phorphiex | 5f363a8bc6d75fd9b789e4b4a7a7c4aef30346b90929e9477ccff91370292cf6

Sharing

Copy URL

Twitter E-mail

General

Target

5f363a8bc6d75fd9b789e4b4a7a7c4aef30346b90929e9477ccff91370292cf6
Size

103KB
MD5

16d295d521a73eab44831edd9b79925e
SHA1

fc1e2bd155c9b9e729249cb09d71cb50160b75be
SHA256

5f363a8bc6d75fd9b789e4b4a7a7c4aef30346b90929e9477ccff91370292cf6
SHA512

0375c294b5108230a86d6c7e2ff5935b691855db1d2ae367fca311bd7a476d740028a9f77281326d8a0a4007034b345320bbfea731946ee05337ab9ec547b6ec
SSDEEP

1536:H3Mz8RYfwA7BE2G5TxCotEDZfFZsP6YlcVquXtnP3m74eyxyhq+c7:8wg9dGVxCo8ZfF2yY6V/tnPo4eyQfc

Score

10^/10

phorphiex

Malware Config

Signatures

Phorphiex family
phorphiex

Phorphiex payload 1 IoCs

resource	yara_rule
sample	family_phorphiex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f363a8bc6d75fd9b789e4b4a7a7c4aef30346b90929e9477ccff91370292cf6

Files

5f363a8bc6d75fd9b789e4b4a7a7c4aef30346b90929e9477ccff91370292cf6
.exe windows:5 windows x86 arch:x86

2184d9d3a232034fe754f63f14b273e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
WSAStartup
send
recv
ioctlsocket
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEnumNetworkEvents
WSAEventSelect
listen
WSAWaitForMultipleEvents
getpeername
accept
WSAGetOverlappedResult
WSACreateEvent
WSASocketA

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

HttpOpenRequestA
InternetOpenUrlW
InternetOpenUrlA
HttpQueryInfoA
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpAddRequestHeadersA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
memmove
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

CreateEventA
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetSystemInfo
PostQueuedCompletionStatus
GetProcessHeaps
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
CreateMutexA
GetLastError
ExitProcess
GetVolumeInformationW
SetFileAttributesW
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrcmpW
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW

user32

TranslateMessage
RegisterClassExW
wsprintfW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
DefWindowProcA
RegisterRawInputDevices
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wsprintfA
wvsprintfA
GetWindowLongW
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2184d9d3a232034fe754f63f14b273e9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

urlmon

wininet

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 35KB - Virtual size: 36KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 35KB - Virtual size: 36KB