437d0f69fb78a536b59a37dd91ffd62f

Sharing

Copy URL Twitter E-mail

General

Target

437d0f69fb78a536b59a37dd91ffd62f
Size

199KB
MD5

437d0f69fb78a536b59a37dd91ffd62f
SHA1

514c7bee3f661a73a6e44dc7916af1e8c5e99895
SHA256

6c5c04aced11c6fe40af5ffa56e4a8fbe5a6c56878d6c3c22cbfafab959aa8ea
SHA512

dc408a4c3c233be1038f07733fdbb0331c05db372645cc12509abc56b651c05b816441bf6bd7d0ea7e35d3a0817bdf4dde6c1365b9b2a4b2774e6e2822bdecda
SSDEEP

3072:e9nyKrxwkOjabCAANGpAZnks44wvG/pgqMgNVX+DsG3Wqu:eBHD0GaZksRgqM2rG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
437d0f69fb78a536b59a37dd91ffd62f

Files

437d0f69fb78a536b59a37dd91ffd62f
.dll windows:5 windows x86 arch:x86

5e98d9e25c402157ad5807f3503eaee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5

zend_get_class_entry
zend_rebuild_symbol_table
zend_read_property
zend_set_timeout
zend_get_executed_lineno
zend_get_executed_filename
get_active_function_name
zend_is_auto_global
zend_get_property_info
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_data_ex
zend_hash_get_current_key_ex
zend_hash_move_forward_ex
php_info_print_table_end
php_info_print_table_row
php_info_print_table_colspan_header
php_info_print_table_start
zend_ini_string_ex
php_request_shutdown
executor_globals
zend_read_static_property
compiler_globals
zend_get_extension
zend_register_extension
zend_register_ini_entries

wsock32

WSAGetLastError
WSAStartup
socket
send
select
recv
listen
ioctlsocket
htons
connect
closesocket
bind
accept

kernel32

WriteFile
LocalFree
CreateFileW
GetStringTypeW
WriteConsoleW
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
InterlockedDecrement
LocalAlloc
GetLastError
FormatMessageA
lstrlenA
MultiByteToWideChar
Sleep
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetStartupInfoW
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
HeapFree
HeapAlloc
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
HeapSize
IsDebuggerPresent
GetProcessHeap
SetLastError
InterlockedIncrement
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode

ole32

OleRun
CLSIDFromProgID
CoInitialize
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

Exports

Exports

GetDbgVersion
get_module

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e98d9e25c402157ad5807f3503eaee4

Headers

DLL Characteristics

File Characteristics

Imports

php5

wsock32

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB