15bdc12c70a4578eb7c5798168b94d70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

15bdc12c70a4578eb7c5798168b94d70N.exe
Size

787KB
MD5

15bdc12c70a4578eb7c5798168b94d70
SHA1

4126b3756ae4004a3689a8f72f223fba149fbc87
SHA256

31ef993ba07cc5ae364d37597a9d9744ccfdfb373c9bc1cd9a35c75cb65edc49
SHA512

0a7ed4ca02fd60db8c7ef0da2c3fc2947232c5a17841a57aa354f32d2c555274025b5333dd965987b39152387c5863f2c299f3986aad34764a301709fa09011e
SSDEEP

24576:6hJXaLnFVnfKj36d+PM7NILLVyUN8H63aEiHLwS:6/XaLnFVnfK76dLILpL8aqEi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15bdc12c70a4578eb7c5798168b94d70N.exe

Files

15bdc12c70a4578eb7c5798168b94d70N.exe
.dll windows:6 windows x64 arch:x64

e4a89e72e508a08144ed1ecee9e46d93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\php-ftw\php-ftw\php\vs16\x64\obj\Release\php_opcache.pdb

Imports

php8

add_next_index_stringl
add_assoc_long_ex
zend_ini_parse_bool
zend_unregister_ini_entries_ex
display_ini_entries
zend_wrong_parameter_error@@40
OnUpdateStringUnempty
zend_wrong_parameters_none_error@@0
add_assoc_stringl_ex
zend_wrong_parameters_count_error@@16
zend_startup_module
zend_ini_parse_quantity_warn
php_info_print_table_start
ap_php_snprintf
zend_mangle_property_name
zend_observer_function_declared_observed
zend_hash_find_known_hash@@16
zend_hash_destroy@@8
zend_set_compiled_filename
zend_register_long_constant
_zend_observer_class_linked_notify@@16
destroy_zend_class
_zend_hash_init@@32
zend_try_early_bind
zend_hash_extend@@24
_zend_observer_function_declared_notify@@16
zend_observer_class_linked_observed
zend_get_object_type_case
zend_function_dtor
php_win32_ioutil_unlink_w
zend_serialize_opcode_handler@@8
zval_ptr_dtor
zend_map_ptr_new
_erealloc@@16
zend_deserialize_opcode_handler@@8
php_win32_ioutil_mkdir_w
php_win32_ioutil_open_w
zend_alloc_ce_cache
zend_vm_set_opcode_handler_ex@@32
zend_func_info_rid
zend_ce_aggregate
zend_class_implements_interface@@16
zend_get_constant_str
gc_remove_from_buffer@@8
zend_extensions_op_array_persist
zend_ce_iterator
zend_extensions_op_array_persist_calc
zend_hash_rehash@@8
zend_hash_index_add_new@@24
zend_hash_index_find@@16
zend_hash_clean@@8
zend_hash_merge@@32
zval_try_get_string_func@@8
zend_hash_sort_ex@@32
zend_ssa_find_sccs
zend_get_func_info
zend_ssa_rename_op
zend_use_resource_as_offset@@8
zend_init_func_run_time_cache@@8
zend_verify_property_type
zend_handle_undef_args@@8
zend_build_call_graph
zend_may_throw
zend_ce_arithmetic_error
zend_ce_closure
zend_wrong_string_offset_error
zend_interrupt_function
zend_observer_fcall_op_array_extension
zend_cfg_compute_dominators_tree
_is_numeric_string_ex@@56
zend_build_cfg
zend_type_to_string
zend_ref_add_type_source@@16
zend_get_opcode_handler_func@@8
zend_dfg_add_use_def_op
zend_analyze_call_graph
zend_cannot_pass_by_reference@@8
increment_function@@8
zend_is_true@@8
zend_get_op_array_extension_handle
zval_add_ref
zend_ssa_inference
zend_vm_set_opcode_handler@@8
zend_execute_ex
mul_function@@24
zend_pass_function
php_win32_ioutil_fstat
zend_hash_lookup@@16
zend_missing_arg_error@@8
zend_zval_type_name
zend_observer_fcall_end@@16
zend_hash_index_add@@24
zend_get_type_by_const
smart_str_erealloc@@16
zend_hash_iterator_del@@8
zend_build_ssa
zend_cfg_build_predecessors
zend_analyze_calls
zend_array_element_type
zend_is_identical@@16
mod_function@@24
zend_build_call_map
zend_observer_fcall_begin@@8
zend_verify_arg_error
zend_verify_ref_array_assignable
zend_hash_index_lookup@@16
sub_function@@24
zend_array_dup@@8
bitwise_and_function@@24
zend_write
zend_cfg_identify_loops
zend_get_user_opcode_handler
gc_possible_root@@8
bitwise_xor_function@@24
zend_free_extra_named_params@@8
zend_incompatible_double_to_long_error
zend_objects_store_del@@8
zend_false_to_array_deprecated@@0
instanceof_function_slow@@16
zend_hash_next_index_insert@@16
zend_check_user_type_slow
zend_dump_op
zval_update_constant_ex@@16
zend_may_throw_ex
zend_dump_var
zend_is_smart_branch
decrement_function@@8
zend_inference_propagate_range
zval_get_long_func@@16
concat_function@@24
zend_sort
shift_right_function@@24
zend_readonly_property_modification_error@@8
zend_dump_ssa_var
zend_timeout@@0
ap_php_vsnprintf
zend_hash_next_index_insert_new@@16
zend_get_halt_op
zend_verify_ref_assignable_zval@@24
_zend_hash_index_find@@16
zend_type_error
zend_free_compiled_variables@@8
zend_dval_to_lval_slow@@8
_zend_handle_numeric_str_ex@@24
zend_assign_to_typed_ref
zend_undefined_offset_write@@16
zend_ssa_find_false_dependencies
zend_init_func_return_info
bitwise_or_function@@24
zend_execute_internal
_zend_new_array_0@@0
shift_left_function@@24
zend_undefined_index_write@@16
zend_dump_op_array
div_function@@24
zend_throw_error
zend_vm_stack_extend
zend_vm_kind
zend_array_destroy@@8
zend_array_type_info@@8
zend_update_type_info
get_binary_op
zend_compare@@16
add_function@@24
zend_fetch_arg_info_type
zend_hash_add_new@@24
rc_dtor_func@@8
zend_unmangle_property_name_ex
zend_verify_return_error
zend_cpu_supports
zend_clean_and_cache_symbol_table
zend_throw_exception_internal
std_object_handlers
zend_get_property_info
zend_deprecated_function@@8
add_assoc_double_ex
php_stream_locate_url_wrapper
php_win32_ioutil_normalize_path_w
zend_post_startup_cb
_emalloc@@8
php_win32_ioutil_getcwd_w
_efree@@8
zend_post_shutdown_cb
zend_stream_open_function
zend_free_recorded_errors
php_win32_cp_conv_w_to_cur
zend_map_ptr_extend
php_win32_cp_conv_utf8_to_w
zend_optimize_script
PHP_MD5Update
php_win32_code_to_errno
zend_stream_init_filename_ex
zend_hash_add_empty_element@@16
php_win32_cp_conv_cur_to_w
_zend_bailout
zend_resolve_path
zend_one_char_string
php_get_stream_filters_hash_global
zend_hash_str_find@@24
zend_compile_file
zend_inheritance_cache_get
zend_extensions
_estrdup@@8
PHP_MD5Final
executor_globals
zend_error
module_registry
php_win32_cp_get_by_id
zend_lookup_class_ex
zend_inheritance_cache_add
zend_error_zstr_at
zend_hash_update@@24
__zend_malloc
_zend_new_array@@8
zend_hash_del_bucket@@16
add_next_index_str
zend_parse_parameters
sapi_globals
zend_ini_boolean_displayer_cb
zend_hash_index_del@@16
OnUpdateLong
pcre_globals
destroy_op_array
add_assoc_str_ex
php_info_print_table_end
zend_binary_strcasecmp@@32
add_assoc_zval_ex
OnUpdateString
php_info_print_table_row
zend_register_ini_entries_ex
add_assoc_string_ex
zend_parse_arg_str_slow@@24
OnUpdateReal
zend_message_dispatcher
zend_is_auto_global
OnUpdateBool
add_assoc_bool_ex
zend_dirname
core_globals
php_pcre2_compile
php_pcre2_get_error_message
zend_strndup@@16
php_pcre2_code_free
php_pcre_cctx
glob
php_pcre_create_match_data
tsrm_realpath
expand_filepath_ex
expand_filepath
php_pcre2_jit_compile
php_pcre2_match
globfree
php_pcre_free_match_data
php_pcre_mctx
php_win32_error_msg_free
php_strlcpy
execute_ex
php_win32_error_to_msg
PHP_MD5InitArgs
zend_system_id
zend_ce_division_by_zero_error
zend_known_strings
php_win32_cp_use_unicode
realpath_cache_clean
zend_hash_del@@16
compiler_globals
zend_hash_find@@16
zend_begin_record_errors
zend_map_ptr_reset
zend_llist_del_element
sapi_get_request_time
php_win32_cp_conv_ascii_to_w
zend_get_page_size
_php_stream_stat_path
php_stream_xport_get_hash
php_win32_ioutil_stat_ex_w
zend_destroy_file_handle
zend_string_hash_func@@8
zend_get_executed_filename_ex
zend_empty_string
php_win32_cp_conv_to_w
php_stream_get_url_stream_wrappers_hash_global
zend_interned_strings_set_request_storage_handlers
zend_ssa_compute_use_def_chains
sapi_module

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetFileAttributesExA
SetLastError
GetACP
GetLastError
SystemTimeToFileTime
GetSystemTimeAsFileTime
VirtualProtect
CreateMutexA
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
MapViewOfFileEx
VirtualQuery
UnlockFileEx
LockFileEx
OpenFileMappingA
CreateFileMappingA
CloseHandle
RtlCaptureContext
CompareFileTime
Sleep

advapi32

ReportEventA
RegisterEventSourceA
GetUserNameW
DeregisterEventSource

vcruntime140

__C_specific_handler
memcmp
longjmp
__std_type_info_destroy_list
memset
memcpy
memmove
__intrinsic_setjmp
strstr

api-ms-win-crt-runtime-l1-1-0

_set_errno
abort
_getpid
strerror
_errno
_initterm
_initterm_e
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
exit

api-ms-win-crt-heap-l1-1-0

calloc
realloc
malloc
free

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
isalpha
strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fgetc
_write
_close
_get_osfhandle
_read
__stdio_common_vsscanf
__stdio_common_vfprintf
fflush
__acrt_iob_func
_setmaxstdio
_fileno
fgets
fclose
fopen

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
asctime

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-convert-l1-1-0

_strtoi64
atoi

api-ms-win-crt-math-l1-1-0

_dclass

Exports

Exports

extension_version_info
zend_extension_entry
zend_jit_activate
zend_jit_check_support
zend_jit_config
zend_jit_deactivate
zend_jit_debug_config
zend_jit_init
zend_jit_op_array
zend_jit_protect
zend_jit_restart
zend_jit_script
zend_jit_shutdown
zend_jit_startup
zend_jit_status
zend_jit_unprotect

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a89e72e508a08144ed1ecee9e46d93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php8

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 602KB - Virtual size: 602KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 80KB - Virtual size: 101KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 602KB - Virtual size: 602KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 80KB - Virtual size: 101KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB