systembc | systembc_unpacked | Triage

Sharing

General

Target

systembc_unpacked
Size

8KB
MD5

f1e0f3ea8ffc3723feefa7d7f1037098
SHA1

7f2fee07d20757215ef5111599dee4d70145e81d
SHA256

859ad779718a6f32b24f77fead92a93f447b72a0d2448680352e35803758038d
SHA512

afb29b13d0093ec30933c624a0e345a9cd7569af80e2e548b8388d5cfbe0065273634dc39844e07c1f2cd806aec66e746836a0b8d0587d5024af771995d499ab
SSDEEP

96:A6oJmO/YdEXSDUB7ta4M8lbP5m/MM4odWLGS5cXuXCr2EmroO:ET/SIBRa4K/Zbdl2zf

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

45.77.115.67:443

192.168.1.28:443

Signatures

Systembc family
systembc
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

systembc_unpacked

Files

systembc_unpacked
.dll windows x86

e5153bc984f5f5e1981ab2ad851c76c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

CloseHandle
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
SetEvent
GetVolumeInformationA
GetModuleHandleA
ExitThread
CreateThread
CreateEventA

wsock32

closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSAStartup

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ