systembc | socks32_tor[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

socks32_tor.dll
Size

31KB
MD5

ab2358024b8fa1f8d2ba06ff7980734f
SHA1

ee98a887090a0d04408d23ffb87fe933b2287107
SHA256

77eb1714a4eb6c8c138e3a013bb20633122039a71c46d7b579722baaa91c0f34
SHA512

a0958ac9ea9329ff6026ab22ce733970edc4e3604cbc5179c45ac76859789377e9fcdc704c04be30527e75cb362118bbcd8dc3022931111eb66cf9766ee02e74
SSDEEP

768:bS8Mc/ReGneyfP5iqiWsNhGDoh2EfoJdmA:8c/ReGnnhig4Lh2Efo

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

89.248.163.188:443

Signatures

Systembc family
systembc
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

socks32_tor.dll

resource
socks32_tor.dll

Files

socks32_tor.dll
.dll windows x86

6ba2dbf9e1289e7704922c7cf2960ae9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorA
LoadIconA
CreateWindowExA
RegisterClassA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow
GetWindowThreadProcessId
GetWindowTextA
GetMessageA
GetClassNameA
DispatchMessageA
DefWindowProcA
wsprintfA

kernel32

WriteFile
WaitForSingleObject
VirtualProtect
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitThread
FileTimeToSystemTime
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetLocalTime
GetModuleHandleA
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
OpenProcess
RemoveDirectoryA
SetEvent
SetFilePointer
Sleep
VirtualFree
VirtualAlloc
SystemTimeToFileTime

advapi32

CryptImportKey
CryptExportKey
CryptDestroyKey
CryptAcquireContextA
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
CryptReleaseContext

wsock32

htons
inet_addr
inet_ntoa
ioctlsocket
select
send
setsockopt
shutdown
socket
recv
connect
closesocket
WSAStartup
WSACleanup

shell32

CommandLineToArgvW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

ole32

CoCreateInstance
CoUninitialize
CoInitialize

netapi32

NetGetJoinInformation

secur32

FreeCredentialsHandle
InitSecurityInterfaceA
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
GetUserNameExW
GetUserNameExA
QueryContextAttributesA
InitializeSecurityContextA

crypt32

CryptStringToBinaryA
CryptDecodeObject

psapi

GetModuleFileNameExA

Exports

Exports

rundll

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

6ba2dbf9e1289e7704922c7cf2960ae9

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

netapi32

secur32

crypt32

psapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 656B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 656B