Open-source atomic malware analysis

Analyze another

php-extended-php-geojson-object-9.0.7.zip

ZIP
Verdict: BENIGN
SHA256: 96675201e8b85c88e764e5897f3c6cec908825d45eef8d0e900aab41b92ac0f2
Mal-ecule
O(As₃)H₂(CmF₂)
Size 72.9 KB download
First seen 33 days ago
Analyzed 28 days ago
Ecosystem php
Source packagist.org

Well-known

baseline severity, 100% confident.
tool/sysadmin Uses jq for JSON processing

Objectives

notable severity, 75% confident.
anti-static/obfuscation Mixed encoding indicators
notable severity, 90% confident.
anti-static/obfuscation/code-metrics Many random-looking source identifier names
baseline severity, 100% confident.
command-and-control/dropper/execution Benign platform bootstrap curl domain
component severity, 94% confident.
command-and-control/backdoor/webshell json_decode (deserialise POST body)
component severity, 90% confident.
command-and-control/dropper/delivery hidden file under ~/
component severity, 100% confident.
impact/infect find target pattern
component severity, 100% confident.
supply-chain/install-hook/dropper mtime string reference
component severity, 98% confident.
supply-chain/trojanized Regex component marker

Micro-behaviors

notable severity, 80% confident.
communications/http/download curl silent flags
notable severity, 82% confident.
fs/directory find enumerates regular files
notable severity, 80% confident.
fs/read Self-reference via __FILE__
baseline severity, 90% confident.
communications/http HTTPS protocol prefix
baseline severity, 66% confident.
fs/link Resolve symbolic links to canonical
baseline severity, 70% confident.
fs/path Windows Temp directory path
baseline severity, 80% confident.
process/create shell script heredoc
component severity, 100% confident.
process/daemonize Redirects output to /dev/null

Metadata

baseline severity, 100% confident.
lang Bash shell shebang line
baseline severity, 97% confident.
package/testing/harness Extends PHPUnit TestCase class
component severity, 90% confident.
file/text File has 30 or more lines

20 of 29 traits shown

Identity

SHA-256 96675201e8b85c88e764e5897f3c6cec908825d45eef8d0e900aab41b92ac0f2
Canonical SHA-256 15a162c64d5bd9aa0e4912201694a787107f6f067170f107274a55ccd36752c9
Filename php-extended-php-geojson-object-9.0.7.zip
Package php-extended
Version 9.0.7

Origin

Source harvest
Feed packagist.org
Ecosystem php
Domain packagist.org

Timeline

First seen 19 May 2026 22:48 UTC
First analyzed 24 May 2026 11:07 UTC
Last analyzed 24 May 2026 11:07 UTC
Last updated 24 May 2026 11:07 UTC

Labeling

Label unknown
Label source harvest
Traits version 9ea7c