b3faab36c72b72d064e6c532769b59c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b3faab36c72b72d064e6c532769b59c0N.exe
Size

96KB
MD5

b3faab36c72b72d064e6c532769b59c0
SHA1

49ba2ec524493579bab46f8bd722dd0de6165408
SHA256

aa019639f62e28d9dd20694e237742ca0c79cf6ce9d094cca0f2524fa86703d9
SHA512

e305dc4a746ab72f5f8108734471886d5a8fe00dfc12dffcc7895011c813047894ec5a41987f93606e82a9fcb63050cafd08040a32f9019b5cb6336bcca593cc
SSDEEP

1536:eAodnur0JVNk4lPDERcu80u99hlLTuJVcOby3Galptkh:anur0J7Nl9SkhBTuJVcGy2a32

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3faab36c72b72d064e6c532769b59c0N.exe

Files

b3faab36c72b72d064e6c532769b59c0N.exe
.dll windows:4 windows x86 arch:x86

729f714bdaf139d34a55dac640b728c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5

convert_to_double
convert_to_array
zend_hash_num_elements
convert_to_long
_convert_to_string
zend_hash_internal_pointer_reset_ex
zend_hash_move_forward_ex
zend_hash_get_current_data_ex
add_next_index_long
add_next_index_double
add_next_index_null
add_next_index_stringl
zend_hash_index_find
zend_hash_apply_with_argument
zend_parse_parameters_ex
zend_wrong_param_count
add_assoc_long_ex
add_assoc_string_ex
zend_standard_class_def
_object_and_properties_init
_safe_emalloc
_zend_hash_index_update_or_next_insert
php_checkuid
php_check_open_basedir
_php_stream_open_wrapper_ex
_php_stream_write
_php_stream_free
_zend_hash_init
zval_add_ref
zend_strtod
zend_register_resource
zend_fetch_resource
_array_init
_emalloc
add_index_zval
add_assoc_zval_ex
_zval_copy_ctor_func
_zval_dtor_func
add_index_null
add_assoc_null_ex
_object_init_ex
add_property_resource_ex
_estrdup
zend_hash_destroy
_zend_bailout
core_globals
_erealloc
php_strtolower
_zend_list_find
zend_hash_find
le_index_ptr
_zend_list_addref
zend_list_insert
zend_hash_del_key_or_index
_ecalloc
zend_strndup
_zend_hash_add_or_update
zend_parse_parameters
_estrndup
php_error_docref0
_zend_list_delete
_zval_ptr_dtor
_efree
php_info_print_table_start
php_info_print_table_row
ap_php_snprintf
php_info_print_table_end
display_ini_entries
executor_globals
zend_hash_apply
php_printf
zend_unregister_ini_entries
zend_register_ini_entries
zend_register_list_destructors_ex
zend_register_internal_class
zend_register_long_constant
zend_register_string_constant
OnUpdateLong
OnUpdateBool
zend_ini_boolean_displayer_cb

oci

OCIBindByName
OCIBindDynamic
OCIBindObject
OCIStmtExecute
OCIParamGet
OCIDefineByPos
OCIDefineDynamic
OCIStmtFetch
OCIStmtGetPieceInfo
OCIStmtSetPieceInfo
OCIStmtPrepare2
OCIStmtRelease
OCILobCreateTemporary
OCILobOpen
OCILobIsEqual
OCILobErase
OCILobTrim
OCILobAppend
OCIDescriptorFree
OCILobFlushBuffer
OCILobIsTemporary
OCILobFreeTemporary
OCILobClose
OCILobCopy
OCILobEnableBuffering
OCILobDisableBuffering
OCILobWrite
OCILobCharSetId
OCINlsNumericInfoGet
OCILobGetChunkSize
OCILobRead2
OCILobFileOpen
OCILobGetLength
OCILobFileClose
OCIDescriptorAlloc
OCIObjectFree
OCICollAssign
OCICollAssignElem
OCICollGetElem
OCIDateToText
OCIStringPtr
OCINumberToReal
OCIStringAssignText
OCINumberFromReal
OCIDateFromText
OCICollAppend
OCICollTrim
OCICollMax
OCICollSize
OCITypeByName
OCIDescribeAny
OCITypeByRef
OCIObjectNew
OCISessionEnd
OCIServerDetach
OCITransCommit
OCITransRollback
OCIServerVersion
OCIEnvInit
OCINlsCharSetNameToId
OCINlsEnvironmentVariableGet
OCIEnvNlsCreate
OCIHandleAlloc
OCIServerAttach
OCIHandleFree
OCIErrorGet
OCIAttrGet
OCISessionBegin
OCIPasswordChange
OCIAttrSet

msvcrt

_strdup
_close
_read
_open
_adjust_fdiv
malloc
_initterm
strncmp
free
time
calloc

kernel32

DisableThreadLibraryCalls

Exports

Exports

get_module

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

729f714bdaf139d34a55dac640b728c8

Headers

File Characteristics

Imports

php5

oci

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB