1d80d30a91846112d20d2eab4ae484540ce3857312d35be164e1c66d1b720634

Sharing

Copy URL Twitter E-mail

General

Target

1d80d30a91846112d20d2eab4ae484540ce3857312d35be164e1c66d1b720634
Size

5.8MB
MD5

158efa01c883b1f06d10fb9af0070b0b
SHA1

3275f71221f8ff84e7b09512c2cd6ca27f8edf5d
SHA256

1d80d30a91846112d20d2eab4ae484540ce3857312d35be164e1c66d1b720634
SHA512

3606c5026c35a4df47be3ccba11c6fc5b2b305d6f4657ac7feb1a9ed624ed38271cb04b4cc1c94af85e43b49a27bb379fecd7712a025f7298167a99b3ea1d526
SSDEEP

98304:/VEePwMGG62GFoNPSFejY47zmUHW33dtfxz36bmIpkx4aPnjlV29Uko9Nl7hG:/VEeWGNl8cY47zzoxz/IpkxHUtih

Score

9^/10

miner

Malware Config

Signatures

Detectes Phoenix Miner Payload 1 IoCs

miner

resource	yara_rule
sample	miner_phoenix

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d80d30a91846112d20d2eab4ae484540ce3857312d35be164e1c66d1b720634

Files

1d80d30a91846112d20d2eab4ae484540ce3857312d35be164e1c66d1b720634
.exe windows:6 windows x64

ac11a88f87c3ca1926b7c83892bd7aa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
NtQueryInformationProcess
RtlPcToFileHeader
VerSetConditionMask

shlwapi

PathFindFileNameW

advapi32

InitializeSecurityDescriptor
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegDeleteKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
OpenProcessToken
RegSetKeySecurity
RegEnumKeyExW
SetEntriesInAclW
GetSidSubAuthority
AllocateAndInitializeSid
GetSidSubAuthorityCount

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

shell32

ShellExecuteW

ws2_32

shutdown
WSAStartup
WSACleanup
send
socket
connect
recv
htons
closesocket
inet_addr

oleaut32

SysFreeString
VariantClear
SysAllocString

kernel32

FreeEnvironmentStringsW
WriteConsoleW
VirtualAlloc
GetEnvironmentStringsW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
GetCommandLineW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleHandleExW
ReadFile
lstrlenW
WriteFile
CreateFileW
Sleep
CloseHandle
K32EnumProcesses
ExitProcess
GetCurrentProcessId
VerifyVersionInfoW
GetModuleFileNameW
WaitForSingleObject
GetCommandLineA
CreateFileA
CreateThread
CopyFileW
SizeofResource
HeapFree
TerminateProcess
K32GetModuleFileNameExW
InitializeCriticalSectionEx
OpenProcess
HeapSize
SetCurrentDirectoryA
CreateToolhelp32Snapshot
GetLastError
Process32NextW
LockResource
Process32FirstW
HeapReAlloc
RaiseException
LoadResource
FindResourceW
HeapAlloc
DeleteCriticalSection
GetProcessHeap
CreateProcessA
WriteProcessMemory
VirtualProtect
GetCurrentProcess
LoadLibraryExW
CreateNamedPipeW
FindResourceA
LocalAlloc
ResumeThread
GetModuleHandleA
DisconnectNamedPipe
GetExitCodeThread
lstrcatW
K32GetModuleInformation
GetThreadContext
GetProcAddress
VirtualAllocEx
LocalFree
ReadProcessMemory
CreateProcessW
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
lstrcpyW
lstrcmpiA
K32EnumProcessModules
CreateFileMappingW
MapViewOfFile
SetThreadContext
lstrcmpiW
IsWow64Process
ConnectNamedPipe
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
OutputDebugStringW
TlsFree
TlsSetValue
TlsGetValue
SetLastError
EncodePointer
TlsAlloc
SetStdHandle

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac11a88f87c3ca1926b7c83892bd7aa4

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

advapi32

ole32

shell32

ws2_32

oleaut32

kernel32

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 7KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 2KB - Virtual size: 1KB