d7b61539f113d05c208e61819b381766a0e4d74dd728f5ec6fd62248f2e36ded

Sharing

Copy URL Twitter E-mail

General

Target

d7b61539f113d05c208e61819b381766a0e4d74dd728f5ec6fd62248f2e36ded
Size

61KB
MD5

05b7bd2f3e073b176de2782ea229a5f4
SHA1

90861c23ad3c42f507b2e191cfcc34a406a8e9de
SHA256

d7b61539f113d05c208e61819b381766a0e4d74dd728f5ec6fd62248f2e36ded
SHA512

d28554e36744423227f8fb7ab94ba00eca88821a7f35af2c571f4446e550bb478f270b0369044c6e0437e253f77129b16848a346efcaceda8689e6d8d66d18e3
SSDEEP

768:tpBAXAUG77SRVRbhwryB5xCbLrt01vAndGTWZQsvW:tQw7CFw+BzCb3tqMSWZhW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7b61539f113d05c208e61819b381766a0e4d74dd728f5ec6fd62248f2e36ded

Files

d7b61539f113d05c208e61819b381766a0e4d74dd728f5ec6fd62248f2e36ded
.dll windows:6 windows x64 arch:x64

db1b79d39da2d06daf721f3677d3fa73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\php-snap-build\php74\vc15\x64\obj\Release_TS\php_odbc.pdb

Imports

php7ts

le_index_ptr
zend_register_string_constant
zend_hash_str_find@@24
zend_register_resource
php_check_open_basedir
zend_hash_update@@24
_estrndup@@16
_zend_new_array@@8
zend_hash_get_current_data_ex@@16
tsrm_get_ls_cache
zend_parse_parameters
zend_register_long_constant
zend_wrong_param_count
__zend_malloc
php_error_docref
zend_hash_apply_with_argument@@24
zend_hash_str_del@@24
display_ini_entries
zend_wrong_parameters_none_error@@0
zend_register_list_destructors_ex
convert_to_long@@8
zend_hash_str_update@@32
zend_hash_internal_pointer_reset_ex@@16
zend_register_persistent_resource
zend_fetch_resource2
zend_hash_index_update@@24
php_info_print_table_header
zend_register_ini_entries
object_and_properties_init
php_output_write
_efree@@8
_emalloc@@8
zend_spprintf
php_info_print_table_start
zend_hash_move_forward_ex@@16
zend_unregister_ini_entries
ap_php_snprintf
php_printf
_safe_emalloc@@24
_erealloc@@16
zend_ini_boolean_displayer_cb
executor_globals_offset
zend_try_assign_typed_ref_arr
_try_convert_to_string@@8
OnUpdateLong
zend_list_close@@8
zval_ptr_dtor
php_info_print_table_end
core_globals_offset
zend_standard_class_def
OnUpdateString
php_info_print_table_row
_ecalloc@@16
add_assoc_string_ex
zend_fetch_resource
zend_hash_index_find@@16
zend_empty_string

odbc32

ord1
ord17
ord70
ord59
ord47
ord66
ord10
ord48
ord9
ord63
ord72
ord52
ord16
ord67
ord49
ord2
ord43
ord19
ord60
ord61
ord41
ord7
ord6
ord14
ord4
ord40
ord42
ord27
ord18
ord15
ord65
ord51
ord23
ord54
ord20
ord12
ord21
ord13
ord50
ord57
ord24
ord36
ord53
ord58
ord56
ord11
ord45

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset
strstr
memcpy

api-ms-win-crt-string-l1-1-0

strncmp
_stricmp

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

_close
_read
_open

kernel32

GetCurrentProcessId
RtlLookupFunctionEntry
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

Exports

Exports

get_module
odbc_globals_id

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db1b79d39da2d06daf721f3677d3fa73

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php7ts

odbc32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 680B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 680B