Phoenix | e2be9c914358

Classifications

Spyware Keylogger Injector

Threat Names

Phoenix Mal/Generic-S Mal/HTMLGen-A Trojan.GenericKD.37661679 +1

Dynamic Analysis Report

Created on 2021-09-28T06:07:00

e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe

Windows Exe (x86-32)

Remarks (1/1)

Anti-Sleep Triggered (0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute" to "10 seconds" to reveal dormant functionality.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	11.50 KB
MD5	905f74fb158b50341e6dc710a60dad37
SHA1	b54645bb347a4c76d73f2ff0e46aa4bd9b010ae0
SHA256	e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335
SSDeep	192:jLJh5u6VcVAgygoOwiigkHXw72Hkp/d3G2btK4Ji:xhzgygoOwiigwXwXp/dLtK4J
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

AV Matches (1)

Threat Name	Verdict
Trojan.GenericKD.37661679	malicious

PE Information

Image Base	0x400000
Entry Point	0x40428e
Size Of Code	0x2400
Size Of Initialized Data	0x800
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2021-09-23 00:48:29+00:00

Version Information (7)

FileDescription
FileVersion	0.0.0.0
InternalName	scanned.exe
LegalCopyright
OriginalFilename	scanned.exe
ProductVersion	0.0.0.0
Assembly Version	0.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x2294	0x2400	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	4.79
.rsrc	0x406000	0x4d8	0x600	0x2600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.7
.reloc	0x408000	0xc	0x200	0x2c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0x4264	0x2464	0x0

Memory Dumps (3)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe	1	0x00400000	0x00409FFF	Relevant Image	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x006D0000	0x006D0FFF	First Execution	64-bit	0x006D0000	... Memory Dump Actions Go to Process Download Dump
clrjit.dll	1	0x7FFC3EF80000	0x7FFC3F084FFF	First Execution	64-bit	0x7FFC3F039A10	... Memory Dump Actions Go to Process Download Dump

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After