systembc | b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074.zip
Size

18KB
MD5

d765e97bd50b652d18896329ee25d4d2
SHA1

9c0374a5a31d556558e9df932c794eff8058e0e5
SHA256

8144325e7af0e9b0d1de09d6f6b08854d7c7316b5340462d92b3cf61ece16148
SHA512

7cde85840e39793d6aaf6041bfe105d5044f4288e0bbcc9d34625ce565d246bea5b470ac23226dee98859c8bfd20ee8183f0430383f4b3bf128db922fece272f
SSDEEP

384:W5QPOlhh66LffrOt8Yqwx1U9E6/I0ijzCgYhYDRtvqbQU:E9Th66LLOt8TyU9/WCgcbQU

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

80.66.77.6:4001

80.66.77.60:4001

Signatures

Systembc family
systembc

Files

b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074.zip
.zip

Password: infected
b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074
.dll windows x64

4f5544a4a82fb2603e8d4a81a95f51db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA

ws2_32

ioctlsocket
connect
select
WSAIoctl
recv
inet_addr
socket
setsockopt
send
shutdown
closesocket
getaddrinfo
freeaddrinfo
inet_ntoa
WSAStartup
htons

advapi32

GetTokenInformation
GetSidSubAuthority
CryptDestroyKey
CryptExportKey
CryptImportKey
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken

kernel32

WaitForSingleObject
ExitThread
SetEvent
CreateThread
GetTempPathA
GetVolumeInformationA
VirtualAlloc
GetCurrentProcess
LocalAlloc
LocalFree
VirtualFree
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
Sleep
CreateEventA

secur32

GetUserNameExA
InitSecurityInterfaceA
DecryptMessage
EncryptMessage
QueryContextAttributesA
FreeContextBuffer
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
GetUserNameExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

crypt32

CryptDecodeObject
CryptStringToBinaryA

Exports

Exports

rundll

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

4f5544a4a82fb2603e8d4a81a95f51db

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

kernel32

secur32

ole32

crypt32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 852B

.reloc Size: 512B - Virtual size: 178B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 852B

.reloc
Size: 512B - Virtual size: 178B