phorphiex | 22e422508a4d16745e129af689b8b6b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22e422508a4d16745e129af689b8b6b6_JaffaCakes118
Size

57KB
MD5

22e422508a4d16745e129af689b8b6b6
SHA1

a19b0376c3fd613d3f83084a3ed18f58aafcbc63
SHA256

31fee21f74a3be7ddc0947ff40c941a68545a7f183e56c52b4830c0dbb815a89
SHA512

9706b79d350c94211563db7db5ff560310fcae9dd0b77d70c93105588e181a5fb61e737b7b725d8d04ad129defb9bc40e7be54210b9a43f40905e69adc31f20d
SSDEEP

768:klUBNsYBS5uzBPhAM4uXGG5bOM5kxoO3YYO4KwUw7V3JPjG5d:yUzsCS5udh2G5bOM5kx13Y4v3tS5

Score

10^/10

phorphiex

Malware Config

Signatures

Phorphiex family
phorphiex

Phorphiex payload 1 IoCs

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22e422508a4d16745e129af689b8b6b6_JaffaCakes118

Files

22e422508a4d16745e129af689b8b6b6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d09171e6a3157a2f53642482009a4fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ .pdb

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
memcpy
exit
_XcptFilter
_exit
sscanf
sprintf
??2@YAPAXI@Z
strcpy
strcat
wcscmp
_wfopen
fseek
ftell
fclose
malloc
wcslen
strtok
strchr
strcmp
strncmp
memmove
strncpy
_snprintf
wcsstr
strstr
mbstowcs
srand
rand
memset
strlen
isalpha
isdigit

ws2_32

shutdown
inet_addr
gethostbyname
WSAStartup
closesocket
recv
send
socket
htons
ioctlsocket
connect
select
WSACleanup

urlmon

URLDownloadToFileW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

shlwapi

PathMatchSpecW
StrCmpNW
PathFileExistsW
PathFindFileNameW

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetCancelConnectionW
WNetAddConnection2W

kernel32

DeleteFileW
CreateFileW
GetFileSize
CreateFileMappingA
MapViewOfFile
GetProcessHeap
HeapAlloc
HeapFree
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
Sleep
ExitThread
GlobalAlloc
WriteFile
GlobalUnlock
CopyFileW
SetFileAttributesW
GetVolumeInformationW
GetModuleFileNameW
CreateThread
FlushViewOfFile
GetFullPathNameW
SetCurrentDirectoryW
GetLocaleInfoA
ExitProcess
GetLastError
CreateMutexA
CreateProcessW
GetTickCount
ExpandEnvironmentStringsW
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
lstrcmpW
lstrcmpiW
FindFirstFileW
CreateDirectoryW
GlobalLock
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject

user32

CharLowerW
wsprintfA
wsprintfW
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData

advapi32

CryptImportKey
CryptDestroyKey
CryptEncrypt
CryptVerifySignatureA
CryptHashData
CryptCreateHash
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExA
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d09171e6a3157a2f53642482009a4fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ws2_32

urlmon

wininet

shlwapi

netapi32

mpr

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB