dopebot0[.]22[.]uncrippled[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

dopebot0.22.uncrippled.rar
Size

1.1MB
MD5

bc487a321f966901ccff083fdfb9d76d
SHA1

6dcc340434bb31fad044cec5b2cd1eb62122cbdf
SHA256

3773049e3dbec350e2004553ff55c966d6afd3d77cc324bea2b84e473c84e031
SHA512

a53a49b7ec2eac62ba22f50322f6742f7819c9fe0ce1bd623de32b717627f2f0f24e60d436584fc26812ea296cd68010323275f1edc0a7f72ea23cce4a66ded3
SSDEEP

24576:PPXhUutKiKDsfmYSjWEMU/120jtUwAwwHTkcOB1P6RsQFu4odASNPXh74L/t:iEKiK/YSKlANjKwUHm6OQwrN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dopebot_current/Files/driver.sys
unpack001/dopebot_current/Resources/Files/driver.sys
unpack001/dopebot_current/Resources/Files/hook.dll

Files

dopebot0.22.uncrippled.rar
.rar

Password: infected
dopebot_current/Bot/EliRT.h
dopebot_current/Bot/EliRT_COFF.lib
dopebot_current/Bot/Protocol/irc.cpp
dopebot_current/Bot/Protocol/irc.h
dopebot_current/Bot/Protocol/irc.rar
.rar

Password: infected
irc.cpp
dopebot_current/Bot/bot.cpp
dopebot_current/Bot/bot.h
dopebot_current/Bot/bt1.cpp
dopebot_current/Bot/bt1.h
dopebot_current/Bot/crypto.cpp
dopebot_current/Bot/crypto.h
dopebot_current/Bot/download.cpp
dopebot_current/Bot/download.h
dopebot_current/Bot/file.cpp
dopebot_current/Bot/file.h
dopebot_current/Bot/fwb.cpp
dopebot_current/Bot/fwb.h
dopebot_current/Bot/injection.cpp
dopebot_current/Bot/injection.h
dopebot_current/Bot/install.cpp
dopebot_current/Bot/install.h
dopebot_current/Bot/keylogger.cpp
dopebot_current/Bot/keylogger.h
dopebot_current/Bot/klgger.cpp
dopebot_current/Bot/klgger.h
dopebot_current/Bot/melt.cpp
dopebot_current/Bot/melt.h
dopebot_current/Bot/misc.cpp
dopebot_current/Bot/misc.h
dopebot_current/Bot/netinfo.cpp
dopebot_current/Bot/netinfo.h
dopebot_current/Bot/process.cpp
dopebot_current/Bot/process.h
dopebot_current/Bot/registry.cpp
dopebot_current/Bot/registry.h
dopebot_current/Bot/rootkit.cpp
dopebot_current/Bot/rootkit.h
dopebot_current/Bot/rt07.cpp
dopebot_current/Bot/rt07.h
dopebot_current/Bot/scanner.cpp
dopebot_current/Bot/scanner.h
dopebot_current/Bot/secure.cpp
dopebot_current/Bot/secure.h
dopebot_current/Bot/service.cpp
dopebot_current/Bot/service.h
dopebot_current/Bot/sfc.cpp
dopebot_current/Bot/sfc.h
dopebot_current/Bot/sh1.cpp
dopebot_current/Bot/sh1.h
dopebot_current/Bot/sniffer.cpp
dopebot_current/Bot/sniffer.h
dopebot_current/Bot/stealth.cpp
dopebot_current/Bot/stealth.h
dopebot_current/Bot/sysinfo.cpp
dopebot_current/Bot/sysinfo.h
dopebot_current/Bot/tcpip.h
dopebot_current/Bot/transfer.cpp
dopebot_current/Bot/transfer.h
dopebot_current/Bot/unhook.cpp
dopebot_current/Bot/unhook.h
dopebot_current/Bot/wkssvc.cpp
dopebot_current/Bot/wkssvc.h
dopebot_current/DDOS/bandwithflood.cpp
dopebot_current/DDOS/bandwithflood.h
dopebot_current/Daemons/ftpd.cpp
dopebot_current/Daemons/ftpd.h
dopebot_current/Daemons/identd.cpp
dopebot_current/Daemons/identd.h
dopebot_current/Daemons/tftpd.cpp
dopebot_current/Daemons/tftpd.h
dopebot_current/Documents/bugs.txt
dopebot_current/Documents/changes.txt
dopebot_current/Documents/commands.txt
dopebot_current/Documents/todo.txt
dopebot_current/EliRT_COFF.lib
dopebot_current/Files/driver.sys
.exe windows x86

Password: infected

a46f16a73a80054a5c6f146b98f15f65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
IoGetCurrentProcess
RtlCompareMemory
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IofCompleteRequest
ZwQuerySystemInformation
ZwQueryDirectoryFile
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dopebot_current/Hook/hook.cpp
dopebot_current/Hook/hook.dsp
dopebot_current/Resources/Files/driver.sys
.exe windows x86

Password: infected

a46f16a73a80054a5c6f146b98f15f65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

strncpy
IoGetCurrentProcess
RtlCompareMemory
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IofCompleteRequest
ZwQuerySystemInformation
ZwQueryDirectoryFile
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dopebot_current/Resources/Files/hook.dll
.dll windows x86

Password: infected

0b69d5093becb476150c8c4a428dc314

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetProcAddress
GetModuleHandleA
lstrcmpiA
FindFirstFileA
FindNextFileA
WideCharToMultiByte
FindFirstFileW
FindNextFileW

msvcrt

_stricmp
sprintf

shlwapi

PathStripPathA

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dopebot_current/Resources/res.rc
dopebot_current/Settings/config.h
dopebot_current/Settings/defines.h
dopebot_current/Settings/externs.h
dopebot_current/Spreaders/lsasspreader.cpp
dopebot_current/Spreaders/lsasspreader.h
dopebot_current/Spreaders/optixspreader.cpp
dopebot_current/Spreaders/optixspreader.h
dopebot_current/Temp/Hook/hook.obj
dopebot_current/Temp/Hook/hook.pch
dopebot_current/Temp/Hook/vc60.idb
dopebot_current/dopebot.dsp
dopebot_current/dopebot.dsw
dopebot_current/dopebot.ncb
dopebot_current/dopebot.opt
.js
dopebot_current/dopebot.plg
.html
dopebot_current/stub.dat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

a46f16a73a80054a5c6f146b98f15f65

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 142B

.data Size: 512B - Virtual size: 40B

INIT Size: 512B - Virtual size: 414B

.reloc Size: 512B - Virtual size: 184B

Password: infected

a46f16a73a80054a5c6f146b98f15f65

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 142B

.data Size: 512B - Virtual size: 40B

INIT Size: 512B - Virtual size: 414B

.reloc Size: 512B - Virtual size: 184B

Password: infected

0b69d5093becb476150c8c4a428dc314

Headers

File Characteristics

Imports

kernel32

msvcrt

shlwapi

Sections

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 102B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 142B

.data
Size: 512B - Virtual size: 40B

INIT
Size: 512B - Virtual size: 414B

.reloc
Size: 512B - Virtual size: 184B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 142B

.data
Size: 512B - Virtual size: 40B

INIT
Size: 512B - Virtual size: 414B

.reloc
Size: 512B - Virtual size: 184B

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 102B