8aa19d1888b9e264c46a6c5af6cd2bc0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8aa19d1888b9e264c46a6c5af6cd2bc0N.exe
Size

506KB
MD5

8aa19d1888b9e264c46a6c5af6cd2bc0
SHA1

e4b1529b93beab66fd7424ba9601a7f82d994edf
SHA256

e47a99c0652d87a4ea2b90eb8d4e71536624f039d92950e817e02a09bd196059
SHA512

1f464e4b0b130e0894868c41a986a37fa9fc776dd14e54956fc51f1dcd120c2798ac270753a5ba8ceafb015d926ce3bf79b55c81527a722a914c9f54acba8f6e
SSDEEP

12288:xzwf+P2JFxngL3W7BXsxnOjIj7j3vTjB3sm:xzwfDJHU3YWxnOjIj7jfTjB3sm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8aa19d1888b9e264c46a6c5af6cd2bc0N.exe

Files

8aa19d1888b9e264c46a6c5af6cd2bc0N.exe
.dll windows:5 windows x86 arch:x86

9ca698df548bf12939f9022cda489156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\php-sdk\php54dev\vc9\x86\obj\Release\php_curl.pdb

Imports

php5

php_strtok_r
file_globals
_php_stream_free
_php_stream_write
php_stream_notification_notify
_zend_hash_add_or_update
_php_stream_read
_php_stream_fopen_tmpfile
_php_stream_alloc
php_stream_context_set
_php_stream_tell
php_trim
_php_stream_temp_create
zend_hash_find
php_stream_context_get_option
zend_rebuild_symbol_table
_php_stream_seek
_zval_dtor_func
zend_llist_get_next_ex
zend_llist_del_element
zend_llist_get_first_ex
add_assoc_resource_ex
php_file_le_pstream
add_assoc_long_ex
zend_register_list_destructors_ex
zend_call_function
gc_remove_zval_from_buffer
php_info_print_table_end
zend_register_ini_entries
php_file_le_stream
_array_init
_php_stream_flush
_convert_to_string
zend_hash_get_current_key_ex
empty_fcall_info_cache
php_output_write
add_assoc_double_ex
php_info_print_table_start
_zval_ptr_dtor
_efree
_zval_copy_ctor_func
spprintf
_zend_hash_index_update_or_next_insert
add_next_index_string
add_assoc_zval_ex
_emalloc
_ecalloc
executor_globals
zend_hash_destroy
convert_to_long
zend_ini_string_ex
add_next_index_zval
_estrdup
zval_add_ref
zend_llist_init
zend_register_resource
add_assoc_string_ex
zend_register_long_constant
zend_hash_move_forward_ex
php_error_docref0
core_globals
php_sprintf
zend_parse_parameters
_zend_hash_init
zend_fetch_resource
php_check_open_basedir
zend_hash_internal_pointer_reset_ex
_zend_list_addref
php_info_print_table_row
zend_llist_clean
_zend_list_delete
_erealloc
_estrndup
zend_hash_get_current_data_ex
_php_stream_cast
zend_llist_add_element
zend_unregister_ini_entries

ws2_32

listen
ioctlsocket
recvfrom
sendto
gethostname
accept
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
select

libeay32

ord82
ord400
ord396
ord495
ord342
ord340
ord1
ord497
ord1334
ord1335
ord2034
ord641
ord391
ord2454
ord1935
ord653
ord7
ord656
ord151
ord120
ord421
ord544
ord542
ord1180
ord18
ord979
ord399
ord509
ord680
ord315
ord498
ord123
ord256
ord110
ord140
ord248
ord156
ord111
ord161
ord323
ord556
ord1252
ord625
ord958
ord2596
ord304
ord983
ord329
ord294
ord1958
ord1654
ord1653
ord2075
ord3889
ord276
ord2720
ord2862
ord2644
ord275
ord3019
ord3819
ord3874
ord961
ord258
ord213
ord2254
ord466
ord2201
ord464
ord467
ord486
ord150
ord281
ord280
ord118
ord654
ord209
ord2784
ord965
ord341
ord964
ord963
ord66
ord52
ord2431
ord78
ord95
ord657
ord1015
ord2291
ord3212
ord333
ord267
ord254
ord224
ord2604
ord298
ord269
ord268
ord316
ord1336
ord223
ord227
ord2927
ord3155
ord222
ord2996
ord181
ord2442
ord188
ord1951
ord566
ord578
ord579
ord1216
ord2023
ord484

ssleay32

ord110
ord48
ord126
ord49
ord75
ord24
ord30
ord222
ord17
ord235
ord183
ord74
ord76
ord8
ord86
ord96
ord58
ord78
ord31
ord87
ord90
ord45
ord21
ord180
ord108
ord77
ord242
ord61
ord60
ord43
ord157
ord127
ord130
ord5
ord116
ord172
ord12
ord243
ord6
ord15
ord141

wldap32

ord46
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22

user32

FindWindowA
SendMessageA

kernel32

DeleteCriticalSection
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
GetVersionExA
FreeLibrary
Sleep
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
GetTickCount
CloseHandle
WaitForSingleObject
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetCurrentThreadId
GetSystemTimeAsFileTime
SetLastError

msvcr90

__iob_func
memchr
fflush
strncpy
fread
fwrite
atoi
strtol
calloc
realloc
free
malloc
memset
memcpy
_stat64
strrchr
strchr
fclose
fopen
strerror
__sys_nerr
_time64
_errno
tolower
sscanf
isxdigit
strtoul
memmove
_strtoi64
strncmp
fgets
qsort
fputs
isdigit
sprintf
fputc
fseek
isspace
_beginthreadex
isalnum
strpbrk
strspn
_fstat64
_lseeki64
getenv
_gmtime64
isalpha
_snprintf
_read
_difftime64
rewind
feof
islower
isupper
isprint
isgraph
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_strnicmp
_stricmp
_wcsdup
_strdup
_close
_write
_open
strstr

Exports

Exports

get_module
libssh2_agent_connect
libssh2_agent_disconnect
libssh2_agent_free
libssh2_agent_get_identity
libssh2_agent_init
libssh2_agent_list_identities
libssh2_agent_userauth
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_signal
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_free
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_scp_recv
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_banner_get
libssh2_session_banner_set
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_timeout
libssh2_session_handshake
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_timeout
libssh2_session_startup
libssh2_session_supported_algs
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_get_channel
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ca698df548bf12939f9022cda489156

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php5

ws2_32

libeay32

ssleay32

wldap32

user32

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

.rmnet
Size: 56KB - Virtual size: 60KB