P15Mainexec[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

P15Mainexec.exe
Size

29KB
MD5

9184363c94761de46a201a1cd8e44006
SHA1

fea8c591523fafc1e9e196fa011626d30d52ad1e
SHA256

714c865b44a0a13a4811e017a19ce043bed1876f9ef755e520fbe0dddd877745
SHA512

5f65ab5e8d2377cbb06834592cf628cf61057a7e5e76098ec325a7a313563c0bf5e1fc8ae1c7fe0a3936962ac213dbcb574316322f4eab401d5d530e2c008a3f
SSDEEP

768:rnxaTACw6bWP/oeg20BhSpyDV3EUnxj70rwrNRa6R:rnxaTACwyq/oe40pyD1EUnxkrGRa6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
P15Mainexec.exe

Files

P15Mainexec.exe
.exe windows:6 windows x86 arch:x86

bfacc30dda8def4392b9a6c1b5a2de6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ACER\Downloads\Null's Trojans\Phosphorous\P15Mainexec\Debug\P15Mainexec.pdb

Imports

kernel32

DeleteFileW
Beep
HeapAlloc
GetProcessHeap
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
SuspendThread
CreateProcessW
OpenProcess
MoveFileW
GetProcAddress
VirtualProtect
GetModuleHandleW
lstrlenW
SetLastError
HeapFree
CreateThread
lstrcmpW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetTickCount
GetSystemTime
Sleep
GetLastError
LoadLibraryW
CloseHandle
WriteFile
SetCurrentDirectoryW
CreateFileW
IsProcessorFeaturePresent

user32

GetWindowLongW
CreateWindowExW
GetDesktopWindow
SetWindowLongW
GetWindowRect
GetDC
GetActiveWindow
SetWindowPos
FillRect

gdi32

TextOutW
DeleteObject
BitBlt
CreateSolidBrush

advapi32

RegSetValueExW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfacc30dda8def4392b9a6c1b5a2de6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 2KB

.msvcjmc Size: 512B - Virtual size: 78B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 812B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 2KB

.msvcjmc
Size: 512B - Virtual size: 78B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 812B