phorphiex | 97fdb440587ae6f237203b2e0338a550_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

97fdb440587ae6f237203b2e0338a550_JaffaCakes118
Size

77KB
MD5

97fdb440587ae6f237203b2e0338a550
SHA1

a8613ac0c99ea6d5073d7474b278794b50f30b24
SHA256

7f99d6f0dd72b4b86fa136ed7771fd55dd6b40e8f890d61b90d8a88d117c9858
SHA512

e9e339b95128af836f286fbce08f92ee20f492f4d669c1194c8eecaf86b62a9740301714a20c05a70c0b1d8b31119bff120e2146b19906183706783bee0633aa
SSDEEP

768:Nl92s8vjKGxEFVz7PP/UBV7VWzFYIH4Q:bsswjK3Vz7PPXzFLY

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

http://worm.ws/

http://feuhdeuhduhuehdr.ws/

http://feauhueudughuurr.ws/

http://fheuhdwdzwgzdggr.ws/

http://faugzeazdezgzgfr.ws/

http://wduufbaueeubffgr.ws/

http://okdoekeoehghaoer.ws/

http://efuheruhdehduhgr.ws/

http://eafueudzefverrgr.ws/

http://deauduafzgezzfgr.ws/

http://gaueudbuwdbuguur.ws/

http://efeuafubeubaefur.ws/

http://eafuebdbedbedggr.ws/

http://wdkowdohwodhfhfr.ws/

http://efaeduvedvzfufur.ws/

http://edhuaudhuedugufr.ws/

http://eaffuebudbeudbbr.ws/

http://seuufhehfueughel.to/

http://feuhdeuhduhuehdl.to/

http://feauhueudughuurl.to/

Wallets

19KXPyopGnfZ1dGjLpPPqbo7Jpqki9A9mW

3NShfYPbqkPmPkXEgJ1SGUYgSjxt1Robhs

bc1qf4awd7k76q0tks25ax7q48wmsvslvy64er6n6w

qqe5entlms8sudv7a60dnu5gpttlukmspuk5zxsahe

XjgwEqD6iFf5pHxqSzj4tm8mgs7TsS2kEw

DHvsojZJPxoYYwtVw7voSuv2ga5LGoQpG1

0xA557fe5c21325eB8f6C7d5f2004Db988c8C8D8B5

LYr5qEmeAcpv7JeCEE2HfGPV74DZLYHeT2

42TCgxVg6itTv4v8dvyCQEETmHL5N6i8a8rvcqGWb2QtWUrBpq3SdDnZbhpcg2S3UbNG98Woi6KEH7dWtpnEHQrDEzQbENy

rDs45wyGR5E6sHajNGHeNqvjvXaCJrJ22j

TY59jfEA2xQBk4R8AAJG3tBGQybMm1aSba

t1NBaHW8QgULABaASvzNALmxem8EutnxLtr

GDR62FPKRATKXTLSR3JDCVGDAVF6YC5RVZ2RQ55SNW6C2UWND3KGUHPW

P44ZCLTNESUGZESVC3QMK6LSFY7LYW3N23FKX56UMCEXK6NZBG3BUNPDWI

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36

Signatures

Phorphiex family
phorphiex
Phorphiex payload 1 IoCs

Processes:

resource yara_rule

sample family_phorphiex

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
97fdb440587ae6f237203b2e0338a550_JaffaCakes118

Files

97fdb440587ae6f237203b2e0338a550_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f944c0518d3a00049e07094b78bdb20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HHHHHHHHHHHHHH HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Imports

msvcrt

memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
wcsstr
wcslen
wcscmp
_wfopen
fseek
ftell
fclose
mbstowcs
srand
rand
memset
strlen
isalpha
isdigit

wininet

HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileW

shlwapi

StrCmpNW
PathFileExistsW
PathFindFileNameW
PathMatchSpecW

kernel32

CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
lstrcmpW
MoveFileExW
SetFileAttributesW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
GetTickCount
GetVolumeInformationW
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
GetLastError
CreateMutexA
MoveFileW
CopyFileA
MoveFileA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
FindNextFileW
GlobalUnlock
GlobalLock
GlobalAlloc
ExitThread
Sleep
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
HeapFree
HeapAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileW
DeleteFileW
WriteFile
ExpandEnvironmentStringsW

user32

SetFocus
SetForegroundWindow
ShowWindow
CloseWindow
SetClipboardData
CloseClipboard
FindWindowA
wsprintfA
wsprintfW
EmptyClipboard
GetClipboardData
OpenClipboard
FindWindowW

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptVerifySignatureA
CryptHashData
CryptCreateHash
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
CryptEncrypt

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2f944c0518d3a00049e07094b78bdb20

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

wininet

urlmon

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 2KB - Virtual size: 1KB