ph_decrypt[.][exe][.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ph_decrypt.[exe].exe
Size

60KB
MD5

4bd58f98e6894a2cc1d2492a2ea31428
SHA1

33f0fb25fe16be600a8210baa19dbd61cbfc76f2
SHA256

3bdc7a7bfb1b2704fedad02debc5a143ef5ce6df4a3b53c50f7f589cc806919c
SHA512

61e5174dfd8405d0177b85a58ac726ef8bc4db3499b1b4061cc9f185ab01b374504848a610ab335dd64709af37edd14e6c2abd71dd2da87d579447b3ea4710f5
SSDEEP

768:4odFS+OMTGhbt8Py8hiSSvA1BcBRL8nTwTh7ZAZk8EDZAnSKHkJNTdANEkbANoo7:4o7Oimt8K8hGvucC+kkszkzaEkbANJ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ph_decrypt.[exe].exe

Files

ph_decrypt.[exe].exe
.exe windows:5 windows x86

50144cb54811bd100362a51b6740ce74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
CloseHandle
CreateThread
GetModuleHandleW
GetProcAddress
FindFirstFileW
GetModuleFileNameW
FindClose
FindNextFileW
SetEndOfFile
SetFilePointerEx
WriteFile
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
MoveFileW
DeleteFileW
SetFileAttributesW
GetLogicalDrives
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwind
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapCreate
ExitProcess
DecodePointer
GetStdHandle
EncodePointer
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement

user32

DispatchMessageW
GetWindowTextLengthW
SetTimer
GetMessageW
PostQuitMessage
KillTimer
GetKeyState
LoadCursorW
GetClientRect
SetFocus
TranslateMessage
RegisterClassExW
GetWindowTextA
GetWindowLongW
GetWindowTextW
SetWindowLongW
ShowWindow
CreateWindowExW
MessageBoxW
SetWindowTextA
SendMessageW
EnableWindow
SetWindowTextW
CallWindowProcW
DefWindowProcW

gdi32

GetStockObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemFree

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50144cb54811bd100362a51b6740ce74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 716B

.reloc Size: 4KB - Virtual size: 3KB

.cdata Size: 1024B - Virtual size: 532B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 716B

.reloc
Size: 4KB - Virtual size: 3KB

.cdata
Size: 1024B - Virtual size: 532B