phorphiex | 7ff563b35798bca2ae875af926c5ce6a53787800d32a282232daed847a2b2cc7N[.]exe

General

Target

7ff563b35798bca2ae875af926c5ce6a53787800d32a282232daed847a2b2cc7N.exe
Size

13KB
MD5

19f8713efcc91e36c5f518d23a28e9f0
SHA1

ba2be62b36e50b81d73e39bbed23fc5cbf9ce878
SHA256

7ff563b35798bca2ae875af926c5ce6a53787800d32a282232daed847a2b2cc7
SHA512

48b0eba112b50b8499abba92b04193b7baa41a6d4479f3c95bcffec3ad91f214c143b1d0f3244f29f7680496a4fa63d5252c487df1cf26160b1e524c8e8418bc
SSDEEP

192:LBbUFJyyHpCstaFJx34ymFpQ9999999999999999999999999999999999999KI:5UF0yH5kFoy

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

C2

http://91.202.233.141

Signatures

Phorphiex family
phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff563b35798bca2ae875af926c5ce6a53787800d32a282232daed847a2b2cc7N.exe

Files

7ff563b35798bca2ae875af926c5ce6a53787800d32a282232daed847a2b2cc7N.exe
.exe windows:5 windows x86 arch:x86

652bad30af4f722f78dcc1034111fbb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

__dllonexit
_lock
_onexit
_decode_pointer
_unlock
_invoke_watson
_controlfp_s
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_except_handler4_common
_amsg_exit

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW

shlwapi

PathFileExistsW

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
Sleep
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId

user32

wsprintfW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

652bad30af4f722f78dcc1034111fbb2

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

wininet

shlwapi

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 450B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 450B