popup

Report - t.php.2.exe

UPX OS Processor Check DLL PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.08.31 11:23 Machine s1_win7_x6401
Filename t.php.2.exe
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
3
 Behavior Score
0.8
ZERO API file : clean
VT API (file)
md5 e5854c758473d847a7e9ba63e0e3f88d
sha256 e647f56f8970df428f07c5fdb6747571fffe66602aa4dd02edd7619bb7d93d6a
ssdeep 12288:BqlI8nyOrk/09drnix9Lo/k9crJmEcUKx12UAXXWRf4:BmyOrkM9lk9Lo/k9crJmEcUKx1252J4
imphash e5e63fcb065def1635ff4d5f87c69b37
impfuzzy 6:XAxoE4ANj77t3MzmV3y1ZfP7+OPjIUAZVebPXhXTQwETOGrOliPEcJOMREcJ4izd:oDNj79CbfCObYZ8vhU43YPXJ1XJMzs
  Network IP location

Signature (3cnts)

Level Description
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info This executable has a PDB path

Rules (5cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x18009b000 CloseHandle
 0x18009b008 ReleaseMutex
 0x18009b010 WaitForSingleObject
 0x18009b018 CreateMutexA
 0x18009b020 GetSystemInfo
 0x18009b028 VirtualAlloc
 0x18009b030 VirtualFree
 0x18009b038 GetStartupInfoW
 0x18009b040 IsDebuggerPresent
 0x18009b048 InitializeSListHead
 0x18009b050 DisableThreadLibraryCalls
 0x18009b058 GetSystemTimeAsFileTime
 0x18009b060 GetCurrentThreadId
 0x18009b068 GetCurrentProcessId
 0x18009b070 QueryPerformanceCounter
 0x18009b078 IsProcessorFeaturePresent
 0x18009b080 TerminateProcess
 0x18009b088 GetCurrentProcess
 0x18009b090 SetUnhandledExceptionFilter
 0x18009b098 UnhandledExceptionFilter
 0x18009b0a0 RtlVirtualUnwind
 0x18009b0a8 RtlLookupFunctionEntry
 0x18009b0b0 RtlCaptureContext
 0x18009b0b8 GetModuleHandleW

EAT(Export Address Table) Library

0x180001037 qcre2_callout_enumerate_8
0x180001087 qcre2_code_copy_8
0x1800012a8 qcre2_code_copy_with_tables_8
0x1800011db qcre2_code_free_8
0x18000128f qcre2_compile_8
0x1800011fe qcre2_compile_context_copy_8
0x1800010aa qcre2_compile_context_create_8
0x18000125d qcre2_compile_context_free_8
0x1800011a9 qcre2_config_8
0x180001064 qcre2_convert_context_copy_8
0x180001041 qcre2_convert_context_create_8
0x18000100f qcre2_convert_context_free_8
0x1800012ad qcre2_converted_pattern_free_8
0x180001212 qcre2_dfa_match_8
0x18000122b qcre2_general_context_copy_8
0x180001307 qcre2_general_context_create_8
0x1800011e5 qcre2_general_context_free_8
0x180001181 qcre2_get_error_message_8
0x1800011cc qcre2_get_mark_8
0x1800010d2 qcre2_get_match_data_size_8
0x180001267 qcre2_get_ovector_count_8
0x180001109 qcre2_get_ovector_pointer_8
0x18000129e qcre2_get_startchar_8
0x180001343 qcre2_jit_compile_8
0x180001113 qcre2_jit_free_unused_memory_8
0x18000126c qcre2_jit_match_8
0x1800012da qcre2_jit_stack_assign_8
0x1800012fd qcre2_jit_stack_create_8
0x18000105a qcre2_jit_stack_free_8
0x180001262 qcre2_maketables_8
0x180001334 qcre2_maketables_free_8
0x18000135c qcre2_match_8
0x180001366 qcre2_match_context_copy_8
0x180001280 qcre2_match_context_create_8
0x1800012ee qcre2_match_context_free_8
0x180001046 qcre2_match_data_create_8
0x180001316 qcre2_match_data_create_from_pattern_8
0x1800012a3 qcre2_match_data_free_8
0x180001069 qcre2_pattern_convert_8
0x1800011c7 qcre2_pattern_info_8
0x1800010eb qcre2_serialize_decode_8
0x18000106e qcre2_serialize_encode_8
0x180001050 qcre2_serialize_free_8
0x1800011e0 qcre2_serialize_get_number_of_codes_8
0x18000133e qcre2_set_bsr_8
0x180001186 qcre2_set_callout_8
0x180001339 qcre2_set_character_tables_8
0x180001195 qcre2_set_compile_extra_options_8
0x18000105f qcre2_set_compile_recursion_guard_8
0x1800010d7 qcre2_set_depth_limit_8
0x180001285 qcre2_set_glob_escape_8
0x1800010b9 qcre2_set_glob_separator_8
0x1800012f8 qcre2_set_heap_limit_8
0x180001091 qcre2_set_match_limit_8
0x1800012c1 qcre2_set_max_pattern_length_8
0x18000119a qcre2_set_newline_8
0x180001258 qcre2_set_offset_limit_8
0x18000101e qcre2_set_parens_nest_limit_8
0x18000111d qcre2_set_recursion_limit_8
0x180001104 qcre2_set_recursion_memory_management_8
0x18000102d qcre2_set_substitute_callout_8
0x180001023 qcre2_substitute_8
0x1800011ea qcre2_substring_copy_byname_8
0x180001005 qcre2_substring_copy_bynumber_8
0x1800010c3 qcre2_substring_free_8
0x180001348 qcre2_substring_get_byname_8
0x1800011d1 qcre2_substring_get_bynumber_8
0x180001177 qcre2_substring_length_byname_8
0x18000103c qcre2_substring_length_bynumber_8
0x180001082 qcre2_substring_list_free_8
0x180001325 qcre2_substring_list_get_8
0x180001140 qcre2_substring_nametable_scan_8
0x180067ce0 scab

Similarity measure (PE file only) - Checking for service failure