47d1a4d61c42637051551a124e38ca70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

47d1a4d61c42637051551a124e38ca70N.exe
Size

30KB
MD5

47d1a4d61c42637051551a124e38ca70
SHA1

8cadb6dea53411d20242c5564edfd3fe87fd10c6
SHA256

4a97e02f2098a3e14ef007228853f803c5dca2bbd7f1357d00a46d8f0e2c3490
SHA512

e88a47e7b562c92b30d28108724b3d58e740bf9a31253c24b3beecb5bf1783392fa0374f8e22057f20beed2b60f8d6e744ce1b155a45c2662f4ff7da97380e6c
SSDEEP

384:cdVsbzOpbcMC+9BpHB9Qm7BXBeDtPoOFXlcw+jNVmfZaSDC4NwpZRhkfok3L:9bzmtxBNGeugSDC4yp3Ij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d1a4d61c42637051551a124e38ca70N.exe

Files

47d1a4d61c42637051551a124e38ca70N.exe
.dll windows:6 windows x64 arch:x64

6013c8adce0e3ca00b1055c4afbebd14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\php-ftw\php-ftw\php\vs16\x64\obj\Release\php_pdo_mysql.pdb

Imports

php8

mysqlnd_reverse_api_register_api
php_info_print_table_header
zend_empty_string
php_info_print_table_start
zend_unregister_ini_entries
php_error_docref
mysqlnd_connection_connect
_emalloc@@8
_efree@@8
zend_u64_to_str@@8
mysqlnd_get_client_info
instanceof_function_slow@@16
zend_declare_class_constant_long
php_info_print_table_end
add_assoc_string_ex
php_pdo_get_dbh_ce
php_info_print_table_row
php_pdo_register_driver
php_pdo_unregister_driver
rc_dtor_func@@8
php_file_le_stream
php_file_le_pstream
_php_stream_copy_to_mem
php_pdo_stmt_set_column_count
add_assoc_long_ex
zend_fetch_resource2_ex
executor_globals
_zend_new_array@@8
zval_ptr_dtor
zend_strpprintf
add_assoc_zval_ex
pdo_raise_impl_error
pdo_throw_exception
zval_get_long_func@@16
php_check_open_basedir
_estrdup@@8
_safe_emalloc@@24
mysqlnd_connection_init
pdo_get_long_param
__zend_calloc
pdo_parse_params
php_pdo_parse_data_source
add_next_index_long
add_next_index_string
_ecalloc@@16
zend_hash_index_find@@16
pdo_get_bool_param
zend_register_ini_entries
zval_try_get_string_func@@8

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcpy

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_exit

api-ms-win-crt-string-l1-1-0

_strdup

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

get_module
jump_fcontext
make_fcontext

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6013c8adce0e3ca00b1055c4afbebd14

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php8

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 140B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 140B