d87a85d4c6ecd517b07adf6907d4a1bcb0b39d86e28bd79de785d15ca2e1fa77

Sharing

Copy URL Twitter E-mail

General

Target

d87a85d4c6ecd517b07adf6907d4a1bcb0b39d86e28bd79de785d15ca2e1fa77
Size

113KB
MD5

e4258bc8d4ffa84f7d5e57c93d66960c
SHA1

75a009653e7e7b5918695378e395c25366b61192
SHA256

d87a85d4c6ecd517b07adf6907d4a1bcb0b39d86e28bd79de785d15ca2e1fa77
SHA512

422f2fbfb4db74aa02ab36db1405fd97366e25e76cd2cc056664bce848abe1c3ce9bde643b0c91f38a0cc74498f526d9109a8f7521a4270a5ff9206c8c1eb560
SSDEEP

3072:VIN6Dn6qwm+G80QVxQvrnRWMl2fu0opESDBQHNZTbTwsWYoPl:VIN6DnV8hVxQvrnRWMeu0opESDmtZToN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d87a85d4c6ecd517b07adf6907d4a1bcb0b39d86e28bd79de785d15ca2e1fa77

Files

d87a85d4c6ecd517b07adf6907d4a1bcb0b39d86e28bd79de785d15ca2e1fa77
.dll windows x86

ed7d3252117458a5b9ff833bed6b49ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php8ts

_php_stream_open_wrapper_ex
zend_wrong_param_count
__zend_malloc
zend_parse_parameters
__zend_strdup
smart_str_erealloc@@8
_php_stream_free
tsrm_get_ls_cache
zend_hash_get_current_data_ex@@8
_zend_new_array@@4
zval_try_get_string_func@@4
add_index_string
zend_argument_value_error
_php_stream_cast
zend_list_close@@4
_estrdup@@4
add_next_index_stringl
zend_register_resource
zend_argument_error
zend_hash_move_forward_ex@@8
zend_strndup@@8
zend_unregister_ini_entries_ex
_estrndup@@8
php_error_docref
zend_hash_apply_with_argument@@12
display_ini_entries
zend_parse_parameters_ex
zend_wrong_parameter_error@@20
zend_wrong_parameters_none_error@@0
zend_register_list_destructors_ex
zend_wrong_parameters_count_error@@8
_php_stream_set_option
zend_hash_internal_pointer_reset_ex@@8
zend_fetch_resource2
zend_register_persistent_resource_ex
zend_string_concat3
zend_string_concat2
_efree@@4
_emalloc@@4
zend_spprintf
php_info_print_table_start
_php_stream_read
_php_stream_seek
_php_stream_tell
_safe_emalloc@@12
_php_stream_write
_php_stream_flush
_erealloc@@8
_php_stream_putc
_php_stream_get_line
_php_stream_printf
_php_stream_eof
_php_stream_truncate_set_size
_php_stream_temp_create
zend_register_long_constant
_php_stream_copy_to_stream_ex
zend_throw_error
executor_globals_offset
zend_parse_arg_long_slow@@12
php_info_print_table_end
zend_hash_find@@8
zend_strpprintf
OnUpdateString
php_info_print_table_row
add_next_index_string
zend_register_ini_entries_ex
add_assoc_string_ex
zend_parse_arg_str_slow@@12
_php_stream_stat_path
zend_hash_index_find@@8

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FindFirstFileA
FindNextFileA
GetFullPathNameA
LockFile
LockFileEx
CloseHandle
GetLastError
SetUnhandledExceptionFilter
WaitForSingleObject
InitializeCriticalSection
FlushFileBuffers
MapViewOfFileEx
FormatMessageA
TlsFree
TlsGetValue
GetCurrentProcessId
GetFileSize
UnlockFile
GetSystemInfo
TlsAlloc
SetEvent
OpenMutexA
GetFileInformationByHandle
MultiByteToWideChar
GetVersion
OpenProcess
ReleaseMutex
GetCurrentThreadId
CreateFileW
EnterCriticalSection
CreateMutexA
SetEndOfFile
SetFilePointer
SignalObjectAndWait
WriteFile
TlsSetValue
ReadFile
CreateFileMappingA
GlobalMemoryStatus
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
Sleep
DeleteCriticalSection
LeaveCriticalSection
FindClose

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

vcruntime140

strchr
memcpy
memset
__std_type_info_destroy_list
_except_handler4_common
memmove

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
strerror
abort
_errno

api-ms-win-crt-convert-l1-1-0

atoi
strtol

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-stdio-l1-1-0

_close
_lseek
_get_osfhandle
_open
_write
__acrt_iob_func
fflush
_chsize
_read
__stdio_common_vsprintf
__stdio_common_vfprintf

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_stat64i32
_unlink

api-ms-win-crt-time-l1-1-0

_gmtime64
clock
_localtime64

Exports

Exports

get_module

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed7d3252117458a5b9ff833bed6b49ce

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB