rundll
Behavioral task
behavioral1
Sample
f1e0f3ea8ffc3723feefa7d7f1037098.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f1e0f3ea8ffc3723feefa7d7f1037098.dll
Resource
win10v2004-20230220-en
General
-
Target
f1e0f3ea8ffc3723feefa7d7f1037098.bin
-
Size
8KB
-
MD5
f1e0f3ea8ffc3723feefa7d7f1037098
-
SHA1
7f2fee07d20757215ef5111599dee4d70145e81d
-
SHA256
859ad779718a6f32b24f77fead92a93f447b72a0d2448680352e35803758038d
-
SHA512
afb29b13d0093ec30933c624a0e345a9cd7569af80e2e548b8388d5cfbe0065273634dc39844e07c1f2cd806aec66e746836a0b8d0587d5024af771995d499ab
-
SSDEEP
96:A6oJmO/YdEXSDUB7ta4M8lbP5m/MM4odWLGS5cXuXCr2EmroO:ET/SIBRa4K/Zbdl2zf
Malware Config
Extracted
systembc
45.77.115.67:443
192.168.1.28:443
Signatures
-
Systembc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f1e0f3ea8ffc3723feefa7d7f1037098.bin
Files
-
f1e0f3ea8ffc3723feefa7d7f1037098.bin.dll windows x86
e5153bc984f5f5e1981ab2ad851c76c5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA
kernel32
CloseHandle
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
SetEvent
GetVolumeInformationA
GetModuleHandleA
ExitThread
CreateThread
CreateEventA
wsock32
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSAStartup
ws2_32
freeaddrinfo
WSAIoctl
getaddrinfo
secur32
GetUserNameExA
Exports
Exports
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 242B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ