Backdoor[.]Win32[.]IRCNite[.]jbc-c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f

General

Target

Backdoor.Win32.IRCNite.jbc-c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
Size

159KB
MD5

709286f2947b18adb809110084227eea
SHA1

2e17106d559df79268d4a8b65b3edf2becc01daa
SHA256

c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
SHA512

3449920ebde4a20fe51cfe3dadda41c9ca220dc4d0eb2d782e13be074378c3f4653be8fa0492f50e8487756cb4d8ee003998f1bcc302cb54063f312a764dc6fa
SSDEEP

3072:f2gWOEjo6pqMLvJkSo1KArzoHHAgzzInpD:OgXM9UKGzYHAKO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.IRCNite.jbc-c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f

Files

Backdoor.Win32.IRCNite.jbc-c9907e55f0d5592ff335d35708baeb186e11300df90aa3aef1a142344ecc493f
.exe windows x86

94025c4deeede67c509e53d35b862000

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

nddeapi

NDdeShareEnumA
NDdeShareSetInfoA
NDdeShareGetInfoA

rsaenh

CPCreateHash
CPGenKey
CPDecrypt
CPDeriveKey

authz

AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeAuditEvent

user32

LoadCursorA
InsertMenuW
PeekMessageA
GetDlgItemTextA
MessageBoxA
GetMessageW
IsCharLowerW
PostMessageA
GetPropA
LoadBitmapW
CharToOemA

kernel32

SearchPathA
FindVolumeClose
GetStartupInfoW
ResumeThread
CreateFileA
InterlockedIncrement
WriteConsoleW
GetCommandLineA
CreateNamedPipeW
WaitForSingleObjectEx
LoadLibraryA
GetComputerNameExA
GetProcAddress
GetFileAttributesA
lstrcmpW
FormatMessageA
FindNextFileA
FileTimeToSystemTime
DeleteFileW
CreateDirectoryW
SetErrorMode
CreateSemaphoreW
FindFirstFileW
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetConsoleAliasA
GetCurrentDirectoryA
GetPriorityClass
FindResourceExW
GetLogicalDriveStringsW
CreateEventA

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.css
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94025c4deeede67c509e53d35b862000

Headers

DLL Characteristics

File Characteristics

Imports

nddeapi

rsaenh

authz

user32

kernel32

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 6KB

.css Size: - Virtual size: 320KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 6KB

.css
Size: - Virtual size: 320KB