phorphiex | 0x0006000000016d4e-54[.]dat

Sharing

Copy URL

Twitter E-mail

General

Target

0x0006000000016d4e-54.dat
Size

10KB
MD5

96509ab828867d81c1693b614b22f41d
SHA1

c5f82005dbda43cedd86708cc5fc3635a781a67e
SHA256

a9de2927b0ec45cf900508fec18531c04ee9fa8a5dfe2fc82c67d9458cf4b744
SHA512

ff603117a06da8fb2386c1d2049a5896774e41f34d05951ecd4e7b5fc9da51a373e3fcf61af3577ff78490cf898471ce8e71eae848a12812fe98cd7e76e1a9ca
SSDEEP

96:vdHiIV5H6c10lqo9ZYAoQdVDCcJ+587tG6AuJxGE9btz2qhRC7tCEOhd1Q:vdHiQ5HV1wr9KA/J+izJxTZtzthyOhd

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

http://185.215.113.84

Signatures

Phorphiex family
phorphiex
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0x0006000000016d4e-54.dat

resource
0x0006000000016d4e-54.dat

Files

0x0006000000016d4e-54.dat
.exe windows:5 windows x86 arch:x86

7ba967fd229102a20e7c38cd32fa28a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

msvcr90

__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
srand
rand
memset
_lock

wininet

DeleteUrlCacheEntryW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

urlmon

URLDownloadToFileW

kernel32

GetCurrentProcessId
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
GetTickCount
ExpandEnvironmentStringsW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
CreateProcessW
Sleep
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetStartupInfoA

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7ba967fd229102a20e7c38cd32fa28a8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcr90

wininet

urlmon

kernel32

user32

shell32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 908B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 522B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 908B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 522B