e38035ed882ed8eeeac6e1698ea076e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e38035ed882ed8eeeac6e1698ea076e0N.exe
Size

64KB
MD5

e38035ed882ed8eeeac6e1698ea076e0
SHA1

8381bece58c1d1cbb13b5fdb5e578539a13cfebf
SHA256

a782b82e3fe0f5ad20b922c6d0b45776fe6c6763a7ffb332638877328e1e3c3e
SHA512

11ddddcd7b95fe492d4b55318e100e9704e4278dc749c4c54e2a8eafd2b25487928de151b52211c417e60ddf8b02b874498a3c70657392f167e54296ba1498f7
SSDEEP

768:QYMaXkedd3B8+ZgzRuLuYQ9xBKERl8d2onklzRp+WKBf:/MWdDtQou57Rl8d2RRIWKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e38035ed882ed8eeeac6e1698ea076e0N.exe

Files

e38035ed882ed8eeeac6e1698ea076e0N.exe
.dll windows:4 windows x86 arch:x86

ee75c97cb5ae23f6e56f6f8b79483697

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5

zend_register_ini_entries
zend_unregister_ini_entries
display_ini_entries
php_info_print_table_end
php_info_print_table_row
php_info_print_table_start
sapi_module
le_index_ptr
zend_hash_del_key_or_index
PHP_MD5Final
PHP_MD5Update
PHP_MD5Init
ap_php_vsnprintf
add_index_bool
zend_ini_boolean_displayer_cb
display_link_numbers
add_next_index_stringl
add_next_index_zval
zend_register_long_constant
add_index_stringl
add_assoc_stringl_ex
add_index_string
add_assoc_string_ex
_zend_list_find
zend_list_insert
zend_standard_class_def
_object_and_properties_init
php_addslashes
ap_php_slprintf
zend_ini_string
ap_php_snprintf
zend_hash_index_find
zend_hash_find
add_index_null
add_assoc_null_ex
add_index_zval
add_assoc_zval_ex
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_data_ex
zend_hash_move_forward_ex
convert_to_double
php_strlcpy
php_gmtime_r
_erealloc
zend_parse_parameters_ex
core_globals
zend_ini_long
php_error_docref0
zval_used_for_init
executor_globals
call_user_function
zend_is_callable
_zend_list_addref
_zend_get_parameters_array_ex
_estrdup
_zval_dtor_func
php_file_le_pstream
php_file_le_stream
_php_stream_read
php_body_write
_array_init
add_index_long
add_assoc_long_ex
add_assoc_bool_ex
_zend_list_delete
convert_to_long
zend_get_parameters_ex
zend_wrong_param_count
zend_parse_parameters
zend_fetch_resource
zend_register_resource
_emalloc
_zval_copy_ctor_func
_convert_to_string
_estrndup
_safe_emalloc
spprintf
_efree
_zend_hash_add_or_update
zend_register_list_destructors_ex

gds32

ord139
ord187
ord114
ord260
ord167
ord169
ord229
ord122
ord103
ord128
ord115
ord160
ord165
ord141
ord227
ord225
ord228
ord226
ord200
ord263
ord261
ord262
ord190
ord218
ord266
ord264
ord265
ord221
ord183
ord182
ord219
ord178
ord197
ord201
ord180
ord181
ord186
ord194
ord155
ord130
ord177
ord131
ord241
ord111
ord108
ord173
ord113
ord144
ord118
ord152
ord110

kernel32

DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress

msvcrt

_initterm
malloc
free
_adjust_fdiv
strftime
_CIpow
_ftol
sscanf
mktime

Exports

Exports

get_module

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee75c97cb5ae23f6e56f6f8b79483697

Headers

File Characteristics

Imports

php5

gds32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB