phorphiex | 47d30cfbcf2d99c3b33a9feee25010a1

Sharing

Copy URL Twitter E-mail

General

Target

47d30cfbcf2d99c3b33a9feee25010a1
Size

25KB
MD5

4df9ba3e46df06023961379ef218bdcf
SHA1

00746ab34fc52295b138e90826ab1666df67aba8
SHA256

eda288ea705e66c362758b1fa8f331b12c108424fc985ac80430f068a3a72414
SHA512

695cb7190e15f036865e8d55969f0b217d32059d7b343cdc6963f017dbceb82d2f5b8a7a4162bd3d9423eac83d11e31e39dbb77293343d7be2daf44cdccd18b8
SSDEEP

384:rlTpqzFzRYKeTWx/GoQq3XXAt+j3PK2p7vDTCMcrWMLQEe3unnDQm1/MWtTFhgPa:BomWIqwqvb5GWf+nDz/5tT0P4/

Score

10^/10

phorphiex

Malware Config

Signatures

Phorphiex family
phorphiex

Phorphiex payload 1 IoCs

resource	yara_rule
static1/unpack001/dd07ebed5a42f4a97c60c370ba323d9835237095dae93c9d51c12fcf2d779046	family_phorphiex

Files

47d30cfbcf2d99c3b33a9feee25010a1
.zip

Password: infected
dd07ebed5a42f4a97c60c370ba323d9835237095dae93c9d51c12fcf2d779046
.exe windows x86

Password: infected

9668b7091de4529d55cf638b279f602e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
wcsstr
srand
wcslen
strchr
strcmp
_wfopen
fseek
ftell
fclose
mbstowcs
rand
memset
strlen
isalpha
isdigit

wininet

HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileW

shlwapi

StrCmpNW
PathMatchSpecW
PathFileExistsW
PathFindFileNameW
PathFileExistsA

kernel32

SetFileAttributesW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
lstrcmpW
MoveFileExW
FindNextFileW
GetVolumeInformationW
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
ExpandEnvironmentStringsW
DeleteFileW
CreateFileW
GetModuleFileNameW
CreateProcessW
GetLocaleInfoA
CreateThread
GetTickCount
GetLastError
CreateMutexA
ExitProcess
CopyFileA
MoveFileW
DeleteFileA
MoveFileA
GetModuleHandleA
FindClose
WriteFile
GlobalUnlock
GlobalLock
GlobalAlloc
ExitThread
Sleep
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
HeapFree
HeapAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetFileSize
GetStartupInfoA

user32

CloseWindow
SetFocus
SetForegroundWindow
ShowWindow
FindWindowA
wsprintfA
wsprintfW
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData

advapi32

CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptVerifySignatureA
CryptHashData
CryptCreateHash
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
CryptDestroyKey

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9668b7091de4529d55cf638b279f602e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

wininet

urlmon

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 868B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 49KB - Virtual size: 77KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 868B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 49KB - Virtual size: 77KB