Summary | ZeroBOX

phorm.exe

Worm Phorpiex Malicious Library PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 15, 2021, 6:11 p.m. Sept. 15, 2021, 6:13 p.m.
Size 9.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 400fc2e410b02fb12db7634c8221f51c
SHA256 191e85467c65e5e382e384b39edeea61f4daad41c3c192d2be70e1c3ab2f0760
CRC32 DBE0E3C0
ssdeep 96:Q8RK3EF+kzplYp3stt67oU5R4u6EGjjT9ePtboyn0nU6TWS/cCtcb2S:1K32xzpeBokrGTcP1oynmU6TWS/3cbP
PDB Path
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win_Worm_Phorpiex - a worm which spreads via removable drives and network drives.
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path
packer Armadillo v1.71
description phorm.exe tried to sleep 122 seconds, actually delayed analysis time by 118 seconds
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Phorpiex Remover reg_value C:\Users\test22\PhorpiexRemover.exe
file C:\Users\test22\AppData\Local\Temp\phorm.exe:Zone.Identifier
Lionic Trojan.Win32.Zonidel.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee RDN/Generic.dx
Cylance Unsafe
CrowdStrike win/malicious_confidence_60% (W)
Alibaba Trojan:Win32/Zonidel.96e7fe62
K7GW Trojan ( 0058253a1 )
K7AntiVirus Trojan ( 0058253a1 )
Arcabit Trojan.Mint.Zard.39
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Agent.ADMJ
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Zonidel.gen
BitDefender Gen:Heur.Mint.Zard.39
NANO-Antivirus Trojan.Win32.Zonidel.jbbiel
MicroWorld-eScan Gen:Heur.Mint.Zard.39
Avast Win32:Trojan-gen
Ad-Aware Gen:Heur.Mint.Zard.39
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.400fc2e410b02fb1
Emsisoft Gen:Heur.Mint.Zard.39 (B)
Avira TR/Crypt.XPACK.Gen
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Gen:Heur.Mint.Zard.39
VBA32 BScope.Trojan.Tiggre
ALYac Gen:Heur.Mint.Zard.39
MAX malware (ai score=88)
Rising Trojan.Generic@ML.90 (RDML:dzB5pRgOKMqpQ0Q1hWz6VA)
SentinelOne Static AI - Malicious PE
Fortinet W32/Agent.ADMJ!tr
BitDefenderTheta AI:Packer.B311DA271F
AVG Win32:Trojan-gen