqlite3_last_insert_rowid
sqlite3_free
sqlite3_changes
sqlite3_result_error
sqlite3_user_data
sqlite3_busy_timeout
sqlite3_result_double
sqlite3_value_text
sqlite3_open_v2
sqlite3_prepare_v2
sqlite3_result_null
sqlite3_snprintf
sqlite3_result_text
sqlite3_value_type
sqlite3_value_int
sqlite3_exec
sqlite3_create_function
sqlite3_close_v2
sqlite3_result_int
sqlite3_errcode
sqlite3_value_bytes
sqlite3_errmsg
sqlite3_value_double
sqlite3_extended_result_codes
sqlite3_column_text
sqlite3_column_table_name
sqlite3_finalize

vcruntime140

memcpy
memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

_strnicmp
strncpy

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv
_cexit

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

Exports

Exports

get_module

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e535de5c183722bb4f40582c391ff75

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

libsqlite3

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1016B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1016B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB