Open-source atomic malware analysis

Analyze another

php-extended-php-multiplicity-object-9.0.7.zip

ZIP
Verdict: BENIGN
SHA256: 1c36469f9d5428bb19f14785ad0eebf5c1776045264ab4f93b324bec7837d167
Mal-ecule
O(As₃)H₂(CmF₂)
Size 30.9 KB download
First seen 31 days ago
Analyzed 26 days ago
Ecosystem php
Source packagist.org

Well-known

baseline severity, 100% confident.
tool/sysadmin Uses sed for text processing

Objectives

notable severity, 75% confident.
anti-static/obfuscation Mixed encoding indicators
notable severity, 90% confident.
anti-static/obfuscation/code-metrics Many random-looking source identifier names
baseline severity, 100% confident.
command-and-control/dropper/execution Benign platform bootstrap curl domain
component severity, 94% confident.
command-and-control/backdoor/webshell file_get_contents (raw POST body reader)
component severity, 90% confident.
command-and-control/dropper/delivery hidden file under $HOME
component severity, 100% confident.
impact/infect find target pattern
component severity, 100% confident.
supply-chain/install-hook/dropper mtime string reference
component severity, 98% confident.
supply-chain/trojanized Regex component marker

Micro-behaviors

notable severity, 80% confident.
communications/http/download curl silent flags
notable severity, 82% confident.
fs/directory find enumerates regular files
notable severity, 80% confident.
fs/read Self-reference via __FILE__
baseline severity, 90% confident.
communications/http HTTPS protocol prefix
baseline severity, 66% confident.
fs/link Resolve symbolic links to canonical
baseline severity, 70% confident.
fs/path Windows Temp directory path
baseline severity, 80% confident.
process/create shell script heredoc
component severity, 100% confident.
process/daemonize Redirects output to /dev/null

Metadata

baseline severity, 100% confident.
lang Bash shell shebang line
baseline severity, 97% confident.
package/testing/harness Extends PHPUnit TestCase class
component severity, 90% confident.
file/text File has 30 or more lines

20 of 29 traits shown

Identity

SHA-256 1c36469f9d5428bb19f14785ad0eebf5c1776045264ab4f93b324bec7837d167
Canonical SHA-256 03419ecc43ef7784f6639e8cc30ef9d55de6a2aba1f10d52679b3913be92b08c
Filename php-extended-php-multiplicity-object-9.0.7.zip
Package php-extended
Version 9.0.7

Origin

Source harvest
Feed packagist.org
Ecosystem php
Domain packagist.org

Timeline

First seen 19 May 2026 21:31 UTC
First analyzed 24 May 2026 17:58 UTC
Last analyzed 24 May 2026 17:58 UTC
Last updated 24 May 2026 17:58 UTC

Labeling

Label unknown
Label source harvest
Traits version 9ea7c