JC_30344e092af12c089034ade2f8305745a7ff2b104ca6ec010a5b99473cc60555

Sharing

Copy URL

Twitter E-mail

General

Target

JC_30344e092af12c089034ade2f8305745a7ff2b104ca6ec010a5b99473cc60555
Size

12.2MB
MD5

9594fdb284a6fff5875d8c8260114e48
SHA1

e8587fc1b018fbb3014e4d9d044af97234fff2d6
SHA256

30344e092af12c089034ade2f8305745a7ff2b104ca6ec010a5b99473cc60555
SHA512

154f2806d44237c9d86d1caa7beb833509ac3957f7bee21a6526d5bb260c7865f9eaa4475a6eccc7cbb5859c574c5a45d35c55e7b51bac958a51942f7b7c82df
SSDEEP

98304:ddkKz6RCUJ3Spw7I/par8CPN6YTLeY5CnJ+Jn21z0S:ddk7h34wo67PNL4+c

Score

9^/10

miner

Malware Config

Signatures

Detectes Phoenix Miner Payload 1 IoCs

miner

resource	yara_rule
sample	miner_phoenix

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JC_30344e092af12c089034ade2f8305745a7ff2b104ca6ec010a5b99473cc60555

Files

JC_30344e092af12c089034ade2f8305745a7ff2b104ca6ec010a5b99473cc60555
.exe windows x64

653caadf09cff8e51993f722d82a7051

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsA

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

shell32

SHBrowseForFolderW

user32

CopyImage

version

GetFileVersionInfoSizeW

oleaut32

SysFreeString

advapi32

CloseServiceHandle

netapi32

NetWkstaGetInfo

msvcrt

memcpy

kernel32

SetFileAttributesW

shfolder

SHGetFolderPathW

wsock32

htonl

ole32

IsEqualGUID

gdi32

Pie

ntdll

NtQuerySystemInformation

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

653caadf09cff8e51993f722d82a7051

Headers

File Characteristics

Imports

setupapi

winspool.drv

comctl32

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

kernel32

shfolder

wsock32

ole32

gdi32

ntdll

iphlpapi

psapi

Exports

Exports

Sections

.text Size: 10.3MB - Virtual size: 10.3MB

.sedata Size: 2.0MB - Virtual size: 2.0MB

.idata Size: 1KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 10.3MB - Virtual size: 10.3MB

.sedata
Size: 2.0MB - Virtual size: 2.0MB

.idata
Size: 1KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB