Open-source atomic malware analysis

Analyze another

php-extended-php-http-client-referrer-9.0.7.zip

ZIP
Verdict: BENIGN
SHA256: 6f2db4d21f05836e9cbdd61e7cfa8cbd324171d7daef0b70c259e50a9967e85f
Mal-ecule
O(As₃)H₂(CmF₂)
Size 41.9 KB download
First seen 31 days ago
Analyzed 26 days ago
Ecosystem php
Source packagist.org

Well-known

baseline severity, 100% confident.
tool/sysadmin Uses jq for JSON processing

Objectives

notable severity, 75% confident.
anti-static/obfuscation Mixed encoding indicators
notable severity, 90% confident.
anti-static/obfuscation/code-metrics Many random-looking source identifier names
baseline severity, 100% confident.
command-and-control/dropper/execution Benign platform bootstrap curl domain
component severity, 94% confident.
command-and-control/backdoor/webshell json_decode (deserialise POST body)
component severity, 90% confident.
command-and-control/dropper/delivery hidden file under ~/
component severity, 100% confident.
impact/infect find target pattern
component severity, 100% confident.
supply-chain/install-hook/dropper mtime string reference
component severity, 98% confident.
supply-chain/trojanized Regex component marker

Micro-behaviors

notable severity, 80% confident.
communications/http/download curl silent flags
notable severity, 82% confident.
fs/directory find enumerates regular files
notable severity, 80% confident.
fs/read Self-reference via __FILE__
baseline severity, 90% confident.
communications/http HTTPS protocol prefix
baseline severity, 66% confident.
fs/link Resolve symbolic links to canonical
baseline severity, 70% confident.
fs/path Windows Temp directory path
baseline severity, 80% confident.
process/create shell script heredoc
component severity, 100% confident.
process/daemonize Redirects output to /dev/null

Metadata

baseline severity, 100% confident.
lang Bash shell shebang line
baseline severity, 97% confident.
package/testing/harness Extends PHPUnit TestCase class
component severity, 90% confident.
file/text File has 30 or more lines

20 of 29 traits shown

Identity

SHA-256 6f2db4d21f05836e9cbdd61e7cfa8cbd324171d7daef0b70c259e50a9967e85f
Canonical SHA-256 0df7aef83d969a68bfd2784d543abc81c2a1fc52637456676523d0600023b56e
Filename php-extended-php-http-client-referrer-9.0.7.zip
Package php-extended
Version 9.0.7

Origin

Source harvest
Feed packagist.org
Ecosystem php
Domain packagist.org

Timeline

First seen 19 May 2026 21:18 UTC
First analyzed 24 May 2026 06:36 UTC
Last analyzed 24 May 2026 06:36 UTC
Last updated 24 May 2026 06:36 UTC

Labeling

Label unknown
Label source harvest
Traits version 9ea7c