AkBot-x0r-dns[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

AkBot-x0r-dns.rar
Size

88KB
MD5

9842020705382d29a3c3bc23dd2103f7
SHA1

bf5b1f98fb5bcaf4faa70a7c33cbb90ea87ffd0b
SHA256

cc026b253f48fc39b52bfa213a0491820cc4a42c500d85a0862186f7c4d648a1
SHA512

a2b5aeb182b21e15537ea91e0b2595f2eb4b6f41a3b1aa46f0f840e125c3ad63e5b44479187ee5251611686a1b264eea4557d401d5dcf6bdfb8be67c77c0c6c0
SSDEEP

1536:Ov2K27I8Jw4oVtXyecbHqYBUNEMv2OApRm3mBmp7fREQqwyVniEcOoEqL5VgbDtj:Ov2KuJHmJyZTqRNLvHpRE7wyliEcyK54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AkBot-x0r-dns/ConfigGUI.exe

Files

AkBot-x0r-dns.rar
.rar

Password: infected
AkBot-x0r-dns/ConfigGUI.exe
.exe windows x86

Password: infected

74169e82cc8cdf5b6f636c1fa3936b75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
ord594
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarAdd
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AkBot-x0r-dns/Yeni Metin Belgesi.txt
AkBot-x0r-dns/akbot.cpp
AkBot-x0r-dns/akbot.dsp
AkBot-x0r-dns/akbot.dsw
AkBot-x0r-dns/akbot.h
AkBot-x0r-dns/akbot.ncb
AkBot-x0r-dns/akbot.opt
AkBot-x0r-dns/akbot.plg
.html
AkBot-x0r-dns/asn.cpp
AkBot-x0r-dns/asn.h
AkBot-x0r-dns/config.h
AkBot-x0r-dns/config.txt
AkBot-x0r-dns/dnssrv.cpp
AkBot-x0r-dns/dnssrv.h
AkBot-x0r-dns/download.cpp
AkBot-x0r-dns/download.h
AkBot-x0r-dns/extern.h
AkBot-x0r-dns/external_ip.cpp
AkBot-x0r-dns/fake-httpder.cpp
AkBot-x0r-dns/ftpd.cpp
AkBot-x0r-dns/ftpd.h
AkBot-x0r-dns/fwbypass.cpp
AkBot-x0r-dns/fwbypass.h
AkBot-x0r-dns/httpd-exploiter.cpp
.js
AkBot-x0r-dns/httpd.h
AkBot-x0r-dns/include.h
AkBot-x0r-dns/ip.cpp
AkBot-x0r-dns/ip.h
AkBot-x0r-dns/ipswitch.cpp
AkBot-x0r-dns/irc.cpp
AkBot-x0r-dns/irc.h
AkBot-x0r-dns/netapi.cpp
AkBot-x0r-dns/netapi.h
AkBot-x0r-dns/process.cpp
AkBot-x0r-dns/process.h
AkBot-x0r-dns/readme.html
.html
AkBot-x0r-dns/scanner.cpp
AkBot-x0r-dns/scanner.h
AkBot-x0r-dns/thread.cpp
AkBot-x0r-dns/thread.h

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

74169e82cc8cdf5b6f636c1fa3936b75

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB