Sbot-RARSpreader[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Sbot-RARSpreader.rar
Size

1.8MB
MD5

798b16d4018b74a74555938deb06d619
SHA1

17b328f0967f1b5e02d637b40a80043a83210d98
SHA256

9aef05c05d25c73cf1778788a91f1587a23fb14d1e61283ace9481e5ef8df023
SHA512

432655341d2ab5054b196f1754f88a19f4a7cfc710330f3a41ff0cc17839196542b550f64d7310cf025df6e40c248b33fdd8ed2d8a5bb5dbd7f7cec0baf15c5d
SSDEEP

49152:nkcmn0AgDTaRwGkOEucnLTEgE2NbgaI6zz4xyIvk:nk4Ag3aiGkfuOEsbgazzz5x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sbot-RARSpreader/Debug/shadowbot.jpg

Files

Sbot-RARSpreader.rar
.rar .ps1

Password: infected
Sbot-RARSpreader/Debug/ModAddToRar.obj
Sbot-RARSpreader/Debug/ModBotKiller.obj
Sbot-RARSpreader/Debug/ModHttpServer.obj
Sbot-RARSpreader/Debug/ModMemoryFind.obj
Sbot-RARSpreader/Debug/ModMisc.obj
Sbot-RARSpreader/Debug/ModRarInfect.obj
Sbot-RARSpreader/Debug/shadowbot.ilk
Sbot-RARSpreader/Debug/shadowbot.jpg
.exe windows x86

Password: infected

948e4a9ff89cca7dcdd838b187899c0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalAlloc
UnmapViewOfFile
lstrlenA
MapViewOfFile
CreateFileMappingA
SetFilePointer
WriteFile
CloseHandle
GetFileSize
CreateFileA
Sleep
ReadProcessMemory
OpenProcess
Module32Next
DeleteFileA
TerminateProcess
SetFileAttributesA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetModuleFileNameA
GetModuleHandleA
ReadFile
lstrcatA
GetTempPathA
lstrcpyA
CreateThread
GetTickCount
CreateProcessA
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
GetFullPathNameA
SetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
ExitThread
GetLocaleInfoA
GetLastError
CreateMutexA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA
SetConsoleCtrlHandler
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetSystemTime
GetLocalTime
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

user32

CharLowerA
wsprintfA

ws2_32

WSACleanup
inet_ntoa
WSAStartup
connect
htons
bind
listen
accept
recv
closesocket
send
inet_addr
socket
gethostbyname

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sbot-RARSpreader/Debug/shadowbot.obj
Sbot-RARSpreader/Debug/shadowbot.pch
Sbot-RARSpreader/Debug/shadowbot.pdb
Sbot-RARSpreader/Debug/vc60.idb
Sbot-RARSpreader/Debug/vc60.pdb
Sbot-RARSpreader/ModAddToRar.cpp
Sbot-RARSpreader/ModBotKiller.cpp
Sbot-RARSpreader/ModHide.cpp
Sbot-RARSpreader/ModHttpServer.cpp
Sbot-RARSpreader/ModMemoryFind.cpp
Sbot-RARSpreader/ModMisc.cpp
Sbot-RARSpreader/ModRarInfect.cpp
Sbot-RARSpreader/MysqlCracker.cpp
Sbot-RARSpreader/externs.h
Sbot-RARSpreader/includes.h
Sbot-RARSpreader/shadowbot.cpp
Sbot-RARSpreader/shadowbot.dsp
Sbot-RARSpreader/shadowbot.dsw
Sbot-RARSpreader/shadowbot.ncb
Sbot-RARSpreader/shadowbot.opt
Sbot-RARSpreader/shadowbot.plg
.html

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

948e4a9ff89cca7dcdd838b187899c0f

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

wininet

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB