Open-source atomic malware analysis

Analyze another

php-extended-php-email-object-9.0.7.zip

ZIP
Verdict: BENIGN
SHA256: cb7f1e2faff3fdce82659e8356834fea6dab887b34572e9eee98061c3299d50a
Mal-ecule
O(As₃)H₂(CmF₂)
Size 35.1 KB download
First seen 33 days ago
Analyzed 29 days ago
Ecosystem php
Source packagist.org

Well-known

baseline severity, 100% confident.
tool/sysadmin Uses jq for JSON processing

Objectives

notable severity, 75% confident.
anti-static/obfuscation Mixed encoding indicators
notable severity, 90% confident.
anti-static/obfuscation/code-metrics Many random-looking source identifier names
baseline severity, 100% confident.
command-and-control/dropper/execution Benign platform bootstrap curl domain
component severity, 94% confident.
command-and-control/backdoor/webshell file_get_contents (raw POST body reader)
component severity, 90% confident.
command-and-control/dropper/delivery hidden file under ~/
component severity, 100% confident.
impact/infect find target pattern
component severity, 100% confident.
supply-chain/install-hook/dropper mtime string reference
component severity, 98% confident.
supply-chain/trojanized Regex component marker

Micro-behaviors

notable severity, 80% confident.
communications/http/download curl silent flags
notable severity, 82% confident.
fs/directory find enumerates regular files
notable severity, 80% confident.
fs/read Self-reference via __FILE__
baseline severity, 90% confident.
communications/http HTTPS protocol prefix
baseline severity, 66% confident.
fs/link Resolve symbolic links to canonical
baseline severity, 70% confident.
fs/path Windows Temp directory path
baseline severity, 80% confident.
process/create shell script heredoc
component severity, 100% confident.
process/daemonize Redirects output to /dev/null

Metadata

baseline severity, 100% confident.
lang Bash shell shebang line
baseline severity, 97% confident.
package/testing/harness Extends PHPUnit TestCase class
component severity, 90% confident.
file/text File has 30 or more lines

20 of 29 traits shown

Identity

SHA-256 cb7f1e2faff3fdce82659e8356834fea6dab887b34572e9eee98061c3299d50a
Canonical SHA-256 145dc94154d751a28b5e5f9114f81e2938961306fd6ee20f780070d1332b355e
Filename php-extended-php-email-object-9.0.7.zip
Package php-extended
Version 9.0.7

Origin

Source harvest
Feed packagist.org
Ecosystem php
Domain packagist.org

Timeline

First seen 19 May 2026 22:48 UTC
First analyzed 23 May 2026 23:39 UTC
Last analyzed 23 May 2026 23:39 UTC
Last updated 23 May 2026 23:39 UTC

Labeling

Label unknown
Label source harvest
Traits version 9ea7c