systembc | 68acbe23860fcebf344008d37030ba4f3d2a4e2fb209a72a2142690a32ba020f

Sharing

Copy URL

Twitter E-mail

General

Target

68acbe23860fcebf344008d37030ba4f3d2a4e2fb209a72a2142690a32ba020f
Size

30KB
MD5

7a0ae9fabc401ba06f5e0900a7abed9b
SHA1

d39f9fb40153e0c9c381c76fce0a167759972924
SHA256

68acbe23860fcebf344008d37030ba4f3d2a4e2fb209a72a2142690a32ba020f
SHA512

f6c64cfbbf984ae46f95630f4d28c8098862f39e53e19cda077119a1f16ab2520956db3216911a44d835768e71291da9ef91e47d9d1706e406fb717efeb9a60f
SSDEEP

768:MjFAuGdBYeHZe06aKOpghqjdZD93jUzEoJV6zMz5O:M/GdBYeHZe0LKOpOEnAzEovO

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

185.61.138.99:4115

pikabu.store:4115

Signatures

Systembc family
systembc

Files

68acbe23860fcebf344008d37030ba4f3d2a4e2fb209a72a2142690a32ba020f
.dll windows x86

336ba0094d2b5de8ffbca090807bd8cc

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextA
GetWindowThreadProcessId
CreateWindowExA
LoadCursorA
LoadIconA
RegisterClassA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow
GetMessageA
GetClassNameA
DispatchMessageA
DefWindowProcA
wsprintfA

kernel32

WaitForSingleObject
WriteFile
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitThread
FileTimeToSystemTime
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetLastError
GetLocalTime
GetModuleHandleA
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
OpenProcess
RemoveDirectoryA
SetEvent
SetFilePointer
VirtualFree
SystemTimeToFileTime
VirtualAlloc
Sleep

advapi32

CryptExportKey
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
GetSidSubAuthority
GetTokenInformation
GetUserNameW
OpenProcessToken
CryptImportKey

wsock32

htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
connect
closesocket
WSAStartup
WSACleanup

shell32

CommandLineToArgvW

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExW
QueryContextAttributesA
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
GetUserNameExA
InitSecurityInterfaceA
InitializeSecurityContextA

crypt32

CryptStringToBinaryA
CryptDecodeObject

psapi

GetModuleFileNameExA

Exports

Exports

rundll

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

336ba0094d2b5de8ffbca090807bd8cc

Code Sign

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

secur32

crypt32

psapi

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 648B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 648B