LoexBot1[1][.]3[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

LoexBot1[1].3.rar
Size

1.0MB
MD5

339b8536372b7e8ac94097dd1f99a595
SHA1

49425311b26482d669d0700515051aaf03bbfe4e
SHA256

d54bce1fb9844106b6550423619a5eea9f4d4845bcff0c69bb1f26bfb4255b7d
SHA512

7243ac72d6894f217af56931dd36ac86c8a8d407ef73f376a0fa503e41b72483c873cf8f4bd15193c08adbe1fffa95edec4d66378a5a9104ccd9e4009d242729
SSDEEP

24576:JKdrPLhXxXUApMY3Q+5WZa4ta8JtYnRZ3JUK7Bta8Jta:ihX9p2ta8JOnX3J3ta8JQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/LoexBot1.3/Release/upx.exe	upx
static1/unpack001/LoexBot1.3/upx.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LoexBot1.3/Release/upx.exe
unpack001/LoexBot1.3/libmysql.dll
unpack001/LoexBot1.3/upx.exe

Files

LoexBot1[1].3.rar
.rar

Password: infected
LoexBot1.3/CleanUp.bat
LoexBot1.3/Defines.h
LoexBot1.3/FlashFxp.cpp
LoexBot1.3/FlashFxp.h
LoexBot1.3/Includes.h
LoexBot1.3/KillProc.cpp
LoexBot1.3/MS05-039-pp.cpp
LoexBot1.3/MS05-039-pp.h
LoexBot1.3/Readme.txt
LoexBot1.3/Release/pack.bat
LoexBot1.3/Release/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LoexBot1.3/advscan.cpp
LoexBot1.3/advscan.h
LoexBot1.3/aliaslog.cpp
LoexBot1.3/aliaslog.h
LoexBot1.3/autostart.cpp
.vbs
LoexBot1.3/autostart.h
LoexBot1.3/avirus.cpp
LoexBot1.3/avirus.h
LoexBot1.3/config.h
LoexBot1.3/dcom.cpp
LoexBot1.3/dcom.h
LoexBot1.3/dns.cpp
LoexBot1.3/dns.h
LoexBot1.3/download.cpp
LoexBot1.3/download.h
LoexBot1.3/driveinfo.cpp
LoexBot1.3/driveinfo.h
LoexBot1.3/extern.h
LoexBot1.3/firefox.cpp
LoexBot1.3/firefox.h
LoexBot1.3/fphost.cpp
LoexBot1.3/fphost.h
LoexBot1.3/ftpd.cpp
LoexBot1.3/ftpd.h
LoexBot1.3/functions.h
LoexBot1.3/hostauth.cpp
LoexBot1.3/hostauth.h
LoexBot1.3/httpd.cpp
LoexBot1.3/httpd.h
LoexBot1.3/icmpflood.cpp
LoexBot1.3/icmpflood.h
LoexBot1.3/identd.cpp
LoexBot1.3/identd.h
LoexBot1.3/irc_send.cpp
LoexBot1.3/irc_send.h
LoexBot1.3/libmysql.dll
.dll windows x86

Password: infected

a1b85ef4293a4aaf9538f270bb83c8df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getpeername
shutdown
closesocket
setsockopt
send
recv
inet_ntoa
inet_addr
WSAStartup
WSACleanup
gethostbyname
getservbyname
ntohs
socket
ioctlsocket
htons
WSAGetLastError
connect

kernel32

GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
DeleteFileA
GetLocaleInfoW
LCMapStringW
LCMapStringA
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
InterlockedExchange
GetEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateFileA
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
SetCurrentDirectoryA
OpenEventA
InitializeCriticalSection
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesExA
SetEndOfFile
SetFilePointer
InterlockedIncrement
DeleteCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
CreateSemaphoreA
InterlockedDecrement
ReleaseSemaphore
SetThreadPriority
Sleep
ReadFile
WriteFile
WaitForMultipleObjects
FreeEnvironmentStringsW
GetEnvironmentStrings
GetFileInformationByHandle
PeekNamedPipe
OpenFileMappingA
WriteConsoleA
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetFileAttributesA
SetStdHandle
GetFileType
DebugBreak
GetStdHandle
OutputDebugStringA
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
GetSystemTimeAsFileTime
ResumeThread
CreateThread
ExitThread
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
FatalAppExitA
SetHandleCount
GetStartupInfoA
SetLastError
GetCurrentThread
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
VirtualProtect
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
GetCPInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
FreeEnvironmentStringsA

user32

MessageBoxA

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1012KB - Virtual size: 1023KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LoexBot1.3/loaddll.cpp
LoexBot1.3/loaddll.h
LoexBot1.3/misc.cpp
LoexBot1.3/misc.h
LoexBot1.3/ms04_007_asn1.cpp
LoexBot1.3/ms04_007_asn1.h
LoexBot1.3/mssql.cpp
LoexBot1.3/mssql.h
LoexBot1.3/mydoom.cpp
LoexBot1.3/mydoom.h
LoexBot1.3/net.cpp
LoexBot1.3/net.h
LoexBot1.3/netapi.cpp
LoexBot1.3/netapi.h
LoexBot1.3/netheaders.h
LoexBot1.3/netutils.cpp
LoexBot1.3/netutils.h
LoexBot1.3/pack.bat
LoexBot1.3/passwd.h
LoexBot1.3/peer2peer.cpp
LoexBot1.3/peer2peer.h
LoexBot1.3/pnp.cpp
LoexBot1.3/pnp.h
LoexBot1.3/processes.cpp
LoexBot1.3/processes.h
LoexBot1.3/pstore.cpp
LoexBot1.3/pstore.h
LoexBot1.3/pstorec.tlh
LoexBot1.3/pstorec.tli
LoexBot1.3/rndnick.cpp
LoexBot1.3/rndnick.h
LoexBot1.3/sasser.cpp
LoexBot1.3/sasser.h
LoexBot1.3/scan.cpp
LoexBot1.3/sdbot05b.cpp
LoexBot1.3/sdbot05b.dsp
LoexBot1.3/sdbot05b.dsw
LoexBot1.3/sdbot05b.h
LoexBot1.3/sdbot05b.ncb
LoexBot1.3/sdbot05b.opt
LoexBot1.3/sdbot05b.plg
.html
LoexBot1.3/secure.cpp
LoexBot1.3/secure.h
LoexBot1.3/service.cpp
LoexBot1.3/shellcode.cpp
LoexBot1.3/shellcode.h
LoexBot1.3/sniffer.cpp
LoexBot1.3/sniffer.h
LoexBot1.3/socks.cpp
LoexBot1.3/socks.h
LoexBot1.3/spread.c
LoexBot1.3/synflood.cpp
LoexBot1.3/synflood.h
LoexBot1.3/taskhider.cpp
.js
LoexBot1.3/taskhider.h
LoexBot1.3/tcpip.h
LoexBot1.3/tftpd.cpp
LoexBot1.3/tftpd.h
LoexBot1.3/threads.cpp
LoexBot1.3/threads.h
LoexBot1.3/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LoexBot1.3/visit.cpp
LoexBot1.3/visit.h
LoexBot1.3/vncrooter.cpp
LoexBot1.3/vncrooter.h
LoexBot1.3/wks.CPP
LoexBot1.3/wks.h
LoexBot1.3/wkssvc.cpp
LoexBot1.3/wkssvc.h

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 121KB - Virtual size: 124KB

.rsrc Size: 1024B - Virtual size: 4KB

Password: infected

a1b85ef4293a4aaf9538f270bb83c8df

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 433KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 1012KB - Virtual size: 1023KB

.reloc Size: 24KB - Virtual size: 22KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 121KB - Virtual size: 124KB

.rsrc Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 121KB - Virtual size: 124KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 436KB - Virtual size: 433KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 1012KB - Virtual size: 1023KB

.reloc
Size: 24KB - Virtual size: 22KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 121KB - Virtual size: 124KB

.rsrc
Size: 1024B - Virtual size: 4KB