systembc | 44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.zip
Size

6KB
MD5

6f602086b7c75ed5b454b9e1f4d1c237
SHA1

bff275f8a31e950a9d9d948b3fc45578f6baccfc
SHA256

759cc0adf3f2ba76ea46946c7bfb1029ad8eb0b6a3c1b3601f13aa312a2f0eb4
SHA512

4d7fabe7d2b2e2b3026e80d9d642200e14b49c8e313a05ebdc07f72dd0503d88523dd30108ab36471e1b0469b694552b946b0ba62e7af83367d26151af686a9a
SSDEEP

96:1hrspu2FCZWnsiEuJJYtNFwMKN17DSq3lXhHe0BGo6ALV/JnfuoOkbkT7ouEd:nrspuSYtNFwMu9ekA0wo6ALV/BFOs3

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

93.115.25.139:443

127.0.0.1:443

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.dll

Files

44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.zip
.zip

Password: infected
44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.dll
.dll windows x86

15d0b563bda8248b1bc2c80e6e502bc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
RegisterClassA
LoadIconA
LoadCursorA
GetWindowThreadProcessId
ShowWindow
TranslateMessage
UpdateWindow
wsprintfA
GetMessageA
GetClassNameA
DispatchMessageA
CreateWindowExA
DefWindowProcA
GetWindowTextA

kernel32

LocalFree
SetEvent
SetFilePointer
OpenProcess
RemoveDirectoryA
GetTempPathA
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
SystemTimeToFileTime
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
DeleteFileA
ExitThread
FileTimeToSystemTime
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetLocalTime
GetModuleHandleA
LocalAlloc
GetVolumeInformationA
Sleep

advapi32

GetSidSubAuthority
OpenProcessToken
GetTokenInformation

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSACleanup

shell32

CommandLineToArgvW

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExA
GetUserNameExW

psapi

GetModuleFileNameExA

Exports

Exports

rundll

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

15d0b563bda8248b1bc2c80e6e502bc6

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

secur32

psapi

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 356B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 356B