phorphiex | d17aa6f4f46a2f570815862fdd66b6802baa24b10984809800bee89f963aef72N[.]exe

General

Target

d17aa6f4f46a2f570815862fdd66b6802baa24b10984809800bee89f963aef72N.exe
Size

12KB
MD5

3b31d597ce4aca68480a5305e0e3b280
SHA1

48104c8e5ffc01f5c16889ed0297488152105d26
SHA256

d17aa6f4f46a2f570815862fdd66b6802baa24b10984809800bee89f963aef72
SHA512

ba95c84619ad0127e47f847be8bb796af88e48206c149562cf1aa87e9e0f935849b09f700b7cff5211942b0a0939e1acc3a741e18811446ad42273214b4c9bc7
SSDEEP

192:9BbUFJyyHpmUJ0FJx34ymFpQ9999999999999999999999999999999999999KI:bUF0yHEUJ0Foy

Score

10^/10

phorphiex

Malware Config

Extracted

Family

phorphiex

C2

http://91.202.233.141

Signatures

Phorphiex family
phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d17aa6f4f46a2f570815862fdd66b6802baa24b10984809800bee89f963aef72N.exe

Files

d17aa6f4f46a2f570815862fdd66b6802baa24b10984809800bee89f963aef72N.exe
.exe windows:5 windows x86 arch:x86

652bad30af4f722f78dcc1034111fbb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

__dllonexit
_lock
_onexit
_decode_pointer
_unlock
_invoke_watson
_controlfp_s
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_except_handler4_common
_amsg_exit

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW

shlwapi

PathFileExistsW

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
Sleep
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId

user32

wsprintfW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

652bad30af4f722f78dcc1034111fbb2

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

wininet

shlwapi

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 450B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 450B