TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
PHPMaker.exe
Resource
win10-20240404-en
windows10-1703-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
PHPMaker.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral3
Sample
PHPMaker.exe
Resource
win11-20240802-en
windows11-21h2-x64
3 signatures
150 seconds
General
-
Target
PHPMaker.exe
-
Size
12.2MB
-
MD5
dea38e16e8b05d1c76078085baf34182
-
SHA1
3247d7f21f2e7bfcb8c45e6402226aa67df30971
-
SHA256
e990446b4d6e9e738565382a25a8427d0898461755ffeda24a6d737234ff46f9
-
SHA512
d387c49f76c523ac080564533ffa72b326e8075a807ba5799928c36e809ab87e5b0ab683da10018cd9d19c24d7206bc226f5a00ebb9af93ef8f4f03e65f1eaae
-
SSDEEP
393216:/nFW9g7mdiIdRQCdxXASZL2AO7noxhbr2OGY:PYy7EiIRTASZkToxVr2/Y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource PHPMaker.exe
Files
-
PHPMaker.exe.exe windows:5 windows x86 arch:x86
a4333dffbc622dfe1f5c25daf2442a72
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
SetFileAttributesW
GetFileTime
GetFileType
SetFileTime
QueryDosDeviceW
GetACP
GetExitCodeProcess
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
CreateSemaphoreW
SetEnvironmentVariableW
ReadProcessMemory
OpenFileMappingW
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
FlushInstructionCache
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetCPInfoExW
GlobalSize
WriteProcessMemory
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
DosDateTimeToFileTime
GetUserDefaultLCID
CreateProcessW
HeapSize
IsBadCodePtr
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
DisableThreadLibraryCalls
FindResourceW
lstrlenA
CreateThread
CompareStringW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
MoveFileW
RaiseException
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetStringTypeW
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
GetFileAttributesExW
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
LockResource
LoadLibraryExW
TerminateProcess
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
SetVolumeLabelW
EnterCriticalSection
SetFilePointer
FlushFileBuffers
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetTempFileNameW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
DuplicateHandle
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
GlobalHandle
lstrlenW
CompareStringA
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
InitializeCriticalSectionAndSpinCount
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
ReleaseSemaphore
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
IsDBCSLeadByteEx
GetSystemDefaultLCID
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
GetTimeFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
SleepEx
TlsSetValue
CreateDirectoryW
LoadLibraryExA
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetProfileStringW
LocalAlloc
RemoveDirectoryW
GlobalMemoryStatus
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
advapi32
RegSetValueExW
RegConnectRegistryW
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenThreadToken
GetUserNameW
CryptDestroyHash
DeregisterEventSource
RegQueryInfoKeyW
RegUnLoadKeyW
CryptReleaseContext
CryptGetHashParam
RegSaveKeyW
EqualSid
RegReplaceKeyW
RegisterEventSourceW
RegQueryValueW
GetTokenInformation
RegCreateKeyExW
CryptAcquireContextW
CryptDeriveKey
CryptGetKeyParam
CryptSetKeyParam
RegLoadKeyW
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExW
RegOpenKeyExA
OpenProcessToken
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
ReportEventW
RegFlushKey
RegQueryValueExA
RegQueryValueExW
RegEnumValueW
CryptHashData
RegCloseKey
CryptCreateHash
RegRestoreKeyW
comctl32
ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_AddMasked
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage
comdlg32
FindTextW
ReplaceTextW
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
gdi32
Pie
SetBkMode
GetRandomRgn
CreateCompatibleBitmap
CreatePolygonRgn
BeginPath
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
CloseMetaFile
CreateMetaFileW
ResizePalette
SetAbortProc
CreateHatchBrush
SetTextColor
GetTextColor
StretchBlt
PathToRegion
ExtSelectClipRgn
RoundRect
SelectClipRgn
RectInRegion
RestoreDC
FillPath
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateDCW
CreateICW
CreatePen
FillRgn
PolyBezierTo
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
ModifyWorldTransform
StartPage
GetBitmapBits
SetTextCharacterExtra
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
OffsetWindowOrgEx
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
ExtCreatePen
DPtoLP
LPtoDP
GetNearestColor
DeleteMetaFile
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetTextExtentExPointW
GetROP2
PtVisible
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
TextOutW
SelectPalette
SetGraphicsMode
SetLayout
ExcludeClipRect
SetTextJustification
SetWindowOrgEx
MaskBlt
GetCharacterPlacementW
CreatePatternBrush
EndPage
EndPath
EqualRgn
DeleteEnhMetaFile
Chord
SetDIBits
UpdateColors
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
GetObjectType
SetDIBColorTable
GetDIBColorTable
GetTextMetricsA
CreateBrushIndirect
StrokePath
PatBlt
SelectClipPath
SetEnhMetaFileBits
CreateEllipticRgn
Rectangle
DeleteDC
SaveDC
GetWorldTransform
BitBlt
FrameRgn
SetWorldTransform
GetDeviceCaps
GetTextExtentPoint32W
PtInRegion
GetClipBox
GetClipRgn
Polyline
IntersectClipRect
CombineTransform
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateFontIndirectA
LineTo
GetRgnBox
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
GetBkColor
SetBkColor
SetMetaFileBitsEx
CreateCompatibleDC
GetDCOrgEx
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
SetTextAlign
GetTextAlign
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetViewportExtEx
SetPixel
PolyPolyline
EnumFontFamiliesExW
StretchDIBits
WidenPath
GetPaletteEntries
mpr
WNetEnumResourceW
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetOpenEnumW
msvcrt
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower
netapi32
NetWkstaGetInfo
NetApiBufferFree
ole32
OleCreateLinkToFile
StgCreateDocfileOnILockBytes
OleRegEnumVerbs
CreateBindCtx
CoCreateGuid
OleCreateStaticFromData
CoCreateInstance
OleCreate
IsEqualGUID
CreateStreamOnHGlobal
StringFromGUID2
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleCreateFromData
CoGetClassObject
CoInitialize
OleDraw
CoTaskMemAlloc
StringFromCLSID
DoDragDrop
RevokeDragDrop
IsAccelerator
OleGetIconOfClass
CoUninitialize
ReleaseStgMedium
OleCreateFromFile
RegisterDragDrop
ProgIDFromCLSID
OleSetContainedObject
OleInitialize
CoGetMalloc
CoInitializeEx
OleUninitialize
OleCreateLinkFromData
CoTaskMemFree
OleSetMenuDescriptor
oleaut32
SafeArrayPutElement
SafeArrayDestroy
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayGetElemsize
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType
SafeArrayCopy
oledlg
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIInsertObjectA
shell32
SHBrowseForFolderW
DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
DragQueryPoint
SHGetMalloc
SHGetDesktopFolder
SHFileOperationW
ShellExecuteW
shfolder
SHGetFolderPathW
user32
CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
SetCaretPos
GetCaretPos
ScrollWindowEx
GetDlgCtrlID
GetUpdateRgn
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ChildWindowFromPointEx
CreatePopupMenu
LoadMenuW
ShowCaret
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
SetWindowLongW
DrawMenuBar
IsZoomed
SetParent
InvalidateRgn
GetClientRect
IsChild
SendDlgItemMessageW
IntersectRect
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
GetWindowTextLengthW
DestroyWindow
IsDialogMessageW
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ChangeClipboardChain
ReleaseDC
ExitWindowsEx
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
TabbedTextOutW
MessageBeep
SetClassLongW
SetRectEmpty
RemovePropW
GetSubMenu
EqualRect
DestroyIcon
IsWindowVisible
DispatchMessageA
PtInRect
UnregisterClassW
GetTopWindow
SendMessageW
DragDetect
GetTabbedTextExtentW
GetMessageTime
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
KillTimer
BeginDeferWindowPos
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateWindowExW
ChildWindowFromPoint
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
CharToOemA
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
WaitForInputIdle
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
GetClipboardOwner
LoadCursorW
ScrollWindow
GetLastActivePopup
UnionRect
GetSystemMetrics
CharUpperBuffW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
SetCaretBlinkTime
GetCaretBlinkTime
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
DestroyAcceleratorTable
SetClipboardViewer
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
VkKeyScanW
DestroyMenu
OemToCharA
SetWindowsHookExW
GetDoubleClickTime
EmptyClipboard
GetAncestor
GetDlgItem
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
DrawFrameControl
ScreenToClient
IsCharAlphaNumericW
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
AppendMenuW
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
CharUpperBuffA
CopyIcon
PostQuitMessage
ShowScrollBar
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
CreateMDIWindowW
MonitorFromPoint
CharUpperA
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowLongW
GetWindowRect
ToUnicode
InsertMenuW
IsWindowEnabled
IsDialogMessageA
GetMenuDefaultItem
CharNextA
FindWindowW
DeleteMenu
GetKeyboardLayout
version
GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
wininet
InternetCloseHandle
InternetGetLastResponseInfoW
FtpGetFileSize
InternetConnectW
InternetSetOptionW
FtpOpenFileW
InternetGetConnectedState
InternetReadFile
HttpOpenRequestW
InternetSetStatusCallback
InternetOpenW
HttpSendRequestW
HttpQueryInfoW
winmm
sndPlaySoundW
PlaySoundW
waveOutGetNumDevs
winspool.drv
DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetPrinterW
GetDefaultPrinterW
EnumPrintersW
wsock32
accept
htons
ntohs
getsockopt
setsockopt
select
WSAStartup
__WSAFDIsSet
WSACleanup
getsockname
listen
gethostbyname
bind
closesocket
inet_ntoa
socket
recv
ioctlsocket
WSAGetLastError
connect
shutdown
inet_addr
send
Exports
Exports
Sections
.text Size: - Virtual size: 29.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 629KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: - Virtual size: 154B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 88B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.T'] Size: - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.]0& Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.F| Size: 12.0MB - Virtual size: 12.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 147KB - Virtual size: 5.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ