Manalyze report for ec510d236798c05b6c5913dcee8885c4c9e51125cc7ef89c795cdc159dc54a1e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2011-Mar-17 11:06:21
Detected languages	English - United States
Debug artifacts	D:\php-sdk\snap_5_3\vc9\x86\obj\Release\php.pdb
Comments	Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter
CompanyName	The PHP Group
FileDescription	CLI
FileVersion	`5.3.6`
InternalName	CLI SAPI
LegalCopyright	Copyright Â© 1997-2010 The PHP Group
LegalTrademarks	PHP
OriginalFilename	php.exe
ProductName	PHP
ProductVersion	`5.3.6`
URL	http://www.php.net

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://www.php.net www.php.net`
Safe	VirusTotal score: 0/67 (Scanned on 2021-11-04 06:31:38)	`All the AVs think this file is safe.`

Hashes

MD5	`421b669e976b206532f6378fa3e6a83d`
SHA1	`3c68a00f74d445fa669f40031723723ad1e5ef36`
SHA256	`ec510d236798c05b6c5913dcee8885c4c9e51125cc7ef89c795cdc159dc54a1e`
SHA3	`6ecb7389bb342cf84ca7f9218b761ad5aef48557475657476fe2f95a48e38b66`
SSDeep	`384:wmzGYA23iaK/5r93UeRo/fOnlQqDpfYoETOvHWFPi7KD66XV4u:wmqIzKNRo/fpaffESeZ/l4u`
Imports Hash	`970dcbb8d8b08b079a69054cc12b97ea`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2011-Mar-17 11:06:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.3`
SizeOfCode	`0x2400`
SizeOfInitializedData	`0x3800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002DDA (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`5.3`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0x798e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`92662ea0748652aeb7f5a0710c66f21c`
SHA1	`bd408d4aa8071b9f909b55d95b9446ee009b48af`
SHA256	`4aa3a4135ecc33410baa87614fd32a864d8c18fa38f0f48599f57a50de7bf912`
SHA3	`c163daf0a0c610b93247a289609590d1378db8c65c9284621eb8b87c84209044`
VirtualSize	`0x2354`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07131`

.rdata

MD5	`a806919c71245ba8d7ea5fee415eb8a9`
SHA1	`ee63acac33fa6d189ab80093c1dc8425fd69bd94`
SHA256	`7bb31f34c27e7e80b08d9e346e00487749db5a5ee66a44db218b0e3bc6d60052`
SHA3	`1eb737e88c04bf63c2fbf3758515c00508556f76d685c93c2c045dcb233b65ea`
VirtualSize	`0x1fa0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.21844`

.data

MD5	`6851da8e3da8222a1d1e11f4e21984c8`
SHA1	`0062152671403b2e2b006770938163a42adc4259`
SHA256	`977ceafae134aa52038ec5d217826c9364993a372d2913beecf1cc94c792ad15`
SHA3	`62a272e7fe88d0f74ca08f253df98a388bf644ed64fa70cfba7efcf2abdd6149`
VirtualSize	`0x43c`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.13396`

.rsrc

MD5	`1e8912b53c83d57e50cc25d94f55eaf7`
SHA1	`12f154b36a4b4e034908af3ed9dc081de572a92c`
SHA256	`831884426c41a4b696635f683bbc8d8afdc47d361ec1b7538a4a3482f16ff8ac`
SHA3	`14aaec68e020162a7437e7f89ce99df157fa02ded14f3caf8887a47f92a0f047`
VirtualSize	`0xe10`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78932`

.reloc

MD5	`b52dba26d01d0349c3b18d87e36d0c03`
SHA1	`8867af3554d9e148aa555742dd3a117c0f321b42`
SHA256	`2b9c47be60f7cb7bf9f9b8aae07242aba0ed50de3c0c82763735de56c601fba6`
SHA3	`59fbdd78552a40dfe634be14465cd29d6c41fb5a960a986b6553c719b5a7f04a`
VirtualSize	`0x5f4`
VirtualAddress	`0x8000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1045`

Imports

php5.dll	`compiler_globals` `executor_globals` `php_request_startup` `sapi_startup` `php_end_ob_buffers` `php_print_info` `get_zend_version` `zend_load_extension` `php_body_write` `sapi_deactivate` `zend_ini_deactivate` `zend_is_auto_global` `core_globals` `php_execute_script` `php_lint_script` `zend_printf` `open_file_for_scanning` `zend_strip` `php_get_highlight_struct` `zend_highlight` `zend_eval_string_ex` `_php_stream_get_line` `_estrndup` `reflection_extension_ptr` `reflection_class_ptr` `reflection_method_ptr` `reflection_function_ptr` `_object_init_ex` `zend_call_method` `_zval_ptr_dtor` `zend_exception_get_default` `zend_read_property` `reflection_ptr` `zend_str_tolower_dup` `zend_hash_find` `display_ini_entries` `php_info_print_module` `php_ini_opened_path` `php_ini_scanned_files` `php_request_shutdown` `php_module_shutdown` `sapi_shutdown` `_emalloc` `_php_stream_open_wrapper_ex` `zend_register_constant` `gc_remove_zval_from_buffer` `_efree` `_php_stream_free` `zend_strndup` `_zend_hash_add_or_update` `php_module_startup` `sapi_globals` `php_import_environment_variables` `sapi_module` `php_register_variable` `php_handle_aborted_connection` `zend_extensions` `zend_llist_copy` `zend_llist_sort` `zend_llist_apply` `zend_llist_destroy` `_zend_hash_init` `module_registry` `zend_hash_copy` `zend_qsort` `zend_hash_sort` `zend_hash_apply` `zend_hash_destroy` `php_printf` `php_module_shutdown_wrapper` `zend_error` `php_getopt` `zif_dl`
MSVCR90.dll	`_setmode` `_stricmp` `_crt_debugger_hook` `_controlfp_s` `_invoke_watson` `_except_handler4_common` `_decode_pointer` `_onexit` `_lock` `__dllonexit` `_unlock` `?terminate@@YAXXZ` `__set_app_type` `_encode_pointer` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_configthreadlocale` `_initterm_e` `_initterm` `__initenv` `_XcptFilter` `_exit` `_cexit` `__getmainargs` `_amsg_exit` `memcpy` `_setjmp3` `memset` `_fmode` `_fileno` `malloc` `strchr` `isalnum` `realloc` `printf` `fclose` `strstr` `getenv` `exit` `fopen` `fgetc` `ftell` `fseek` `rewind` `strrchr` `free` `fprintf` `fflush` `_errno` `__iob_func` `fwrite` `_strdup`
KERNEL32.dll	`GetCurrentProcessId` `Sleep` `IsDebuggerPresent` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `GetSystemTimeAsFileTime` `InterlockedExchange` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `InterlockedCompareExchange`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42477`
MD5	`dbdf94138c6ba56ce7bb97778a0deb8d`
SHA1	`deec46ca206fdda48c14123d992b5e6afd2f5721`
SHA256	`4174a79807ff44b984b6c1d2dbf2fef95cef2818bc3479f830d66fda2daac2e2`
SHA3	`8b83cc113ee8a4f456125dc8f5a9d0d7f00d703c578d902c6dc041f410e2f6ca`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45584`
MD5	`8349dcf05d9dcc540d3bb10b385ad743`
SHA1	`dc319603a1a34e0435a0aebc2f980368da448c78`
SHA256	`add699027c6956e1a75e7c4823063fc4be85c317eb67966a16fe126669ce1dc2`
SHA3	`9d9dabaeacfc87311d8bf890c83472ac1a8e0416beaccbc3f3b5c496418b06de`

0

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30199`
Detected Filetype	Icon file
MD5	`ca6a93b9cc493b8fec5d13d0b57b8b17`
SHA1	`a25cebf09023178eecedf11f4cf988d86057555e`
SHA256	`102f1598265fd87fd6679941f159d782b750754cf74aa26fade1636e435ce730`
SHA3	`4b78e08ead6701979e76004d2725e26b13393d19effd5a19dc563574969bb7e3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52622`
MD5	`c9948ace6a6fe2151d9f8f2bec57dae4`
SHA1	`8c3188d0ca73e2c941e37430f4ccc121523df19e`
SHA256	`c188665ebaeb73dea5c2f4446d2f9bd5181f9fc5cfc12c9098b920b83f665e03`
SHA3	`37f6aabb0e6663f2bc4079c650afac468e9ac63bac39e631956fd950d260179d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0207`
MD5	`5a32206e4bb9d06170ae00fa980db49b`
SHA1	`126a45f48625322ba11eb0acf1ade9115ad6802b`
SHA256	`9f2fc067639866642bb1a73fb43006d233e569d25566b16dedec472fe5d3c5c3`
SHA3	`bfab9d66b065ea131bdc44ac811cfcf4d5c43a1075f9b6d16f0c8f2f20237cac`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.3.6.0
ProductVersion	5.3.6.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
Comments	Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter
CompanyName	The PHP Group
FileDescription	CLI
FileVersion (#2)	5.3.6
InternalName	CLI SAPI
LegalCopyright	Copyright Â© 1997-2010 The PHP Group
LegalTrademarks	PHP
OriginalFilename	php.exe
ProductName	PHP
ProductVersion (#2)	5.3.6
URL	http://www.php.net

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2011-Mar-17 11:06:21
Version	`0.0`
SizeofData	`72`
AddressOfRawData	`0x5290`
PointerToRawData	`0x3a90`
Referenced File	D:\php-sdk\snap_5_3\vc9\x86\obj\Release\php.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4060b4`
SEHandlerTable	`0x4052e0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0xbb687205`
Unmarked objects	`0`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
150 (20413)	`3`
ASM objects (VS2008 SP1 build 30729)	`1`
C++ objects (VS2008 SP1 build 30729)	`2`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`140`
C objects (VS2008 SP1 build 30729)	`23`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

Leave a comment

No comments yet.