PhontolorP[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PhontolorP.exe
Size

4.1MB
MD5

f47412bbd31b0e30e77c2038a39c0d45
SHA1

768fc584120d6936a87bb09ca26cd4f626bbd858
SHA256

eb26dd669db27dcc500b6f730cffed4ba0e8f4f4e7811de5e577454f92ea6c23
SHA512

960f9e8c6ca65abaac8e303cc8073ac90b4d1202c5e13359e2cff742689a4201926898939e30658a65e24fa583f670be04191e0b2eb2433a80aa6b30b1f44dee
SSDEEP

98304:NjUgu2jP4yVcyJn0RL1oaoGdHwfz2V6EHS3:NjUCjNcyJ0roaoQHezQH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PhontolorP.exe

Files

PhontolorP.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 700KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zprot
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zpro
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.protect
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ectt
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ