General
-
Target
Phatbot-NortonBot.rar
-
Size
2.9MB
-
MD5
468c6a889d70027bef6e1b36915f6c88
-
SHA1
6a78821a737c979a1c18590d1287b7e8fd0b7db0
-
SHA256
b5b6e28f4717cd47b6d830599b3b6af8556a20ef5e810322c731cef1febb72bb
-
SHA512
62408e4dea3ace0e5b09d7e3d6de4d7d210fb4370bfb592fa2f0b31e9752ecd9b9690a9d632faab3b5f0e96e81187c72f13556281f5ac0f5d10716c699809eca
-
SSDEEP
49152:X6uOi6/naZUcJJ5jxXsWeaRTYXPX0e94ojpBf7x9qU8ewpPGi/:X6uo4Jd5iaRcvhNpx6eSP1
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Phatbot-NortonBot.rar
Password: infected
-
phatbot_fixed_rls/3dnow.h
-
phatbot_fixed_rls/Makefile.am
-
phatbot_fixed_rls/Mods/glow/quick-commands-list.mrc
-
phatbot_fixed_rls/Mods/glow/sniffer.cpp
-
phatbot_fixed_rls/Mods/mods-readme.txt
-
phatbot_fixed_rls/acinit.sh
-
phatbot_fixed_rls/agobot3.dsp
-
phatbot_fixed_rls/agobot3.dsw
-
phatbot_fixed_rls/agobot3.rc
-
phatbot_fixed_rls/apl.txt
-
phatbot_fixed_rls/asmstub.OBJ
-
phatbot_fixed_rls/baglescanner.cpp
-
phatbot_fixed_rls/bnc.cpp
-
phatbot_fixed_rls/bnc.h
-
phatbot_fixed_rls/bot.cpp
-
phatbot_fixed_rls/bot.h
-
phatbot_fixed_rls/build.h
-
phatbot_fixed_rls/build.sh
-
phatbot_fixed_rls/changes.txt
-
phatbot_fixed_rls/cmdbase.h
-
phatbot_fixed_rls/cmdline.cpp
-
phatbot_fixed_rls/cmdline.h
-
phatbot_fixed_rls/cmdopt.h
-
phatbot_fixed_rls/cmdshell.cpp
-
phatbot_fixed_rls/cmdshell.h
-
phatbot_fixed_rls/commands.cpp
-
phatbot_fixed_rls/commands.h
-
phatbot_fixed_rls/confbase.h
-
phatbot_fixed_rls/config.cpp
-
phatbot_fixed_rls/config.def
-
phatbot_fixed_rls/configgui.exe
Password: infected
b0c91dbb91b1a6a48673be15d71fa488
Headers
Imports
Sections
-
phatbot_fixed_rls/configgui/StdAfx.cpp
-
phatbot_fixed_rls/configgui/StdAfx.h
-
phatbot_fixed_rls/configgui/configgui.clw
-
phatbot_fixed_rls/configgui/configgui.cpp
-
phatbot_fixed_rls/configgui/configgui.dsp
-
phatbot_fixed_rls/configgui/configgui.h
-
phatbot_fixed_rls/configgui/configgui.rc
-
phatbot_fixed_rls/configgui/configguiDlg.cpp
-
phatbot_fixed_rls/configgui/configguiDlg.h
-
phatbot_fixed_rls/configgui/md5/global.h
-
phatbot_fixed_rls/configgui/md5/md5.h
-
phatbot_fixed_rls/configgui/md5/md5c.cpp
-
phatbot_fixed_rls/configgui/res/bool.ico
-
phatbot_fixed_rls/configgui/res/char.ico
-
phatbot_fixed_rls/configgui/res/configgui.ico
-
phatbot_fixed_rls/configgui/res/int.ico
-
phatbot_fixed_rls/configgui/res/string.ico
-
phatbot_fixed_rls/configgui/resource.h
-
phatbot_fixed_rls/configgui/sapphire.cpp
-
phatbot_fixed_rls/configgui/sapphire.h
-
phatbot_fixed_rls/configs/gpl.txt
-
phatbot_fixed_rls/configs/sample.cfg
-
phatbot_fixed_rls/configure.ac
-
phatbot_fixed_rls/consdbg.cpp
-
phatbot_fixed_rls/consdbg.h
-
phatbot_fixed_rls/contrib.txt
-
phatbot_fixed_rls/cpanelscanner.cpp
-
phatbot_fixed_rls/cplugin.cpp
-
phatbot_fixed_rls/cplugin.h
-
phatbot_fixed_rls/crypter.cpp
-
phatbot_fixed_rls/crypter.h
-
phatbot_fixed_rls/cstring.cpp
-
phatbot_fixed_rls/cstring.h
-
phatbot_fixed_rls/cthread.cpp
-
phatbot_fixed_rls/cthread.h
-
phatbot_fixed_rls/cvar.cpp
-
phatbot_fixed_rls/cvar.h
-
phatbot_fixed_rls/dcom2scanner.cpp
-
phatbot_fixed_rls/dcomscanner.cpp
-
phatbot_fixed_rls/ddos.cpp
-
phatbot_fixed_rls/ddos.h
-
phatbot_fixed_rls/debug.sh
-
phatbot_fixed_rls/disclaimer.txt
-
phatbot_fixed_rls/doc/!New/Command Reference.htm
-
phatbot_fixed_rls/doc/!New/FAQ.htm
-
phatbot_fixed_rls/doc/!New/images/1.gif
-
phatbot_fixed_rls/doc/!New/images/2.jpg
-
phatbot_fixed_rls/doc/!New/images/3.jpg
-
phatbot_fixed_rls/doc/!New/images/4.gif
-
phatbot_fixed_rls/doc/!New/images/Executables.jpg
-
phatbot_fixed_rls/doc/!New/images/Includes.jpg
-
phatbot_fixed_rls/doc/!New/images/Libraries.jpg
-
phatbot_fixed_rls/doc/!New/setting.css
-
phatbot_fixed_rls/doc/Agobot.png
-
phatbot_fixed_rls/doc/Executables.jpg
-
phatbot_fixed_rls/doc/Includes.jpg
-
phatbot_fixed_rls/doc/Libraries.jpg
-
phatbot_fixed_rls/doc/agobot3.jpg
-
phatbot_fixed_rls/doc/agobug.jpg
-
phatbot_fixed_rls/doc/commandref.html
-
phatbot_fixed_rls/doc/faq.html
-
phatbot_fixed_rls/doc/gpl.txt
-
phatbot_fixed_rls/doc/history-icon.gif
-
phatbot_fixed_rls/doc/rules.txt
-
phatbot_fixed_rls/doc/templates/template.cpp
-
phatbot_fixed_rls/doc/templates/template.h
-
phatbot_fixed_rls/doc/templates/template_priv.cpp
-
phatbot_fixed_rls/doc/templates/template_priv.h
-
phatbot_fixed_rls/doomscanner.cpp
-
phatbot_fixed_rls/dwscanner.cpp
-
phatbot_fixed_rls/files.txt
-
phatbot_fixed_rls/fixes.txt
-
phatbot_fixed_rls/ftplib/Makefile.am
-
phatbot_fixed_rls/ftplib/ftplib.cpp
-
phatbot_fixed_rls/ftplib/ftplib.h
-
phatbot_fixed_rls/gpl.txt
-
phatbot_fixed_rls/harvest_aol.cpp
-
phatbot_fixed_rls/harvest_aol.h
-
phatbot_fixed_rls/harvest_cdkeys.cpp
-
phatbot_fixed_rls/harvest_cdkeys.h
-
phatbot_fixed_rls/harvest_emails.cpp
-
phatbot_fixed_rls/harvest_emails.h
-
phatbot_fixed_rls/harvest_registry.cpp
-
phatbot_fixed_rls/harvest_registry.h
-
phatbot_fixed_rls/hook.cpp
-
phatbot_fixed_rls/hook.h
-
phatbot_fixed_rls/hookdll/apihijack.cpp
-
phatbot_fixed_rls/hookdll/apihijack.h
-
phatbot_fixed_rls/hookdll/hookdll.cpp
-
phatbot_fixed_rls/hookdll/hookdll.def
-
phatbot_fixed_rls/hookdll/hookdll.dsp
-
phatbot_fixed_rls/hookdll/hookdll.h
-
phatbot_fixed_rls/httpflood.cpp
-
phatbot_fixed_rls/installer.cpp
-
phatbot_fixed_rls/installer.h
-
phatbot_fixed_rls/irc.cpp
-
phatbot_fixed_rls/irc.h
-
phatbot_fixed_rls/ircgate.cpp
-
phatbot_fixed_rls/ircgate.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/aes.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/asn1.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/asn1_mac.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/asn1t.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/bio.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/blowfish.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/bn.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/buffer.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/cast.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/comp.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/conf.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/conf_api.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/crypto.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/des.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/des_old.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/dh.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/dsa.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/dso.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/e_os2.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ebcdic.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ec.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/engine.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/err.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/evp.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/hmac.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/idea.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/krb5_asn.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/kssl.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/lhash.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/md2.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/md4.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/md5.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/mdc2.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/obj_mac.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/objects.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ocsp.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/opensslconf.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/opensslv.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ossl_typ.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/pem.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/pem2.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/pkcs12.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/pkcs7.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/rand.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/rc2.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/rc4.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/rc5.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ripemd.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/rsa.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/safestack.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/sha.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ssl.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ssl2.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ssl23.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ssl3.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/stack.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/symhacks.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/tls1.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/tmdiff.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/txt_db.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ui.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/ui_compat.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/x509.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/x509_vfy.h
-
phatbot_fixed_rls/lib/openssl/win32/include/openssl/x509v3.h
-
phatbot_fixed_rls/lib/openssl/win32/lib/libeay32.lib
-
phatbot_fixed_rls/lib/openssl/win32/lib/libeay32D.lib
-
phatbot_fixed_rls/lib/openssl/win32/lib/ssleay32.lib
-
phatbot_fixed_rls/lib/openssl/win32/lib/ssleay32D.lib
-
phatbot_fixed_rls/locscanner.cpp
-
phatbot_fixed_rls/logic.cpp
-
phatbot_fixed_rls/logic.h
-
phatbot_fixed_rls/mac.cpp
-
phatbot_fixed_rls/mac.h
-
phatbot_fixed_rls/main.h
-
phatbot_fixed_rls/mainctrl.cpp
-
phatbot_fixed_rls/mainctrl.h
-
phatbot_fixed_rls/md5/Makefile.am
-
phatbot_fixed_rls/md5/global.h
-
phatbot_fixed_rls/md5/md5.h
-
phatbot_fixed_rls/md5/md5c.cpp
-
phatbot_fixed_rls/message.h
-
phatbot_fixed_rls/nbscanner.cpp
-
phatbot_fixed_rls/p2p.cpp
-
phatbot_fixed_rls/p2p.h
-
phatbot_fixed_rls/phaticmp.cpp
-
phatbot_fixed_rls/phatsyn.cpp
-
phatbot_fixed_rls/polymorph.cpp
-
phatbot_fixed_rls/polymorph.h
-
phatbot_fixed_rls/radminscanner.cpp
-
phatbot_fixed_rls/radminscanner.h
-
phatbot_fixed_rls/random.cpp
-
phatbot_fixed_rls/random.h
-
phatbot_fixed_rls/redir_gre.cpp
-
phatbot_fixed_rls/redir_gre.h
-
phatbot_fixed_rls/redir_http.cpp
-
phatbot_fixed_rls/redir_http.h
-
phatbot_fixed_rls/redir_https.cpp
-
phatbot_fixed_rls/redir_https.h
-
phatbot_fixed_rls/redir_socks.cpp
-
phatbot_fixed_rls/redir_socks.h
-
phatbot_fixed_rls/redir_socks5.cpp
-
phatbot_fixed_rls/redir_socks5.h
-
phatbot_fixed_rls/redir_tcp.cpp
-
phatbot_fixed_rls/redir_tcp.h
-
phatbot_fixed_rls/redirect.cpp
-
phatbot_fixed_rls/redirect.h
-
phatbot_fixed_rls/resource.h
-
phatbot_fixed_rls/rsalib.cpp
-
phatbot_fixed_rls/rsalib.h
-
phatbot_fixed_rls/scanner.cpp
-
phatbot_fixed_rls/scanner.h
-
phatbot_fixed_rls/sdcompat.cpp
-
phatbot_fixed_rls/sdcompat.h
-
phatbot_fixed_rls/shellcode.cpp
-
phatbot_fixed_rls/shellcode.h
-
phatbot_fixed_rls/smtp.cpp
-
phatbot_fixed_rls/smtp.h
-
phatbot_fixed_rls/smtp_logic.cpp
-
phatbot_fixed_rls/smtp_logic.h
-
phatbot_fixed_rls/sniffer.cpp
-
phatbot_fixed_rls/sniffer.h
-
phatbot_fixed_rls/sockets.cpp
-
phatbot_fixed_rls/sockets.h
-
phatbot_fixed_rls/source_cacti.sh
-
phatbot_fixed_rls/source_stats.sh
-
phatbot_fixed_rls/sqlscanner.cpp
-
phatbot_fixed_rls/ssllib.cpp
-
phatbot_fixed_rls/ssllib.h
-
phatbot_fixed_rls/synflood.cpp
-
phatbot_fixed_rls/targa3.cpp
-
phatbot_fixed_rls/todo.txt
-
phatbot_fixed_rls/udpflood.cpp
-
phatbot_fixed_rls/upnpscanner.cpp
-
phatbot_fixed_rls/utility.cpp
-
phatbot_fixed_rls/utility.h
-
phatbot_fixed_rls/wdscanner.cpp
-
phatbot_fixed_rls/wksscanner.cpp
-
phatbot_fixed_rls/wonk.cpp