phorphiex | be068de9e770469a4969741b399e6e2c36e9dc1eb93ffd51c777b6f1aab97168N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

be068de9e770469a4969741b399e6e2c36e9dc1eb93ffd51c777b6f1aab97168N.exe
Size

102KB
MD5

5e4a29705f3aebceec775589526d58f0
SHA1

feb9b4dd956f4158c7b18fe64813b88a2003ba88
SHA256

be068de9e770469a4969741b399e6e2c36e9dc1eb93ffd51c777b6f1aab97168
SHA512

93e24958d978066bdef7e59b6f1f2ae3389be8e5a84f8d148c5a057abf3b6785c3593c65fd130a65806f0bae193377738c8371e4e9cb9bbe88651ca30eae7217
SSDEEP

1536:z3Mz8oy284usnjFzuNXoaSTM98qKH5Fn18CAkewoAd+ypy18FRn:YwofxFK5oagMNO5FyCAfKMypy1o

Score

10^/10

phorphiex

Malware Config

Signatures

Phorphiex family
phorphiex

Phorphiex payload 1 IoCs

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be068de9e770469a4969741b399e6e2c36e9dc1eb93ffd51c777b6f1aab97168N.exe

Files

be068de9e770469a4969741b399e6e2c36e9dc1eb93ffd51c777b6f1aab97168N.exe
.exe windows:5 windows x86 arch:x86

f104e80119f78ba5be523e1d9fb681d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
ioctlsocket
WSAStartup
send
recv
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEnumNetworkEvents
WSAEventSelect
listen
WSAWaitForMultipleEvents
getpeername
accept
WSAGetOverlappedResult
WSACreateEvent
WSASocketA

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
memmove
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

GetLastError
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetSystemInfo
PostQueuedCompletionStatus
GetProcessHeaps
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
CreateMutexA
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW
FindClose

user32

RegisterClassExW
TranslateMessage
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
DefWindowProcA
wsprintfW
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wvsprintfA
GetWindowLongW
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f104e80119f78ba5be523e1d9fb681d0

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

urlmon

wininet

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 34KB - Virtual size: 36KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 34KB - Virtual size: 36KB