Behavioral task
behavioral1
Sample
Phoenix v1.3.exe
Resource
win7-20240221-en
General
-
Target
Phoenix v1.3.exe
-
Size
4.6MB
-
MD5
1122bf1261cc648bd8555f79e2459195
-
SHA1
c173392516f00df1994f39050116d5333c58b1a1
-
SHA256
0db248dac7ab90d7f512d1be68237838fb3742e7a58d65c148fb9058bae1576f
-
SHA512
5799dc43566e7a3745af116582a8577634c35cdfc9660c9f51cfffb73e985f6c240d1a798e21e9fd914bdaa251dc13a1ef78ae6dbdd84bd338238a48a4f5e1cb
-
SSDEEP
98304:uwP9YPfEvBcTn0q7oYPD7toDhjBFsbtKpOkaAk3mWvy:H1CcvBmnn7D7ZoDCUpOkaUWv
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Phoenix v1.3.exe
Files
-
Phoenix v1.3.exe.exe windows:5 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 496KB - Virtual size: 947KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 59KB - Virtual size: 210KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 5KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 20KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
Size: 14KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 23KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ