General
-
Target
Rx_Temptation.rar
-
Size
252KB
-
MD5
0e739e4b87c4ff60888d31c4baef1684
-
SHA1
7cc06ec61db02599d6aa1382a658eef4bb91e8dd
-
SHA256
6f8a4f7039c9d7a9011defa78ff0f019a71097d7c48b94dad31fbbeec5303172
-
SHA512
345d163ba12370e56887c943e41578070603240c097ccb9a5c9280631ee6b0250dfb82e126ca10347ec355977900cc487c68bd989d4f833888aeb58e8b23e102
-
SSDEEP
6144:xTYAB5fL35jHtv78wm86fspQsTq/e7ivRuVU:xTRrJphusTVDy
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Rx_Temptation.rar
Password: infected
-
!README.txt
-
Commands.txt
-
Release/BuildLog.htm
-
advscan.cpp
-
advscan.h
-
aliaslog.cpp
-
aliaslog.h
-
antidebuggers.cpp
-
antidebuggers.h
-
autostart.cpp
-
autostart.h
-
avirus.cpp
-
avirus.h
-
capture.cpp
-
capture.h
-
cdkeys.cpp
-
cdkeys.h
-
configs.h
-
crc32.cpp
-
crc32.h
-
crypt.bat
Password: infected
c9d7cf020c6e06403cc066918e8fff72
Headers
Imports
Sections
-
crypt.cpp
-
crypt.h
-
dcc.cpp
-
dcc.h
-
dcom.cpp
-
dcom.h
-
dcom2.cpp
-
dcom2.h
-
ddos.cpp
-
ddos.h
-
defines.h
-
depth.cpp
-
depth.h
-
depth2.cpp
-
depth2.h
-
depth3.cpp
-
depth3.h
-
depth4.cpp
-
depth4.h
-
depth5.cpp
-
depth5.h
-
depth6.cpp
-
depth6.h
-
depth7.cpp
-
depth7.h
-
dns.cpp
-
dns.h
-
download.cpp
-
download.h
-
driveinfo.cpp
-
driveinfo.h
-
ehandler.cpp
-
ehandler.h
-
email.cpp
-
email.h
-
externs.h
-
findfile.cpp
-
findfile.h
-
findpass.cpp
-
findpass.h
-
fphost.cpp
-
fphost.h
-
functions.h
-
globals.h
-
gssecureftpd.cpp
-
help.txt
-
httpd.cpp
-
httpd.h
-
icmpflood.cpp
-
icmpflood.h
-
ident.cpp
-
ident.h
-
includes.h
-
irc_send.cpp
-
irc_send.h
-
keylogger.cpp
-
keylogger.h
-
lib.cpp
-
loaddlls.cpp
-
loaddlls.h
-
lsass.cpp
-
lsass.h
-
massmail.cpp
-
mirc.cpp
-
mirc.h
-
misc.cpp
-
misc.h
-
ms04_007_asn1.cpp
-
ms04_007_asn1.h
-
ms04_007_asn1_FTP.cpp
-
ms04_007_asn1_FTP.h
-
msg.cpp
-
msmq.cpp
-
msmq.h
-
mssql.cpp
-
mssql.h
-
mssql_exec.cpp
-
mssql_preauth.cpp
-
mssql_res.cpp
-
myshellcode.asm
-
net.cpp
-
net.h
-
netbios.cpp
-
netbios.h
-
netterm_netftpd.cpp
-
netutils.cpp
-
netutils.h
-
nicklist.h
-
passwd.h
-
pingudp.cpp
-
pingudp.h
-
processes.cpp
-
processes.h
-
psniff.cpp
-
psniff.h
-
rBot.cpp
-
rBot.dsp
-
rBot.dsw
-
rBot.h
-
rBot.opt
-
rBot.plg
-
rBot.sln
-
rBot.suo
-
rBot.vcproj
-
redirect.cpp
-
redirect.h
-
remotecmd.cpp
-
remotecmd.h
-
reqbuf.bin
-
rlogind.cpp
-
rlogind.h
-
rndnick.cpp
-
rndnick.h
-
sasser.cpp
-
sasser.h
-
scan.cpp
-
scan.h
-
search.cpp
-
secure.cpp
-
secure.h
-
servuftpd.cpp
-
session.cpp
-
session.h
-
shellcode.cpp
-
shellcode.h
-
smtp.cpp
-
smtp.h
-
socks4.cpp
-
socks4.h
-
speedtest.cpp
-
speedtest.h
-
synflood.cpp
-
synflood.h
-
sysinfo.cpp
-
sysinfo.h
-
tcpflood.cpp
-
tcpflood.h
-
tcpflood2.cpp
-
tcpflood2.h
-
tcpip.h
-
terminateflood.cpp
-
terminateflood.h
-
tftpd.cpp
-
tftpd.h
-
thcsql.cpp
-
thcsql.h
-
threads.cpp
-
threads.h
-
veritas.cpp
-
veritas.h
-
visit.cpp
-
visit.h
-
wildcard.cpp
-
wildcard.h
-
wks.cpp
-
wks.h
-
wkssvc.cpp
-
wkssvc.h
-
workstation.cpp
-
ws_ftp.cpp
-
zipstore.cpp
-
zipstore.h