1035e5a21ac62723dfc2392d6b2be691[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1035e5a21ac62723dfc2392d6b2be691.bin
Size

139KB
MD5

1035e5a21ac62723dfc2392d6b2be691
SHA1

cc340f973a45580d450909926649a3d6d52fc71f
SHA256

3909581c8c9db973ad18c89b45ae8b5c1d5378e9c10fdc3bc7dde92d2d2c3617
SHA512

74433cddc95ef2a42aa2b613a89aacf575594b6e81e36e606eff8727d72c7eaa07cf1d3a7212f8075cb0b71887b71cb8c931473eb72e68f1a9bb0e2ad5189269
SSDEEP

3072:qTVD4EGuN3jr9WpJgdMSHVIFgz2b0GnmpOym/:wD4BuN3j5Wp6dH1IFgab0umps/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1035e5a21ac62723dfc2392d6b2be691.bin

Files

1035e5a21ac62723dfc2392d6b2be691.bin
.exe windows:6 windows x64 arch:x64

676e0d7c4aa7e1d3c8f8b8319729da63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

php8ts

php_win32_ioutil_open_w
zend_str_tolower_copy@@24
__zend_realloc
_safe_malloc@@24
zend_one_char_string
php_raw_url_decode
zend_llist_get_next_ex
zend_strndup@@16
php_poll2
zend_unregister_ini_entries_ex
_estrndup@@16
php_win32_cp_conv_cur_to_w
php_select
add_assoc_stringl_ex
php_win32_code_to_errno
virtual_chdir
php_register_known_variable
php_win32_cp_conv_utf8_to_w
php_win32_console_fileno_has_vt100
zend_hash_add@@24
zend_hash_index_update@@24
gettimeofday
virtual_getcwd
php_escape_html_entities_ex
php_format_date
php_socket_strerror
sapi_send_headers
php_socket_error_str
zend_spprintf
php_win32_ioutil_normalize_path_w
ap_php_snprintf
php_set_sock_blocking
zend_hash_index_del@@16
zend_ini_boolean_displayer_cb
php_network_populate_name_from_sockaddr
__zend_strdup
php_register_variable_safe
smart_str_erealloc@@16
ts_allocate_id
php_network_freeaddresses
php_win32_cp_use_unicode
zend_string_tolower_ex@@16
zend_stream_init_filename
zend_strpprintf
zend_llist_apply_with_argument
zend_hash_str_add@@32
php_win32_cp_conv_ascii_to_w
zend_register_ini_entries_ex
php_network_getaddresses
php_win32_console_fileno_is_console
zend_execute_scripts
zend_hash_apply_with_arguments
php_win32_ioutil_stat_ex_w
zend_hash_index_find@@16
zend_empty_string
php_win32_cp_conv_to_w
zend_llist_get_first_ex
OnUpdateBool
zend_wrong_parameters_none_error@@0
php_error_docref
zend_parse_parameters
zend_hash_copy@@24
php_module_shutdown_wrapper
php_printf
zend_highlight
zend_known_strings
open_file_for_scanning
zend_printf
zend_ce_exception
_emalloc@@8
zend_stream_init_fp
_efree@@8
php_output_write
reflection_class_ptr
_estrdup@@8
php_info_print_module
php_lint_script
zend_llist_apply
php_import_environment_variables
php_get_highlight_struct
php_execute_script
reflection_extension_ptr
php_win32_cp_conv_w_to_cur
php_register_variable
virtual_cwd_activate
php_win32_cp_get_orig
zend_hash_str_update@@32
_zend_hash_init@@32
php_handle_aborted_connection
zif_dl@@16
zend_call_known_function
display_ini_entries
zend_sort
php_ini_scanned_path
php_print_info
php_request_startup
zend_hash_str_find@@24
sapi_deactivate
php_win32_cp_cli_do_restore
php_getopt
_php_stream_get_line
get_zend_version
zend_extensions
zend_register_bool_constant
sapi_globals_offset
zend_error
zend_llist_destroy
module_registry
zend_eval_string_ex
zend_array_dup@@8
zend_objects_store_del@@8
php_tsrm_startup
gc_possible_root@@8
zend_strip
tsrm_get_ls_cache
smart_str_realloc@@16
php_request_shutdown
php_win32_cp_get_by_id
php_ini_opened_path
zend_write
_php_stream_free
_php_stream_open_wrapper_ex
php_win32_console_is_own
zend_ini_deactivate
__zend_malloc
zend_str_tolower_dup@@16
virtual_realpath
php_ini_scanned_files
compiler_globals_offset
executor_globals_offset
zend_string_init_interned
php_win32_cp_cli_do_setup
zend_hash_destroy@@8
zend_is_auto_global
zval_ptr_dtor
zend_register_constant
php_win32_console_fileno_set_vt100
core_globals_offset
php_output_end_all
zend_llist_copy
reflection_method_ptr
zend_load_extension
php_module_shutdown
sapi_startup
php_module_startup
virtual_fopen
object_init_ex
zend_destroy_file_handle
reflection_zend_extension_ptr
php_ini_builder_define
tsrm_shutdown
php_handle_auth_data
zend_llist_sort
php_ini_builder_prepend
zend_read_property
_zend_new_array@@8
reflection_function_ptr
zend_hash_sort_ex@@32
zend_print_zval
sapi_module
zend_vspprintf
sapi_shutdown

ws2_32

getsockname
shutdown
socket
WSAGetLastError
setsockopt
accept
htons
bind
recv
ntohs
send
closesocket
listen

shell32

CommandLineToArgvW

kernel32

RtlVirtualUnwind
GetModuleHandleW
IsDebuggerPresent
SetConsoleCtrlHandler
GetCommandLineW
LocalFree
SetLastError
GetACP
GetLastError
GetConsoleTitleW
SetConsoleTitleW
RtlCaptureContext
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead

vcruntime140

memmove
memcpy
strstr
strchr
strrchr
__C_specific_handler
__current_exception
__current_exception_context
memset
__intrinsic_setjmp

api-ms-win-crt-runtime-l1-1-0

_getpid
terminate
_crt_atexit
_errno
exit
_set_errno
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
signal
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
fread
ftell
ferror
fopen
__acrt_iob_func
fflush
feof
_set_fmode
_lseek
fclose
clearerr
_read
fseek
_setmode
_close
_write
fgets
_open
_fileno
fwrite
__p__fmode
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

wcsncmp
toupper
strncpy
strncmp
_strdup
_stricmp
strcmp

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
free

api-ms-win-crt-convert-l1-1-0

strtol
atoi

api-ms-win-crt-time-l1-1-0

_ctime64_s
_ftime64

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

OPENSSL_Applink
php_cli_get_shell_callbacks
sapi_cli_single_write

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

676e0d7c4aa7e1d3c8f8b8319729da63

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

ws2_32

shell32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 1KB - Virtual size: 11KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 1KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 5KB