Manalyze report for d3a90169cd5197ca1d2f3b57bcb3200ecbfa76e0acb9800237be7b4e0ee274b0

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Jun-07 17:17:55
Detected languages	English - United States
Debug artifacts	C:\php-snap-build\php74\vc15\x86\obj\Release\php-win.pdb
Comments	Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter, Moriyoshi Koizumi, Xinchen Hui
CompanyName	The PHP Group
FileDescription	CLI
FileVersion	`7.4.30`
InternalName	CLI_WIN32 SAPI
LegalCopyright	Copyright Â© The PHP Group
LegalTrademarks	PHP
OriginalFilename	php-win.exe
ProductName	PHP
ProductVersion	`7.4.30`
URL	http://www.php.net

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://www.php.net www.php.net`
Safe	VirusTotal score: 0/69 (Scanned on 2022-07-12 22:55:42)	`All the AVs think this file is safe.`

Hashes

MD5	`e7c1e2cacb6f5b8ad25bc98f0db0d9c1`
SHA1	`6de5a34ac93245b5a081bb20d3ea9064e1813fe7`
SHA256	`d3a90169cd5197ca1d2f3b57bcb3200ecbfa76e0acb9800237be7b4e0ee274b0`
SHA3	`7eff4600c7c6d6eb4d7eb9a2c2699dccdeb7cb204878df8c985ea5eed6e97a4b`
SSDeep	`384:S/iZ5x0cnROSbF2l0j0VXqxoyJt2k4OBFazhjxetqm6ZjqVwx3C1bKekKDOweLk:gi39R2Cj0Jqx3J48a1xedViC5TWazT`
Imports Hash	`6a3bead9d48daa0851c1606964612cbc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Jun-07 17:17:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x3400`
SizeOfInitializedData	`0x4a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000039A0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0x13749`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x4000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bf783f365474c706d8e2efe75005e5fa`
SHA1	`83e5ab28a045bb491d4fd99142825341d661ae61`
SHA256	`4b7a46e8cdf25f333135099e24ae662b5909c72a4d705d6f13276a0e07f9cb06`
SHA3	`68b0fddd3843a954eb36fd3ba864558acc3904fca6952680947458821861046c`
VirtualSize	`0x325e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.10264`

.rdata

MD5	`b0bcf07ca5ba6a05cddeff67544184b8`
SHA1	`98632048d4710ab196bc5c1d7a3a57f92b574bb6`
SHA256	`752ef477f46f1786d24afc31320182710a37e9e0d20920a9c6549e0e1c8a97e3`
SHA3	`98f8a44cb0db4d3477222b5a247745da34123d0fb951b9d68a958d98343ba812`
VirtualSize	`0x2dd6`
VirtualAddress	`0x5000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.17842`

.data

MD5	`c588a8481d285a8e87affc093582baff`
SHA1	`10878ccf3c5c1d76b1dc79349ff61bfd97250f84`
SHA256	`a7e062eeb606a7f0982e69cec40d40717ddbb1c967336a9d6e3ac76437e5b216`
SHA3	`c622739bf87401ebc87816328645a8d901246722fdcef3b5541bf661edfff6c7`
VirtualSize	`0x5f0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.97564`

.rsrc

MD5	`67d62c81c6b3eaf70a3b5c98eec58910`
SHA1	`3584ea13e14b96d16986954ae05c2304ef47c022`
SHA256	`b3ca501654389cecb7ea10c638680e0e64a1ed709faa1f1427febeb81abfd6e1`
SHA3	`bbaa5924b95be12a5af394fddeb2497359fde543faef252718da93f750a1208e`
VirtualSize	`0x1110`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.98928`

.reloc

MD5	`f5a7654d7934a2dc3859ea0af26ffddb`
SHA1	`f4cfd46da11855b91bd53507002668372bfe149d`
SHA256	`8c16c95e7ccf9b99f280cfae66e0f7fa394a5e5cb7abeffce8794a4ca6a73218`
SHA3	`c869a8cf5d400ac9980a212a95a955333543c082f8ebfbe458c6d2743e13f03a`
VirtualSize	`0x660`
VirtualAddress	`0xb000`
SizeOfRawData	`0x800`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.90138`

Imports

php7.dll	`php_ini_scanned_files` `zend_string_init_interned` `php_win32_cp_cli_do_setup` `zend_hash_destroy@@4` `zval_ptr_dtor` `zend_register_constant` `core_globals` `php_win32_cp_use_unicode` `compiler_globals` `php_output_end_all` `zend_llist_copy` `zend_llist_destroy` `zend_load_extension` `php_module_shutdown` `php_win32_cp_conv_ascii_to_w` `zend_str_tolower_dup@@8` `php_module_startup` `object_init_ex` `zend_is_auto_global_str` `reflection_zend_extension_ptr` `zend_llist_sort` `php_win32_cp_conv_to_w` `reflection_function_ptr` `zend_hash_sort_ex@@16` `module_registry` `__zend_malloc` `sapi_globals` `zend_ini_deactivate` `_php_stream_open_wrapper_ex` `_php_stream_free` `sapi_module` `zend_wrong_parameters_none_error@@0` `php_error_docref` `php_win32_cp_get_by_id` `zend_parse_parameters` `zend_hash_copy@@12` `php_module_shutdown_wrapper` `php_printf` `zend_highlight` `open_file_for_scanning` `php_win32_ioutil_normalize_path_w` `zend_printf` `zend_ce_exception` `_emalloc@@4` `zend_stream_init_fp` `_efree@@4` `php_output_write` `reflection_class_ptr` `zend_read_property` `php_info_print_module` `php_lint_script` `zend_llist_apply` `zend_eval_string_ex` `php_import_environment_variables` `php_get_highlight_struct` `php_execute_script` `zend_strip` `reflection_extension_ptr` `php_win32_cp_conv_w_to_cur` `php_register_variable` `php_win32_cp_get_orig` `zend_call_method` `php_win32_cp_conv_utf8_to_w` `zend_hash_str_update@@16` `_zend_hash_init@@16` `php_win32_code_to_errno` `zif_dl@@8` `display_ini_entries` `php_win32_cp_conv_cur_to_w` `zend_sort` `php_ini_scanned_path` `php_print_info` `php_request_shutdown` `php_win32_ioutil_fopen_w` `php_request_startup` `zend_hash_str_find@@12` `sapi_deactivate` `php_win32_cp_cli_do_restore` `php_getopt` `_php_stream_get_line` `get_zend_version` `tsrm_realpath` `zend_extensions` `executor_globals` `zend_register_bool_constant` `sapi_startup` `php_ini_opened_path` `zend_error` `reflection_method_ptr` `zend_write` `zend_print_zval` `sapi_shutdown`
SHELL32.dll	`CommandLineToArgvW`
KERNEL32.dll	`SetLastError` `SetConsoleCtrlHandler` `GetCommandLineW` `GetACP` `GetLastError` `LocalFree` `GetConsoleTitleW` `SetConsoleTitleW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetModuleHandleW` `GetStartupInfoW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess`
VCRUNTIME140.dll	`strrchr` `memset` `strstr` `_setjmp3` `memmove` `memcpy` `strchr` `_except_handler4_common`
api-ms-win-crt-runtime-l1-1-0.dll	`exit` `_set_errno` `_errno` `terminate` `_controlfp_s` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `__p___argv` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `_seh_filter_exe` `_exit` `_initterm_e` `_initterm` `_get_narrow_winmain_command_line` `_initialize_narrow_environment` `_configure_narrow_argv` `_set_app_type` `__p___argc`
api-ms-win-crt-stdio-l1-1-0.dll	`ferror` `fopen` `fread` `feof` `__stdio_common_vsprintf` `__acrt_iob_func` `__p__fmode` `__p__commode` `ftell` `fwrite` `_lseek` `_fileno` `_open` `fgets` `fflush` `_write` `_set_fmode` `_close` `_setmode` `__stdio_common_vfprintf` `fseek` `_read` `clearerr` `fclose`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `free` `realloc` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`wcsncmp` `strncpy` `_strdup` `_stricmp` `isalnum`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

OPENSSL_Applink

Ordinal	`1`
Address	`0x1110`

php_cli_get_shell_callbacks

Ordinal	`2`
Address	`0x1210`

sapi_cli_single_write

Ordinal	`3`
Address	`0x12a0`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42477`
MD5	`dbdf94138c6ba56ce7bb97778a0deb8d`
SHA1	`deec46ca206fdda48c14123d992b5e6afd2f5721`
SHA256	`4174a79807ff44b984b6c1d2dbf2fef95cef2818bc3479f830d66fda2daac2e2`
SHA3	`8b83cc113ee8a4f456125dc8f5a9d0d7f00d703c578d902c6dc041f410e2f6ca`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45584`
MD5	`8349dcf05d9dcc540d3bb10b385ad743`
SHA1	`dc319603a1a34e0435a0aebc2f980368da448c78`
SHA256	`add699027c6956e1a75e7c4823063fc4be85c317eb67966a16fe126669ce1dc2`
SHA3	`9d9dabaeacfc87311d8bf890c83472ac1a8e0416beaccbc3f3b5c496418b06de`

0

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30199`
Detected Filetype	Icon file
MD5	`ca6a93b9cc493b8fec5d13d0b57b8b17`
SHA1	`a25cebf09023178eecedf11f4cf988d86057555e`
SHA256	`102f1598265fd87fd6679941f159d782b750754cf74aa26fade1636e435ce730`
SHA3	`4b78e08ead6701979e76004d2725e26b13393d19effd5a19dc563574969bb7e3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52907`
MD5	`39d7addebbf4f74b61fac3c21911e2f8`
SHA1	`b60d2041074782e000a339702f2b76154bbaff9c`
SHA256	`e32f55197bb50fd51cd5417ac1362fcb832d999377e45117ab9470b4593f386e`
SHA3	`dae06fd8d44a8705229475b598f49054af7d22af4418b672753aec1a03926800`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x50e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02512`
MD5	`65180884dd867427026eef52285ed9f4`
SHA1	`f054017a3e88038fce3a6fe55bdde700d9fe6961`
SHA256	`bd88b0ab3abd48d33c1779a4354f9e4940f167bffafd520ca99892506cbbb65d`
SHA3	`63e0d3f92af62326b772205df737cf376c0b26efa17ed2eea5a58f05bbd60945`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	7.4.30.0
ProductVersion	7.4.30.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
Comments	Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter, Moriyoshi Koizumi, Xinchen Hui
CompanyName	The PHP Group
FileDescription	CLI
FileVersion (#2)	7.4.30
InternalName	CLI_WIN32 SAPI
LegalCopyright	Copyright Â© The PHP Group
LegalTrademarks	PHP
OriginalFilename	php-win.exe
ProductName	PHP
ProductVersion (#2)	7.4.30
URL	http://www.php.net

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Jun-07 17:17:55
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x67d4`
PointerToRawData	`0x4fd4`
Referenced File	C:\php-snap-build\php74\vc15\x86\obj\Release\php-win.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Jun-07 17:17:55
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x6828`
PointerToRawData	`0x5028`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Jun-07 17:17:55
Version	`0.0`
SizeofData	`660`
AddressOfRawData	`0x683c`
PointerToRawData	`0x503c`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x408004`
SEHandlerTable	`0x4067d0`
SEHandlerCount	`1`
GuardCFCheckFunctionPointer	`4215536`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xd7315771`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (VS 2015/2017 runtime 26706)	`2`
199 (41118)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`18`
C objects (VS 2015/2017 runtime 26706)	`12`
ASM objects (VS 2015/2017 runtime 26706)	`1`
Imports (26213)	`4`
Imports (27045)	`3`
Total imports	`182`
C objects (LTCG) (27045)	`3`
Exports (27045)	`1`
Resource objects (27045)	`1`
Linker (27045)	`1`

Errors

Leave a comment

No comments yet.