3600cc38af82e71d27dffb097c2a9c77fbad6fbb1dfda9e1220cca6f5b509732

Sharing

Copy URL Twitter E-mail

General

Target

3600cc38af82e71d27dffb097c2a9c77fbad6fbb1dfda9e1220cca6f5b509732
Size

628KB
MD5

16be3573b3ae904071fcc6d61030a98d
SHA1

0f088c25740d97336f592937260cbb7c8d80b445
SHA256

3600cc38af82e71d27dffb097c2a9c77fbad6fbb1dfda9e1220cca6f5b509732
SHA512

71c89eea043efda74e23db3098b896f8b7c9f45f1dc52a01263e6f0f49a3d75acf27df605b9517d91b99b69468e89c848aefc9070001611a70c917d05a6fc0c6
SSDEEP

12288:LbRucJjoJg/MDwWNBDOm5trYCfQO+wkinwj7xmaeEtFG5iZM4+zIgLQPwoneUxQl:x2g/el15t0oQOvkinw7ReqQ5iZv+zIgP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3600cc38af82e71d27dffb097c2a9c77fbad6fbb1dfda9e1220cca6f5b509732

Files

3600cc38af82e71d27dffb097c2a9c77fbad6fbb1dfda9e1220cca6f5b509732
.dll windows:6 windows x86 arch:x86

66267eea40cff46c44974ee2082cd56b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\php-sdk\php56\vc11\x86\obj\Release_TS\php_sqlite3.pdb

Imports

php5ts

_zval_dtor_func
_safe_emalloc
php_file_le_pstream
add_assoc_long_ex
zend_objects_store_put
zend_call_function
gc_remove_zval_from_buffer
php_info_print_table_end
zend_strndup
zend_register_ini_entries
php_file_le_stream
_array_init
_convert_to_string
_zend_hash_add_or_update
zend_object_std_init
core_globals_id
php_info_print_table_start
_zval_ptr_dtor
zend_replace_error_handling
_efree
display_ini_entries
_zval_copy_ctor_func
spprintf
zend_get_std_object_handlers
OnUpdateString
zend_is_callable
zend_hash_del_key_or_index
_zend_hash_index_update_or_next_insert
add_index_zval
executor_globals_id
add_assoc_zval_ex
vspprintf
_emalloc
_ecalloc
zend_register_internal_class
sapi_module
zend_hash_destroy
_php_stream_alloc
zend_exception_get_default
convert_to_long
zend_throw_exception_ex
zend_new_interned_string
zend_parse_parameters_ex
_estrdup
object_properties_init
zend_llist_init
zend_throw_exception
zend_object_std_dtor
zend_llist_del_element
add_assoc_string_ex
zend_register_long_constant
zend_hash_move_forward_ex
php_error_docref0
_php_stream_copy_to_mem
zend_object_store_get_object
zend_parse_parameters
ts_resource_ex
php_info_print_table_header
_zend_hash_init
zend_fetch_resource
expand_filepath
php_check_open_basedir
_object_init_ex
zend_hash_internal_pointer_reset_ex
php_info_print_table_row
zend_llist_clean
virtual_realpath
zend_restore_error_handling
_estrndup
zend_hash_get_current_data_ex
zend_llist_add_element
zend_unregister_ini_entries

kernel32

HeapFree
WideCharToMultiByte
InitializeCriticalSection
DisableThreadLibraryCalls
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
DeleteFileW
CloseHandle
GetVersionExA
GetCurrentThreadId
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetProcAddress
GetLastError
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
LeaveCriticalSection
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
Sleep
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
LoadLibraryW

msvcr110

strncmp
free
qsort
malloc
_msize
_endthreadex
_beginthreadex
_localtime32_s
realloc
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
memset
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
memcmp
memcpy
memmove

Exports

Exports

get_module
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66267eea40cff46c44974ee2082cd56b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php5ts

kernel32

msvcr110

Exports

Exports

Sections

.text Size: 545KB - Virtual size: 545KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 545KB - Virtual size: 545KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB