MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Phorpiex
Vendor detections: 6
| SHA256 hash: | 64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532 |
|---|---|
| SHA3-384 hash: | 26554d43ff16bd925c79b9d4210ad30218e212705b503b57a62c5d35ce8111f076ff4547523ac5f607863bba6c7ad0e4 |
| SHA1 hash: | fff1c09b6e710d1804716e6b6b6c055a899aa1fc |
| MD5 hash: | 4a94758d9b8bed45249bffffbaaa0460 |
| humanhash: | maine-nuts-indigo-seven |
| File name: | a.exe |
| Download: | download sample |
| Signature | Phorpiex |
| File size: | 33'280 bytes |
| First seen: | 2020-11-05 20:56:52 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 26f161d8edadd72c2f2c8827bc485796 (1 x Phorpiex) |
| ssdeep | 768:WsxfcgPh+RyV+/WsPFNWzdfwjr5uSfbdkwNY7uzMS:nxfcgPUHusNNWdwjrASfpkwW7uzM |
| TLSH | 72E26C0A1E6D9E64D6D88DB65F93C19E44B4CC100B2D4AC3F67B755F5E3CBD8B808282 |
| Reporter |  JoulK |
| Tags: | exe Phorpiex src |
Intelligence
File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
DNS request
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Creating a window
Launching a process
Creating a process from a recently created file
Creating a file
Searching for the window
Searching for many windows
Enabling the 'hidden' option for recently created files
Connection attempt
Changing a file
Moving a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Blocking the Windows Security Center notifications
Creating a file in the mass storage device
Sending an HTTP GET request to an infection source
Enabling threat expansion on mass storage devices by creating a special LNK file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Worm.Phorpiex
Status:
Malicious
First seen:
2020-11-04 19:26:58 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
phorphiex
Score:
10/10
Tags:
family:phorphiex evasion loader persistence ransomware spyware trojan worm
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Modifies service
Adds Run key to start application
Drops desktop.ini file(s)
Enumerates connected drives
Loads dropped DLL
Reads user/profile data of web browsers
Windows security modification
Executes dropped EXE
Modifies Installed Components in the registry
Modifies extensions of user files
Phorphiex Worm
Windows security bypass
Unpacked files
SH256 hash:
64cc82160edccda2bfd82d92b429ea0f98dcda9659a5c757b2748119847f5532
MD5 hash:
4a94758d9b8bed45249bffffbaaa0460
SHA1 hash:
fff1c09b6e710d1804716e6b6b6c055a899aa1fc
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.