phorphiex | 8051496142[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8051496142.zip
Size

651KB
MD5

2e29823776345df6912f1155a6c698da
SHA1

3c33e4671ad49d55c438b1cfda196b502d4e90eb
SHA256

a3172e45bb1824fa625a04ff1d7e08617de13309ba9d31fb6b03ec9a921f345b
SHA512

8154dbd506874f3dcde5d8692ff062663be3e7e6edffcdb72541ac0451045aa8d80a1f26f9acdf76b99ca1cfbe5d067c22864cc98b2812371106a4a9f27af408
SSDEEP

12288:jgr+OjJFxASZc79Sm5nq8YN0uxjf5l3LEkOyL9BMEfDjYKomKddHSCCK3f+JPTa1:lIgRbq8UXRxOykEAgcSCuPTgP

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

http://185.215.113.84/twizt/

http://185.215.113.66/twizt/

Wallets

13dJT8HaqHG3SzwEHN351NKpZHjT51LUMioPeZCuYFMn6Em2

1AFyjUHBU47bKeWD3Yv9vxFvfQCNFVhEB1

3PLCWMHvHvUKmzNKvrNxRHcpBBt841bLLRm

qraj0r42vag30v888rxrv23us6n9mwqzxqmanzrjzz

XdpMAtREQP2GiJPnhECJE17Yo47kqwxE2g

DAd39Hg29o3hXTXkCp867rWZ82QtYemBr1

0x7acBe663481E7cAB6C7b22af594A1Fa5553ddA5f

LVSQJj6WFnMzAFDZLidL19hCtTtJu1WNHy

rsJ93nxUfY9p5a1g8ZYd1w1YsHdVP3tSn1

TXGiKCawSp4VEYnXC4Eyvz8gVugh3ibZjr

t1eAsZic54jTo4V4DRPWMN4oLgSzsSSYxcw

AHZnFT4zfKU59R811DCthwxBPKuRqG2ES1

bitcoincash:qraj0r42vag30v888rxrv23us6n9mwqzxqmanzrjzz

4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK

GABBG3OBFC3JLJEXMFEKJMMHANGFWVPTPKUJSVOMZZGQO522AXGL7Q3P

GMinVxCfyuHFUBiuuWuaWkUBWgN1kgowfsNzjjuad7W9

bnb16yfddrq3325xuqh3070tlqsr5gr74jun7zefgz

bc1qvdu6nyvrppjtshy7rgfpkl74hkklj7plavr8je

Signatures

Phorphiex family
phorphiex

Files

8051496142.zip
.zip

Password: infected
1c50e838ff24a46f03e9afe9415b2002cda7e1479c4cff3884e49fc0e644288c
.exe windows x86

fecfe0ae3e3946d07fde43e28087be97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
__set_app_type

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

urlmon

URLDownloadToFileW

kernel32

CreateFileW
WriteFile
Sleep
ExpandEnvironmentStringsW
GetTickCount
GetModuleHandleA
GetStartupInfoA
DeleteFileW
CloseHandle
CreateProcessW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1d3c6d6b276c0e1fa559cd6e48a12da63098cc3823329db71c4dbc12fa3a2334
.exe windows x86

13d4ecb21ffd4b77a0608840e931a3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
WSAStartup
bind
ioctlsocket
recv
send
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEnumNetworkEvents
WSAEventSelect
listen
WSAWaitForMultipleEvents
getpeername
accept
WSAGetOverlappedResult
WSACreateEvent
WSASocketA

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
PathFileExistsA
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

InternetConnectA
InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
memmove
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

MoveFileA
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetProcessHeaps
GetSystemInfo
PostQueuedCompletionStatus
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
DeleteFileA
CreateMutexA
MoveFileW
GetLastError
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW
FindClose

user32

SendMessageA
IsClipboardFormatAvailable
TranslateMessage
RegisterClassExW
GetWindowLongW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
CloseClipboard
GetMessageA
FindWindowA
ShowWindow
wsprintfA
SetForegroundWindow
wvsprintfA
wsprintfW
SetWindowLongW
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
22f524abc98f958705febd3761bedc85ec1ae859316a653b67c0c01327533092
.exe windows x86

2f2316fb946682a102e453a8ae405904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
WSAStartup
ioctlsocket
recv
send
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
WSAEnumNetworkEvents
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEventSelect
WSAGetOverlappedResult
WSAWaitForMultipleEvents
getpeername
accept
WSACreateEvent
WSASocketA
listen

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
PathFileExistsA
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

InternetConnectA
InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
memmove
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
strstr
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

MoveFileW
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetProcessHeaps
GetSystemInfo
PostQueuedCompletionStatus
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
DeleteFileA
CreateMutexA
MoveFileA
GetLastError
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW

user32

SendMessageA
wsprintfW
IsClipboardFormatAvailable
RegisterClassExW
GetWindowLongW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
CloseClipboard
GetMessageA
FindWindowA
ShowWindow
wsprintfA
SetForegroundWindow
wvsprintfA
TranslateMessage
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3759265786b19c6b1196d620f48d8e1bd34d8f43268680065d545f34465f7ad0
.exe windows x86

efd7f7e3b6752d3d27358567b664ed25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathFileExistsW

msvcrt

__p__commode
__p__fmode
_adjust_fdiv
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
__set_app_type

wininet

InternetOpenW
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

urlmon

URLDownloadToFileW

kernel32

WriteFile
DeleteFileW
CreateProcessW
CloseHandle
GetTickCount
DeleteFileA
MoveFileW
MoveFileA
ExpandEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
Sleep
CreateFileW

user32

wsprintfW
FindWindowA
ShowWindow
SetForegroundWindow

shell32

ShellExecuteW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
39c853575cbe6aa8343e8616cfc22c2dfdad567f78b5aee8e65f38423ebe10e3
.exe windows x86

13d4ecb21ffd4b77a0608840e931a3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
WSAStartup
bind
ioctlsocket
recv
send
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEnumNetworkEvents
WSAEventSelect
listen
WSAWaitForMultipleEvents
getpeername
accept
WSAGetOverlappedResult
WSACreateEvent
WSASocketA

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
PathFileExistsA
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

InternetConnectA
InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
memmove
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

MoveFileA
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetProcessHeaps
GetSystemInfo
PostQueuedCompletionStatus
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
DeleteFileA
CreateMutexA
MoveFileW
GetLastError
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW
FindClose

user32

SendMessageA
IsClipboardFormatAvailable
TranslateMessage
RegisterClassExW
GetWindowLongW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
CloseClipboard
GetMessageA
FindWindowA
ShowWindow
wsprintfA
SetForegroundWindow
wvsprintfA
wsprintfW
SetWindowLongW
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6969c45198338d2677fd4d30c7a374a1c56d35e8e062110e4679d1f9aefa26dc
.exe windows x86

efd7f7e3b6752d3d27358567b664ed25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathFileExistsW

msvcrt

__p__commode
__p__fmode
_adjust_fdiv
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
__set_app_type

wininet

InternetOpenW
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

urlmon

URLDownloadToFileW

kernel32

WriteFile
DeleteFileW
CreateProcessW
CloseHandle
GetTickCount
DeleteFileA
MoveFileW
MoveFileA
ExpandEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
Sleep
CreateFileW

user32

wsprintfW
FindWindowA
ShowWindow
SetForegroundWindow

shell32

ShellExecuteW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
96c5607aa1a1082ff6659842855fe584e1467a2119de3c017ff20b7c317adf7a
.exe windows x86

23c3b9963341feb6fd1c13ff1f300863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
__set_app_type

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

urlmon

URLDownloadToFileW

kernel32

DeleteFileW
CreateProcessW
CloseHandle
WriteFile
GetTickCount
GetModuleHandleA
GetStartupInfoA
ExpandEnvironmentStringsW
Sleep
CreateFileW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a8d0ac5762f61683d7cbcbfc53e0b650e632625d7ffabf08b45986908891ee96
.exe windows x86

1638b66ab562e34b96db8786791d32b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

msvcrt

__p__fmode
__set_app_type
__p__commode
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
_except_handler3

wininet

InternetOpenUrlA
InternetOpenA
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

kernel32

DeleteFileA
GetTickCount
CloseHandle
DeleteFileW
CreateProcessW
Sleep
MoveFileW
MoveFileA
GetModuleHandleA
CreateFileW
GetStartupInfoA
ExpandEnvironmentStringsW
WriteFile

user32

SetForegroundWindow
FindWindowA
ShowWindow
wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c86e66ff929bb7b66fa3a3dcbf12b2a39041ec1740cd5f748d4672bf06d6db5d
.exe windows x86

2f2316fb946682a102e453a8ae405904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
WSAStartup
ioctlsocket
recv
send
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
WSAEnumNetworkEvents
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEventSelect
WSAGetOverlappedResult
WSAWaitForMultipleEvents
getpeername
accept
WSACreateEvent
WSASocketA
listen

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
PathFileExistsA
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

InternetConnectA
InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
memmove
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
strstr
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

MoveFileW
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetProcessHeaps
GetSystemInfo
PostQueuedCompletionStatus
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
DeleteFileA
CreateMutexA
MoveFileA
GetLastError
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW

user32

SendMessageA
wsprintfW
IsClipboardFormatAvailable
RegisterClassExW
GetWindowLongW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
CloseClipboard
GetMessageA
FindWindowA
ShowWindow
wsprintfA
SetForegroundWindow
wvsprintfA
TranslateMessage
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fca1bb147cee65edf9ef821063fe3899d5ab3da1ca5310c9efe9913204675366
.exe windows x86

efd7f7e3b6752d3d27358567b664ed25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathFileExistsW

msvcrt

__p__commode
__p__fmode
_adjust_fdiv
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
__set_app_type

wininet

InternetOpenW
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

urlmon

URLDownloadToFileW

kernel32

WriteFile
DeleteFileW
CreateProcessW
CloseHandle
GetTickCount
DeleteFileA
MoveFileW
MoveFileA
ExpandEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
Sleep
CreateFileW

user32

wsprintfW
FindWindowA
ShowWindow
SetForegroundWindow

shell32

ShellExecuteW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

fecfe0ae3e3946d07fde43e28087be97

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcrt

wininet

urlmon

kernel32

user32

shell32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 60B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 254B

.text Size: 108KB - Virtual size: 108KB

13d4ecb21ffd4b77a0608840e931a3df

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

urlmon

wininet

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 9KB

2f2316fb946682a102e453a8ae405904

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

urlmon

wininet

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 9KB

efd7f7e3b6752d3d27358567b664ed25

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcrt

wininet

urlmon

kernel32

user32

shell32

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 108KB - Virtual size: 108KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 9KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 9KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 108KB - Virtual size: 108KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 10KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 108KB - Virtual size: 108KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 268B

.text
Size: 108KB - Virtual size: 108KB