phorphiex | 9dc0b007f33f768fff2249388428981d89cfcee3e5babd206bbaeb7d5cc34b4fN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9dc0b007f33f768fff2249388428981d89cfcee3e5babd206bbaeb7d5cc34b4fN.exe
Size

11KB
MD5

83a784716728ca579619d0e13a9f17b0
SHA1

5e33ca9dab3c0df2edcd597b8b0da06c88f18f6b
SHA256

9dc0b007f33f768fff2249388428981d89cfcee3e5babd206bbaeb7d5cc34b4f
SHA512

f8218a8e977f0ec340e7139041cfff8bac4cc23bcea0c0c0d7717ead76093d45d10acd72a5846486e9348ce642f529824f1575d0d28b8d2f566c543c7c9d3bc4
SSDEEP

96:ETwSV536ceoPr3mrAdFDbv1SuAIULiVK+YkJxGE9btz2qhRC7tCEX:di53VeoJ1SJ6JxTZtzthy

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

http://185.215.113.66

Signatures

Phorphiex family
phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dc0b007f33f768fff2249388428981d89cfcee3e5babd206bbaeb7d5cc34b4fN.exe

Files

9dc0b007f33f768fff2249388428981d89cfcee3e5babd206bbaeb7d5cc34b4fN.exe
.exe windows:5 windows x86 arch:x86

2851cbd012d6b064f2e3a7855455b399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

msvcr90

_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__p__fmode
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcscat
srand
rand
memset
__dllonexit
_crt_debugger_hook

wininet

DeleteUrlCacheEntryW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

urlmon

URLDownloadToFileW

kernel32

QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedExchange
GetTickCount
ExpandEnvironmentStringsW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
CreateProcessW
Sleep
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoA
InterlockedCompareExchange

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2851cbd012d6b064f2e3a7855455b399

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcr90

wininet

urlmon

kernel32

user32

shell32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 534B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 534B