e68567c7f30296ff0707b0a8e0e17a1e62115dbb879ea98420ac41c941d474c4

Sharing

Copy URL

Twitter E-mail

General

Target

e68567c7f30296ff0707b0a8e0e17a1e62115dbb879ea98420ac41c941d474c4
Size

107KB
MD5

ab732d255bee511547f8e7fd59bf20e9
SHA1

d834d6198a08060034cb97069570c1a24eb67f7c
SHA256

e68567c7f30296ff0707b0a8e0e17a1e62115dbb879ea98420ac41c941d474c4
SHA512

dafa3e232dba738c0065fab8c858a941457d7000cc0f80621c7f5984ae06877b8d50f2b9d2147041718fb6adc31c584564dbde46b8175b80e0bf25986f98a652
SSDEEP

3072:riKbBbXFlIDbLNhTkhtOTHUicETS/5iloEGUENru3jzZ:uaBbXFlUgMH1u+nENruTF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e68567c7f30296ff0707b0a8e0e17a1e62115dbb879ea98420ac41c941d474c4

Files

e68567c7f30296ff0707b0a8e0e17a1e62115dbb879ea98420ac41c941d474c4
.dll windows:5 windows x86 arch:x86

078eb5b51d28514c5b9a0bfe61d24cb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5ts

var_destroy
php_var_unserialize
executor_globals_id
zend_mangle_property_name
zend_register_long_constant
zend_hash_quick_find
zend_unmangle_property_name
zend_is_auto_global
gc_remove_zval_from_buffer
realpath
zend_hash_get_current_key_ex
zend_hash_num_elements
compiler_globals_id
_zval_copy_ctor_func
_estrdup
spprintf
_ecalloc
zend_object_std_dtor
zend_objects_store_put
zend_parse_parameters
zend_object_store_get_object
zend_get_std_object_handlers
zend_class_implements
zend_ce_iterator
zend_register_internal_class
zend_strndup
instanceof_function
zend_get_class_entry
zend_get_constant
ts_resource_ex
zend_do_inheritance
zend_lookup_class_ex
zend_error
zend_is_compiling
add_next_index_stringl
zend_hash_apply_with_arguments
function_add_ref
_php_stream_free
_php_stream_read
php_error_docref0
_zend_bailout
destroy_zend_class
zend_compile_file
gettimeofday
shmget
shmctl
shmat
shmdt
_convert_to_string
zend_get_resource_handle
OnUpdateString
OnUpdateStringUnempty
OnUpdateLong
zend_ini_boolean_displayer_cb
OnUpdateBool
zend_atol
zend_atoi
display_ini_entries
php_info_print_table_end
php_info_print_table_row
php_info_print_table_header
php_info_print_table_start
php_rfc1867_callback
zend_register_ini_entries
ts_allocate_id
zend_unregister_ini_entries
ts_free_id
zend_register_constant
zend_destroy_file_handle
destroy_op_array
_zend_hash_init_ex
_php_stream_write
_php_stream_set_option
php_stream_context_alloc
file_globals_id
zend_fetch_resource
php_le_stream_context
_php_stream_copy_to_mem
php_var_serialize
_zval_dtor_func
tsrm_thread_id
add_next_index_zval
add_index_long
add_assoc_zval_ex
zval_used_for_init
_array_init
add_assoc_long_ex
add_assoc_string_ex
php_sprintf
make_digest
add_assoc_stringl_ex
add_assoc_double_ex
sapi_globals_id
virtual_realpath
sapi_get_stat
zend_llist_init
zend_hash_clean
zend_hash_destroy
zend_llist_destroy
sapi_get_request_time
zend_block_interruptions
core_globals_id
zend_unblock_interruptions
zend_function_dtor
zend_opcode_handlers
zend_hash_find
zend_llist_count
zend_llist_get_first_ex
zend_llist_get_next_ex
PHP_MD5Init
PHP_MD5Update
PHP_MD5Final
zend_hash_index_exists
zend_llist_add_element
zend_hash_index_find
zend_hash_del_key_or_index
_erealloc
pcre_get_compiled_regex
_estrndup
_php_stream_get_url_stream_wrappers_hash
zend_hash_exists
_efree
php_stream_locate_url_wrapper
php_plain_files_wrapper
php_strlcpy
virtual_getcwd
php_strlcat
ap_php_snprintf
sapi_module
zend_is_executing
zend_get_executed_filename
_emalloc
_zval_ptr_dtor
_zend_hash_init
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_data_ex
_zend_hash_add_or_update
_zend_hash_index_update_or_next_insert
zend_hash_move_forward_ex
php_pcre_exec
_php_stream_open_wrapper_ex
php_verror

kernel32

CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateFileA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InterlockedIncrement
AcquireSRWLockShared
InterlockedDecrement
InitializeSRWLock
GetTempPathA
GetLastError
LockFileEx
UnlockFileEx
GetFileInformationByHandle

msvcr90

_encoded_null
_malloc_crt
_decode_pointer
_errno
strerror
_setjmp3
_mktemp
memset
strstr
memmove
_time32
isalpha
strncmp
isalnum
strchr
free
realloc
malloc
memcpy
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encode_pointer
_strnicmp
_stricmp

Exports

Exports

get_module

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

078eb5b51d28514c5b9a0bfe61d24cb7

Headers

File Characteristics

Imports

php5ts

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB