phorphiex | 50cc1437b22ae5b3fdf4ee19967b1f3478a42022ece7517e2441cfb57d784bb1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

50cc1437b22ae5b3fdf4ee19967b1f3478a42022ece7517e2441cfb57d784bb1.exe
Size

62KB
MD5

9a8acd4b7119f050506bcaf22e4ddcb9
SHA1

d2a450504119fd5d5d54d925f5e1799e320e2c33
SHA256

50cc1437b22ae5b3fdf4ee19967b1f3478a42022ece7517e2441cfb57d784bb1
SHA512

c0cb3e704016376316ffe459595b07f13d3dea53b117845dd3c752c88a3d03829aacb695b589385e809fcecea0987f3c2a09295aaaae7e55a53f97a9ba0a8668
SSDEEP

1536:IzQjJuw3c6hqh1kJaJrNKx5tzzevaCpzqFFzWcXdqu7mOYhngYFD:eQduF60Q0X036aCBqXcY6tgYFD

Score

10^/10

phorphiex

Malware Config

Signatures

Phorphiex family
phorphiex

Phorphiex payload 1 IoCs

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50cc1437b22ae5b3fdf4ee19967b1f3478a42022ece7517e2441cfb57d784bb1.exe

Files

50cc1437b22ae5b3fdf4ee19967b1f3478a42022ece7517e2441cfb57d784bb1.exe
.exe windows:5 windows x86 arch:x86

d617e8618688e76a02c9e4d9a14e5afd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
ioctlsocket
WSAStartup
recv
send
WSACloseEvent
WSARecv
WSASend
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAGetLastError
WSAEnumNetworkEvents
WSASocketA
listen
WSAWaitForMultipleEvents
getpeername
accept
WSAEventSelect
WSAGetOverlappedResult
WSACreateEvent

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
StrCpyNW
PathFindFileNameW
StrStrIA
StrChrA
StrCmpNIA
StrStrW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

ntdll

memset
memcpy
_chkstk
RtlUnwind
RtlTimeToSecondsSince1980
mbstowcs
NtQueryVirtualMemory
NtQuerySystemTime
memmove
strstr
isdigit
isalpha

msvcrt

rand
srand
_vscprintf

kernel32

ExitProcess
CreateProcessW
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetProcessHeaps
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
CreateMutexA
GetLastError
CreateEventA
GetVolumeInformationW
SetFileAttributesW
GetSystemInfo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW

user32

RegisterClassExW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
TranslateMessage
wsprintfW
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wvsprintfA
GetWindowLongW
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d617e8618688e76a02c9e4d9a14e5afd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

wininet

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 34KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 34KB