b305407effcfc133dd1e19cbdb1d8490N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b305407effcfc133dd1e19cbdb1d8490N.exe
Size

117KB
MD5

b305407effcfc133dd1e19cbdb1d8490
SHA1

3ad6b7539137db346c6d511781b4a56587f035a4
SHA256

c7da16867d42728f68850d16f70ebe2cda64eb6588bacd673c99e3a15d237190
SHA512

bbb09f384865276339d3b9b2edcb52ed5f729ce5265d20318b60e86c1ffa47c246b67de3a767178d875611a6d8814e75d754092c3368f49f57034080b3955e85
SSDEEP

3072:zTcmEod9cAX64yjh8tgepI4ATPwRoBKxHz8xD5/HDfrCMF:zfd9cAX64yjh8tgsI4ATP4oBKeHVF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b305407effcfc133dd1e19cbdb1d8490N.exe

Files

b305407effcfc133dd1e19cbdb1d8490N.exe
.dll windows:6 windows x64 arch:x64

fb4d62a259e7f608c11fb71233edc25a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\php-ftw\php-ftw\php\vs16\x64\obj\Release\php_mysqli.pdb

Imports

php8

OnUpdateStringUnempty
zend_wrong_parameters_none_error@@0
zend_call_known_function
zend_register_internal_class_ex
zend_register_list_destructors_ex
_zend_hash_init@@32
zend_std_write_property
zend_declare_typed_property
spl_ce_RuntimeException
std_object_handlers
mysqlnd_get_client_info
zend_get_property_info
zend_hash_add@@24
zend_symtable_to_proptable@@8
zend_throw_error
_efree@@8
zend_object_std_init@@16
zend_array_destroy@@8
_emalloc@@8
php_info_print_table_start
zend_known_strings
ap_php_snprintf
add_property_stringl_ex
add_index_long
mysqlnd_debug
_safe_realloc@@32
object_init
add_property_string_ex
add_property_str_ex
zend_strpprintf
_safe_erealloc@@32
mysqlnd_get_client_version
add_property_long_ex
zend_llist_clean
_try_convert_to_string@@8
_erealloc@@16
mysqlnd_connection_init
_safe_emalloc@@24
__zend_malloc
mysqlnd_reverse_api_register_api
zend_hash_index_update@@24
zend_argument_count_error
zend_error
zend_throw_exception_object
zval_get_string_func@@8
zend_update_property_string
zend_vspprintf
zend_read_property
zend_update_property_long
zend_ptr_stack_num_elements
zend_llist_get_first_ex
zend_hash_index_find@@16
add_assoc_string_ex
mysqlnd_global_stats
zval_add_ref
zend_zval_value_name
zend_ptr_stack_init_ex
zend_empty_array
zend_hash_next_index_insert@@16
_mysqlnd_get_client_stats
php_check_open_basedir
zend_value_error
zend_argument_type_error
add_assoc_long_ex
zend_llist_get_next_ex
mysqlnd_poll
zend_register_persistent_resource
mysqlnd_connection_connect
rc_dtor_func@@8
zend_iterator_init
zend_hash_get_current_data_ex@@16
_convert_to_string@@8
zval_get_long_func@@16
zend_hash_move_forward_ex@@16
zend_hash_internal_pointer_reset_ex@@16
zend_ini_boolean_displayer_cb
zend_string_init_interned
OnUpdateLong
zend_hash_destroy@@8
zval_ptr_dtor
zend_ce_aggregate
display_ini_entries
php_error_docref
zend_unregister_ini_entries_ex
zend_create_internal_iterator_zval
zend_merge_properties
zend_std_has_property
object_properties_init
zend_parse_method_parameters
zend_hash_str_find@@24
zend_class_implements
executor_globals
zend_register_bool_constant
instanceof_function_slow@@16
zend_argument_value_error
_zend_new_array@@8
zend_parse_parameters
zend_register_long_constant
convert_to_long@@8
zend_std_read_property
php_info_print_table_end
compiler_globals
zend_hash_find@@16
zend_ptr_stack_destroy
convert_to_boolean@@8
display_link_numbers
zend_standard_class_def
OnUpdateString
php_info_print_table_row
zend_object_std_dtor
zend_register_ini_entries_ex
_ecalloc@@16
object_init_ex
zend_verify_property_type
OnUpdateBool
zend_ptr_stack_clean
_estrdup@@8
zend_add_attribute

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcpy

api-ms-win-crt-heap-l1-1-0

free
calloc

api-ms-win-crt-string-l1-1-0

_strnicmp

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

get_module
mysqli_objects_new

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb4d62a259e7f608c11fb71233edc25a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php8

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB