d6e5bdf53744d696ff014801f8bd99fc

Sharing

Copy URL Twitter E-mail

General

Target

d6e5bdf53744d696ff014801f8bd99fc
Size

21KB
MD5

d6e5bdf53744d696ff014801f8bd99fc
SHA1

936bf58322a8077943dba0041a732357924e45b2
SHA256

441529355d30da73f381767aa6540455dbe9c076a2fa3836b9e9299f2f382586
SHA512

4cb474506e979632dda73a0163daee5a7ec964fa2ec8e3d86d4ef0f518cf3667bafaf1621c03a635df1f84e551becc07d000e840ef4df291bc047d7ff2108b95
SSDEEP

384:Yl8hRsAN4xBwgNsjbqa1DSXap7qGKtCK91HUPh7:lB2ByHqeDqapmGcpah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6e5bdf53744d696ff014801f8bd99fc

Files

d6e5bdf53744d696ff014801f8bd99fc
.dll windows:5 windows x86 arch:x86

669f98d92ff215cc274fb4ba37bd72bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php_pdo_odbc.pdb

Imports

php5ts

php_info_print_table_start
php_info_print_table_header
php_info_print_table_row
php_info_print_table_end
php_pdo_unregister_driver
php_pdo_register_driver
cfg_get_string
php_error_docref0
php_pdo_get_dbh_ce
zend_declare_class_constant_long
_estrdup
_php_stream_stat
_convert_to_string
php_file_le_pstream
php_file_le_stream
zend_fetch_resource
_php_stream_read
_erealloc
_zval_dtor_func
_estrndup
zval_is_true
_ecalloc
pdo_parse_params
_efree
php_pdo_get_exception
zend_throw_exception_ex
spprintf
add_next_index_long
add_next_index_string
zend_hash_index_find
_emalloc
convert_to_long
_zval_copy_ctor_func
_safe_malloc

odbc32

ord76
ord24
ord20
ord11
ord39
ord7
ord41
ord75
ord26
ord18
ord49
ord48
ord12
ord72
ord58
ord30
ord4
ord27
ord8
ord43
ord21
ord17
ord61
ord29
ord9
ord31
ord36
ord19

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
WideCharToMultiByte

msvcr90

_lock
__dllonexit
_onexit
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
memcpy
strchr
strstr
memset
_except_handler4_common
_unlock
_stricmp
free

Exports

Exports

get_module

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

669f98d92ff215cc274fb4ba37bd72bc

Headers

File Characteristics

PDB Paths

Imports

php5ts

odbc32

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB