eac77dc82ec8d6812147ed8700e6630bb24c521fd1ca4b99398a6ee4132ffdb3

Sharing

Copy URL Twitter E-mail

General

Target

eac77dc82ec8d6812147ed8700e6630bb24c521fd1ca4b99398a6ee4132ffdb3
Size

124KB
MD5

889506a582d976cd03da21dc669dc75f
SHA1

27c35bdc8d6e9c0c5b6ad9e28871731a4cd98603
SHA256

eac77dc82ec8d6812147ed8700e6630bb24c521fd1ca4b99398a6ee4132ffdb3
SHA512

32a3e9d1625220f531b4e3018356696fc3dc20aaba2edefa34c8ebbcd2bb3c526244a1882f5d7db47a2059669d0644586ce9f192d05c511331bb9c45996b03ca
SSDEEP

3072:/o5SomyiQtzX/yNBymbc1saTMpE/4P7FL6ZSC9zXWlwWoeuM:/romyiQtzX/yB9bksaQE/W1ES0WlwWoc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eac77dc82ec8d6812147ed8700e6630bb24c521fd1ca4b99398a6ee4132ffdb3

Files

eac77dc82ec8d6812147ed8700e6630bb24c521fd1ca4b99398a6ee4132ffdb3
.dll windows x86

8f68e6a17bc1c40625c3f7e6e3e1c6ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php8ts

zend_wrong_parameters_none_error@@0
zend_objects_not_comparable
get_active_function_arg_name
zend_register_internal_class_ex
add_assoc_stringl_ex
zend_wrong_parameters_count_error@@8
string_compare_function@@8
zend_hash_str_update@@16
std_object_handlers
zend_try_assign_typed_ref
zend_hash_index_update@@12
php_stream_http_wrapper
zend_throw_error
_efree@@4
zend_object_std_init@@8
zend_array_destroy@@4
php_verror
_emalloc@@4
add_index_bool
zend_ce_exception
php_info_print_table_start
zend_known_strings
zend_try_assign_typed_ref_stringl
ap_php_snprintf
zend_try_assign_typed_ref_null
add_assoc_bool_ex
_call_user_function_impl
php_stream_socket_ops
php_win32_error_to_msg
_php_stream_alloc
zend_is_true@@4
zend_binary_strcasecmp@@16
php_stream_xport_shutdown
php_stream_context_set_option
php_network_accept_incoming
smart_str_erealloc@@8
zval_try_get_string_func@@4
__zend_strdup
php_stream_context_get_option
php_url_free
_php_stream_fill_read_buffer
php_set_sock_blocking
_php_stream_open_wrapper_ex
_php_stream_free
zend_hash_next_index_insert@@8
zend_error
php_win32_error_msg_free
_php_stream_get_line
zval_get_long_func@@8
_safe_malloc@@12
zend_strndup@@8
php_poll2
_estrndup@@8
php_stream_notification_notify
php_stream_xport_crypto_enable
php_stream_xport_crypto_setup
gettimeofday
php_socket_strerror
file_globals_id
php_url_parse_ex
zend_wrong_parameter_error@@20
display_ini_entries
php_error_docref
zend_unregister_ini_entries_ex
virtual_stat
object_properties_init
add_assoc_long_ex
zend_sort
zend_register_string_constant
zend_parse_arg_bool_slow@@12
zend_try_assign_typed_ref_str
zend_hash_str_find@@12
zend_value_error
php_unregister_url_stream_wrapper
php_check_open_basedir
zend_str_tolower_copy@@12
php_stream_xport_unregister
add_next_index_stringl
_estrdup@@4
php_register_url_stream_wrapper
instanceof_function_slow@@8
_safe_emalloc@@12
php_stream_xport_register
zend_argument_value_error
add_index_string
_zend_new_array@@4
expand_filepath
tsrm_get_ls_cache
add_next_index_str
zend_parse_parameters
zend_register_long_constant
__zend_malloc
php_strlcpy
_erealloc@@8
compiler_globals_offset
executor_globals_offset
zend_string_init_interned
zend_try_assign_typed_ref_arr
php_stream_ftp_wrapper
_try_convert_to_string@@4
make_digest_ex
php_base64_encode
zend_throw_exception
zval_ptr_dtor
zend_parse_arg_long_slow@@12
add_assoc_str_ex
__zend_calloc
php_info_print_table_end
zend_ini_string
php_stream_generic_socket_factory
add_assoc_zval_ex
php_info_print_table_row
zend_object_std_dtor
add_next_index_string
zend_register_ini_entries_ex
_ecalloc@@8
add_assoc_string_ex
zend_parse_arg_str_slow@@12
zend_parse_arg_str_or_long_slow@@16
object_init_ex
zend_hash_index_find@@8
zend_argument_error_variadic@@16
php_base64_decode_ex
zend_try_assign_typed_ref_bool
zend_hash_sort_ex@@16
zend_ce_value_error
zend_add_attribute

libcrypto-3

i2d_X509
ERR_peek_error
X509_STORE_CTX_set_error
X509_NAME_get_text_by_NID
X509_STORE_add_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_verify_cert_error_string
ERR_error_string
X509_STORE_CTX_get0_cert
ERR_clear_error
X509_get_ext_d2i
X509_STORE_CTX_get_ex_data
PEM_read_bio_Parameters
EVP_PKEY_up_ref
X509_get_ext
CMS_get1_crls
X509_NAME_get_entry
X509_getm_notBefore
GENERAL_NAME_free
EVP_EncryptFinal
X509_LOOKUP_file
EVP_CIPHER_CTX_new
OBJ_create
EVP_PKEY_CTX_set_rsa_keygen_bits
X509_PURPOSE_get0_sname
PEM_write_bio_PKCS7
EVP_aes_256_cbc
X509_REQ_sign
X509_REQ_set_version
NCONF_get_string
EVP_PKEY_get_utf8_string_param
EVP_get_cipherbyname
EVP_CipherUpdate
EVP_sha384
EVP_PKEY_decrypt_init
ASN1_INTEGER_to_BN
EVP_OpenInit
OBJ_nid2sn
X509_get_pubkey
EVP_PKEY_encrypt_init
OPENSSL_sk_new_null
EVP_des_cbc
BIO_new
OBJ_NAME_do_all_sorted
EVP_CIPHER_get_mode
CMS_decrypt
NCONF_new
X509_verify_cert
EVP_PKEY_decrypt
EVP_PKEY_get_base_id
X509_digest
BIO_ctrl
X509_STORE_add_lookup
EVP_OpenFinal
PEM_write_bio_X509
BIO_new_file
EVP_DecryptUpdate
X509_REQ_set_pubkey
CMS_get0_type
X509_set_version
ERR_pop_to_mark
EVP_PKEY_copy_parameters
PEM_write_bio_CMS
EVP_CIPHER_get_iv_length
EVP_CIPHER_CTX_free
EVP_ripemd160
NCONF_load
X509_NAME_entry_count
EVP_PKEY_CTX_set_rsa_padding
CMS_final
EVP_PKEY_paramgen
EVP_PKEY_CTX_set_dh_paramgen_prime_len
BN_bin2bn
EVP_PKEY_CTX_set_dsa_paramgen_bits
X509_verify
BN_num_bits
X509_sign
OBJ_sn2nid
PKCS7_decrypt
X509_EXTENSION_get_data
EVP_CIPHER_CTX_set_padding
CMS_get1_certs
EVP_md4
EC_get_builtin_curves
BN_CTX_free
EVP_CIPHER_CTX_get_block_size
EVP_CIPHER_CTX_reset
OSSL_PARAM_BLD_push_utf8_string
X509_gmtime_adj
EVP_CIPHER_get_key_length
OBJ_txt2nid
EVP_MD_get_size
X509_REQ_print
i2s_ASN1_INTEGER
EVP_EncryptUpdate
EC_GROUP_new_by_curve_name
ASN1_STRING_set_default_mask_asc
X509_REQ_verify
X509_REQ_new
X509_get_signature_nid
X509_check_purpose
CRYPTO_get_ex_new_index
X509_STORE_CTX_new
BN_CTX_new
EVP_SealInit
RAND_load_file
ASN1_STRING_length
X509V3_set_nconf
X509_INFO_free
X509_NAME_oneline
EVP_PKEY_CTX_new
PEM_read_bio_CMS
X509V3_EXT_add_nconf
BIO_new_mem_buf
X509_free
PEM_write_bio_PUBKEY
PEM_write_bio_PrivateKey
OBJ_nid2ln
EVP_PKEY_get_bn_param
EVP_PKEY_check
SMIME_write_CMS
X509_get_default_cert_file
CMS_get0_signers
NETSCAPE_SPKI_b64_encode
NCONF_get_section
NETSCAPE_SPKI_free
PEM_read_bio_PKCS7
EVP_CIPHER_CTX_set_key_length
X509V3_EXT_get
OSSL_PARAM_BLD_to_param
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_get_block_size
X509_get_default_cert_dir
X509V3_set_ctx
X509_get_serialNumber
EVP_sha512
ASN1_item_d2i
CMS_sign
X509_REQ_add1_attr_by_txt
d2i_CMS_bio
ASN1_STRING_type
OpenSSL_version
CMS_verify
BN_new
EVP_aes_192_cbc
X509_subject_name_hash
X509_STORE_CTX_init
CMS_encrypt
EVP_des_ede3_cbc
BN_bn2hex
X509_LOOKUP_ctrl
ERR_set_mark
X509_get_default_private_dir
EVP_PKEY_fromdata_init
EVP_PKEY_set1_encoded_public_key
EVP_EncryptInit
SMIME_read_CMS
PEM_write_bio_CMS_stream
PEM_X509_INFO_read_bio
OSSL_PARAM_BLD_free
EVP_DigestInit
OBJ_nid2obj
OPENSSL_sk_pop_free
X509_check_private_key
X509_REQ_free
PEM_write_bio_X509_REQ
EVP_DecryptFinal
EVP_SignFinal
BIO_puts
X509_NAME_ENTRY_get_object
EVP_PKEY_CTX_set_ec_paramgen_curve_nid
NCONF_free
PKCS7_sign
X509V3_EXT_REQ_add_nconf
ASN1_STRING_get0_data
EVP_PKEY_derive
EVP_PKEY_derive_init
ERR_error_string_n
EVP_sha1
BIO_free
EVP_CIPHER_do_all_provided
BIO_write
PEM_write_bio_X509_CRL
X509_PURPOSE_get_count
EVP_PKEY_CTX_set_ec_param_enc
GENERAL_NAME_print
RAND_bytes
EC_POINT_new
EC_GROUP_free
X509_print
PKCS7_verify
OSSL_PARAM_free
EVP_PKEY_free
EVP_PKEY_fromdata
EVP_PKEY_keygen
i2d_PKCS12_bio
X509_get_ext_count
X509_REQ_get_subject_name
NETSCAPE_SPKI_verify
X509_NAME_add_entry_by_NID
OPENSSL_sk_value
EVP_PKEY_encrypt
OSSL_PARAM_BLD_push_octet_string
OPENSSL_sk_push
EVP_CipherInit_ex
X509_get_version
d2i_PKCS12_bio
OSSL_PARAM_BLD_push_BN
EVP_PKEY_paramgen_init
EVP_MD_CTX_free
CRYPTO_free
EVP_aes_128_cbc
EC_POINT_free
PEM_read_bio_PrivateKey
NETSCAPE_SPKI_set_pubkey
NETSCAPE_SPKI_sign
PKCS7_free
EVP_sha224
X509_EXTENSION_get_object
EC_POINT_set_affine_coordinates
BN_with_flags
OPENSSL_sk_pop
OBJ_ln2nid
BIO_free_all
BIO_s_mem
EVP_PKEY_keygen_init
OPENSSL_sk_free
X509_CRL_free
X509_PURPOSE_get0
OBJ_obj2txt
PEM_read_bio_X509
ASN1_INTEGER_set_int64
EVP_rc2_cbc
X509_dup
EVP_CIPHER_names_do_all
NCONF_get_number_e
PEM_ASN1_read_bio
CMS_ContentInfo_free
X509_NAME_ENTRY_get_data
BN_mod_exp_mont
OSSL_PARAM_BLD_new
EVP_PKEY_verify_recover
EVP_PKEY_get_size
NETSCAPE_SPKI_new
EVP_DigestUpdate
BN_free
X509V3_EXT_print
PKCS7_encrypt
X509_STORE_CTX_free
SMIME_write_PKCS7
EVP_sha256
ASN1_OBJECT_free
EVP_md5
EC_POINT_point2buf
NETSCAPE_SPKI_b64_decode
X509_alias_get0
X509_get_subject_name
EVP_SealFinal
PEM_read_bio_PUBKEY
OPENSSL_sk_num
ASN1_STRING_set
EVP_CIPHER_get_nid
PKCS7_get0_signers
ERR_get_error
RAND_file_name
OBJ_create_objects
PKCS12_free
EVP_PKEY_derive_set_peer
d2i_X509
EVP_get_digestbyname
X509_set_subject_name
EVP_rc2_40_cbc
BIO_printf
X509_get_default_cert_file_env
EVP_PKEY_sign_init
X509_NAME_get_index_by_NID
RAND_write_file
X509_REQ_get_pubkey
SMIME_read_PKCS7
X509_PURPOSE_get_id
X509_new
EVP_VerifyFinal
EVP_PKEY_verify_recover_init
EC_POINT_mul
X509_getm_notAfter
OBJ_obj2nid
X509_get_default_cert_dir_env
X509_STORE_CTX_set_purpose
EVP_MD_CTX_new
X509_set_pubkey
i2d_CMS_bio
X509_LOOKUP_hash_dir
PKCS5_PBKDF2_HMAC
X509_get_issuer_name
EVP_DigestFinal
PKCS12_parse
EVP_PKEY_new
X509_set_issuer_name
RAND_status
EVP_PKEY_sign
BN_bn2bin
PEM_read_bio_X509_REQ
X509_PUBKEY_get
EVP_PKEY_CTX_new_id
X509_get_default_cert_area
X509_NAME_add_entry_by_txt
X509_STORE_free
EVP_rc2_64_cbc
X509_PURPOSE_get0_name
EVP_CIPHER_get0_name
PKCS12_create
EVP_PKEY_CTX_free
EVP_PKEY_get_bits
X509_REQ_get_attr_by_NID
OPENSSL_sk_shift
ASN1_STRING_to_UTF8
X509_STORE_new

libssl-3

SSL_set_connect_state
SSL_get_error
TLS_server_method
SSL_CTX_set_cert_verify_callback
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_current_cipher
SSL_set_shutdown
SSL_CTX_set_security_level
SSL_shutdown
SSL_set_SSL_CTX
SSL_CTX_check_private_key
SSL_get1_peer_certificate
SSL_set_info_callback
SSL_CIPHER_get_name
SSL_CTX_use_certificate_chain_file
SSL_CTX_load_verify_locations
SSL_set_accept_state
SSL_CTX_set_cipher_list
SSL_CIPHER_get_version
SSL_read
SSL_pending
SSL_accept
SSL_CTX_set_verify
SSL_get_peer_cert_chain
SSL_ctrl
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_callback_ctrl
TLS_client_method
SSL_get_verify_result
SSL_CTX_get_options
SSL_write
SSL_CTX_set_client_CA_list
SSL_select_next_proto
SSL_CTX_new
SSL_copy_session_id
SSL_set_fd
SSL_CTX_use_PrivateKey_file
SSL_set_ex_data
SSL_version
SSL_get0_alpn_selected
SSL_CTX_ctrl
SSL_CTX_free
SSL_new
SSL_load_client_CA_file
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_options
SSL_CTX_get_cert_store
SSL_CTX_set0_tmp_dh_pkey
SSL_free
SSL_CTX_set_default_passwd_cb
SSL_get_servername
SSL_connect
SSL_peek
SSL_get_ex_data
OPENSSL_init_ssl
SSL_CIPHER_get_bits

crypt32

CertCreateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentProcessId

ws2_32

WSAGetLastError
inet_pton
closesocket
shutdown
recv

vcruntime140

memcmp
memchr
strchr
__std_type_info_destroy_list
memset
_except_handler4_common
memcpy

api-ms-win-crt-time-l1-1-0

__timezone
_mktime32

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

_stricmp
_strnicmp
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_cexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

get_module
php_openssl_cipher_iv_length
php_openssl_cipher_key_length
php_openssl_decrypt
php_openssl_encrypt
php_openssl_random_pseudo_bytes

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f68e6a17bc1c40625c3f7e6e3e1c6ec

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

libcrypto-3

libssl-3

crypt32

kernel32

ws2_32

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB