35d1d0ff4754c448c1e32cea2f232870N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

35d1d0ff4754c448c1e32cea2f232870N.exe
Size

21KB
MD5

35d1d0ff4754c448c1e32cea2f232870
SHA1

c9fe61bc04944b47ebae4f5a135e69f708a54db4
SHA256

fcf92435e0722e0c8641413bd4541a4f557d1c843fa35a5d659352e09edb2173
SHA512

2c7a08e168e47b248427b82386ab6463d8d8536795cbbd073af3dd5a428a7973b7bb4697e9a89311fb4fd534531f88482bcfffd5a2fa544e8def4e7fa1dde81d
SSDEEP

384:gl8hkOAg4QB9jNsIOwmcsUkzap7ix9KJqD0JLuhhyR:NCsBoNwmcCOpex9EqAx0yR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35d1d0ff4754c448c1e32cea2f232870N.exe

Files

35d1d0ff4754c448c1e32cea2f232870N.exe
.dll windows:5 windows x86 arch:x86

669f98d92ff215cc274fb4ba37bd72bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\php-sdk\php53dev\Release_TS\php_pdo_odbc.pdb

Imports

php5ts

php_info_print_table_start
php_info_print_table_header
php_info_print_table_row
php_info_print_table_end
php_pdo_unregister_driver
php_pdo_register_driver
cfg_get_string
php_error_docref0
php_pdo_get_dbh_ce
zend_declare_class_constant_long
_estrdup
_php_stream_stat
_convert_to_string
php_file_le_pstream
php_file_le_stream
zend_fetch_resource
_php_stream_read
_erealloc
_zval_dtor_func
_estrndup
zval_is_true
_ecalloc
pdo_parse_params
_efree
php_pdo_get_exception
zend_throw_exception_ex
spprintf
add_next_index_long
add_next_index_string
zend_hash_index_find
_emalloc
convert_to_long
_zval_copy_ctor_func
_safe_malloc

odbc32

ord76
ord24
ord20
ord11
ord39
ord7
ord41
ord75
ord26
ord18
ord49
ord48
ord12
ord72
ord58
ord30
ord4
ord27
ord8
ord43
ord21
ord17
ord61
ord29
ord9
ord31
ord36
ord19

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
WideCharToMultiByte

msvcr90

_lock
__dllonexit
_onexit
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
memcpy
strchr
strstr
memset
_except_handler4_common
_unlock
_stricmp
free

Exports

Exports

get_module

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

669f98d92ff215cc274fb4ba37bd72bc

Headers

File Characteristics

PDB Paths

Imports

php5ts

odbc32

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB