SpazBot[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SpazBot.rar
Size

88KB
MD5

e5f228844bfeeddf2a2c2c6452a6f1ec
SHA1

a63a0c7544d6ab0a725d5c68569fbef19e9c29af
SHA256

672fa0ef6ce9fefd5a8f7c286ad4882df16721bd6db3ad99ed6d817380203229
SHA512

02bc14509f983abf8eb744e6e1e0b1ff2a22a742806d406a50fa90918e8ad28c63771178e232d4b9402cc9f6c536e81ebe388acfb36215ffcd1ca20bc007e0ba
SSDEEP

1536:dm3cfsHI8Ra/O9IJqEaQq6KC0MhF8CTUpFqx2qa/3GgENhSgI65/qmE6i/:ddfsPEp5q6P0wFspUx2qi21NtymEJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2.12/pstord.exe

Files

SpazBot.rar
.rar

Password: infected
2.12/README.txt
2.12/SpazBot.vbp
2.12/clsCPUID.cls
.vbs
2.12/clsExitWindows.cls
2.12/clsSocketPlus.cls
.vbs
2.12/clsStringBuilder.cls
.vbs
2.12/ctlDownload.ctl
.vbs
2.12/ctlSocks4.ctl
.vbs
2.12/exclude modules.txt
2.12/frmMain.frm
.vbs
2.12/hosts.txt
2.12/kill lists.enc
2.12/modAccessibility.bas
2.12/modCPUSpeed.bas
.vbs
2.12/modCRC32.bas
.vbs
2.12/modCommands.bas
.vbs
2.12/modDNS.bas
.vbs
2.12/modDOSOutput.bas
.vbs
2.12/modData.bas
.vbs
2.12/modDoS.bas
.vbs
2.12/modEncrypt.bas
.vbs
2.12/modFileSearch.bas
.vbs
2.12/modHomepage.bas
.vbs
2.12/modKillProc.bas
.vbs
2.12/modKillStuff.bas
.vbs
2.12/modMD5.bas
.vbs
2.12/modMain.bas
.vbs
2.12/modMutex.bas
.vbs
2.12/modPatchTCPIP.bas
.vbs
2.12/modRegistry.bas
.vbs
2.12/modSettings.bas
.vbs
2.12/modShellExec.bas
2.12/modSocketPlus.bas
.vbs
2.12/modSpreadAIM.bas
.vbs
2.12/modSpreadMSN.bas
.vbs
2.12/modStartup.bas
.vbs
2.12/modSysInfo.bas
.vbs
2.12/pstord.enc
2.12/pstord.exe
.exe windows x86

Password: infected

6f257f08d11ac7952f787315e08173ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
SetFilePointer
CreateFileA
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
LocalFree

user32

wsprintfA
IsCharAlphaNumericA

oleaut32

GetErrorInfo

msvcrt

exit
_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
strlen
__p__commode
strstr
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
_exit
_XcptFilter
memset
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2.12/resources.RES
2.12/resources.rc

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6f257f08d11ac7952f787315e08173ab

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

msvcrt

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 15KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 15KB