General
-
Target
Phoenix v1.3.exe
-
Size
4.7MB
-
MD5
e85722f85811237c1357bdaeb8d985d2
-
SHA1
83faef06be7c64bfe10c684d3ef2c6d43c624ec3
-
SHA256
d9ab32770861337b6170f98487a2025233189490a5740eaf27c27c521e6b0d01
-
SHA512
e1d122070a9791c658744cada35f19b10fa18e7ccf1ab61fc9585f87f390fb9309f0011638df9696844cfb155734d4ce0a753f7d90b2ccc0de89f2ba9029cb15
-
SSDEEP
98304:oQJUMQSxwCotdL3gn2uC/zdE7yOHEQkAyjkAqH/REGTlk4WB6N:PJUpaEUy/zdGyOEQkAXHfSGTBI
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Phoenix v1.3.exe
Files
-
Phoenix v1.3.exe.exe windows:5 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 496KB - Virtual size: 947KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 59KB - Virtual size: 210KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 5KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 20KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
Size: 14KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 23KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ