sd_bot_all[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

sd_bot_all.zip
Size

393KB
MD5

06b17aecd7f744a502f0789f88c1e4c3
SHA1

47cf0991e907ea69db79a342913fbb8f93e98532
SHA256

8074ec5af0fff03c05d1077d6b8a7d1c944829a1298753f13d5f1cc6d536a3a2
SHA512

8de2abf1aec42c94319da4ce66b842ee85fc56dbed724de25904155a6f3a202e6453fdbcb86601bb040c37c7258a4b2738bf99ff4fda9de01054722cebf3dff7
SSDEEP

12288:qIdRHxp4LxXoUW4kzan2bTfWPn6jh15yt:qId5x2MZzan2bDWcyt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack009/tools/upx.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack009/tools/cryptstr.exe
unpack009/tools/mkpasswd.exe
unpack009/tools/upx.exe

Files

sd_bot_all.zip
.zip

Password: infected
SDbot05b-getadm.rar
.rar

Password: infected
SDbot05b-getadm/commandref.html
.html
SDbot05b-getadm/make-lcc.bat
.bat .vbs
SDbot05b-getadm/make-mingw.bat
.bat .vbs
SDbot05b-getadm/readme.txt
SDbot05b-getadm/sdbot.jpg
.jpg
SDbot05b-getadm/sdbot05b.c
SDbot05b-getadm/sdbot05b.cpp
SDbot05b-getadm/sdbot05b.dsp
SDbot05b-getadm/sdbot05b.dsw
SDbot05b-getadm/sdbot05b.sln
SDbot05b-getadm/sdbot05b.suo
SDbot05b-getadm/sdbot05b.vcproj
.xml
sd_fake_xdcc_by_Synco.zip
.zip

Password: infected
Icon.ico
commandref.html
.html
lcc/Makefile
make-lcc.bat
.bat .vbs
make-mingw.bat
.bat .vbs
readme.txt
resource.h
sd.prj
sdbot.jpg
.jpg
sdbot05b.c
sdbot05b.obj
sdbot05b.~c
syncbot.aps
syncbot.rc
sdbot05a.rar
.rar

Password: infected
sdbot05a/SDBOT05A.CPP
.vbs
sdbot05a/commandref.html
.html
sdbot05a/make.bat
sdbot05a/readme.txt
sdbot05a/sdbot.jpg
.jpg
sdbot05a/sdbot05a.c
.vbs
sdbot05a/sdbot05a.dsp
sdbot05a/sdbot05a.dsw
sdbot05b-AE.zip
.zip

Password: infected
AE.txt
SRT.lib
make.bat
.bat .vbs
sdbot05b.asm
sdbot05b.c
sdbot05b-ago.rar
.rar

Password: infected
sdbot/client.h
sdbot/commandref.html
.html
sdbot/mac.cpp
sdbot/make-lcc.bat
.bat .vbs
sdbot/make-mingw.bat
.bat .vbs
sdbot/readme.txt
sdbot/sdbot.h
sdbot/sdbot.jpg
.jpg
sdbot/sdbot05b.cpp
sdbot/sdbot05b.dsp
sdbot/sdbot05b.dsw
sdbot05b.zip
.zip

Password: infected
commandref.html
.html
make-lcc.bat
.bat .vbs
make-mingw.bat
.bat .vbs
readme.txt
sdbot.jpg
.jpg
sdbot05b.c
sdbot05b.cpp
sdbot05b.dsp
sdbot05b.dsw
sdbot05b_syn_&_nick.rar
.rar

Password: infected
commandref.html
.html
make-lcc.bat
.bat .vbs
readme.txt
sdbot.jpg
.jpg
sdbot05b.c
sdbot_syn_secure_1.zip
.zip

Password: infected
README.txt
SDBOT05B.C
crypt.h
make-lcc.bat
.bat .vbs
md5.c
md5sum.c
tools/cryptstr.exe
.exe windows x86

e3f03b57f8c82ef8407ef77387caf7ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

crtdll

__GetMainArgs
atoi
exit
gets
printf
raise
signal

Sections

.text
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 108B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 380B - Virtual size: 380B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/cryptstr.tar.gz
.gz
tools/mkpasswd.exe
.exe windows x86

a1750d7b3ec33bc47fd97f1c4db89efe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

crtdll

__GetMainArgs
exit
getchar
gets
memcpy
memset
printf
raise
signal
strcat
strcmp
strncat
strncmp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 132B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 168B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 528B - Virtual size: 528B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/mkpasswd.tar.gz
.gz
tools/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

L
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

e3f03b57f8c82ef8407ef77387caf7ef

Headers

File Characteristics

Imports

kernel32

crtdll

Sections

.text Size: 928B - Virtual size: 928B

.rdata Size: 88B - Virtual size: 88B

.data Size: 108B - Virtual size: 108B

.idata Size: 380B - Virtual size: 380B

a1750d7b3ec33bc47fd97f1c4db89efe

Headers

File Characteristics

Imports

kernel32

crtdll

Sections

.text Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 132B

.data Size: 168B - Virtual size: 168B

.idata Size: 528B - Virtual size: 528B

Headers

File Characteristics

Sections

L Size: - Virtual size: 112KB

T Size: 79KB - Virtual size: 80KB

UPX2 Size: 512B - Virtual size: 4KB

.text
Size: 928B - Virtual size: 928B

.rdata
Size: 88B - Virtual size: 88B

.data
Size: 108B - Virtual size: 108B

.idata
Size: 380B - Virtual size: 380B

.text
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 132B

.data
Size: 168B - Virtual size: 168B

.idata
Size: 528B - Virtual size: 528B

L
Size: - Virtual size: 112KB

T
Size: 79KB - Virtual size: 80KB

UPX2
Size: 512B - Virtual size: 4KB