c4b9870aced9fa2bcb5c8a88b4fef020N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c4b9870aced9fa2bcb5c8a88b4fef020N.exe
Size

134KB
MD5

c4b9870aced9fa2bcb5c8a88b4fef020
SHA1

1d7f534d1668de4a108384a58d1605481221987a
SHA256

ae756d6b4fd53f2897149bbcdb04d7c01d0e4ca68d160b80d326abc0f84b08bf
SHA512

776868da26bd8d4a0ca6cb5c8c895c32a699c69865f89af0796a366cc21dc6121af963f612c670cc8fc7b486425211397516f951922dc64278542d80877e3ac0
SSDEEP

3072:CEGdsuQI8znnYlCp4iiwhxcoiFPK6MNShVQJwkgwE3:CFZsnnCTwcoiFONSfQJrg3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4b9870aced9fa2bcb5c8a88b4fef020N.exe

Files

c4b9870aced9fa2bcb5c8a88b4fef020N.exe
.exe windows:5 windows x86 arch:x86

4ba3cc1f9c4d4695a3d9b7e225747632

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\php-sdk\php54dev\vc9\x86\obj\Release\php.pdb

Imports

php5

php_network_getaddresses
zend_hash_apply_with_arguments
zend_llist_get_next_ex
zend_ini_boolean_displayer_cb
OnUpdateBool
zend_register_ini_entries
php_network_freeaddresses
php_register_variable_safe
spprintf
php_set_sock_blocking
zend_hash_del_key_or_index
_zend_hash_index_update_or_next_insert
zend_execute_scripts
vspprintf
php_handle_special_queries
php_handle_auth_data
php_url_decode
_estrdup
zend_hash_index_find
php_socket_strerror
zend_llist_get_first_ex
php_escape_html_entities_ex
_erealloc
php_network_populate_name_from_sockaddr
php_poll2
sapi_send_headers
ap_php_snprintf
zend_unregister_ini_entries
_safe_malloc
php_ini_scanned_files
zend_read_property
zend_printf
reflection_extension_ptr
zend_eval_string_ex
gc_remove_zval_from_buffer
zend_strndup
php_module_shutdown_wrapper
zend_register_constant
php_getopt
zend_ini_deactivate
_php_stream_free
sapi_shutdown
get_zend_version
php_output_write
php_module_shutdown
zend_is_auto_global
_zend_hash_add_or_update
zend_hash_copy
php_execute_script
_zval_ptr_dtor
php_handle_aborted_connection
_efree
zend_strip
display_ini_entries
php_get_highlight_struct
sapi_globals
php_ini_scanned_path
reflection_ptr
reflection_zend_extension_ptr
_emalloc
sapi_module
executor_globals
zend_hash_destroy
php_output_end_all
reflection_method_ptr
zend_exception_get_default
zend_llist_copy
zend_load_extension
compiler_globals
zend_hash_apply
php_register_variable
php_ini_opened_path
php_lint_script
reflection_function_ptr
module_registry
zend_call_method
zend_str_tolower_dup
php_printf
zend_error
tsrm_realpath
php_module_startup
_php_stream_open_wrapper_ex
zif_dl
core_globals
php_print_info
php_request_startup
zend_extensions
_zend_hash_init
php_import_environment_variables
sapi_startup
zend_highlight
zend_hash_find
php_info_print_module
_php_stream_get_line
_object_init_ex
open_file_for_scanning
zend_qsort
zend_hash_sort
_estrndup
zend_llist_destroy
php_request_shutdown
reflection_class_ptr
sapi_deactivate
zend_llist_sort
php_select
zend_llist_apply

ws2_32

htons
ntohs
getsockname
setsockopt
recv
bind
socket
closesocket
send
listen
accept
WSAGetLastError

msvcr90

_stricmp
_setmode
_read
_close
_open
_setjmp3
memset
_strdup
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_getcwd
_stat32
_ctime32_s
toupper
bsearch
_chdir
strncpy
strtol
_ftime32
signal
strerror
strncmp
exit
fclose
getenv
fseek
realloc
ftell
strrchr
fwrite
_fmode
_fileno
fprintf
fopen
printf
isalnum
fgetc
_errno
fflush
strchr
__iob_func
strstr
rewind
malloc
free
memmove
memcpy

kernel32

GetCurrentThreadId
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedExchange
GetTickCount
QueryPerformanceCounter

Exports

Exports

php_cli_get_shell_callbacks
sapi_cli_single_write

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ba3cc1f9c4d4695a3d9b7e225747632

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php5

ws2_32

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 79KB - Virtual size: 80KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 79KB - Virtual size: 80KB