Extracted

• 220616-jddasahadk_pw_infected.zip

  .zip

  Password: infected

• brbbot.zip

  .zip

  Password: malware

• brbbot.exe

  .exe windows x64

  Password: infected

  475b069fec5e5868caeb7d4d89236c89

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  advapi32

  RegSetValueExA

  RegOpenKeyExA

  RegDeleteValueA

  RegFlushKey

  RegCloseKey

  CryptAcquireContextW

  CryptDeriveKey

  CryptReleaseContext

  CryptEncrypt

  CryptCreateHash

  CryptDestroyKey

  CryptDecrypt

  CryptDestroyHash

  CryptHashData

  wininet

  HttpSendRequestA

  InternetQueryDataAvailable

  InternetReadFile

  InternetCloseHandle

  HttpQueryInfoA

  InternetConnectA

  InternetOpenA

  HttpOpenRequestA

  InternetSetOptionA

  ws2_32

  gethostbyname

  WSACleanup

  WSAStartup

  inet_ntoa

  gethostname

  kernel32

  CreateFileW

  HeapSize

  WriteConsoleW

  SetStdHandle

  LoadLibraryW

  GetStringTypeW

  LCMapStringW

  LeaveCriticalSection

  EnterCriticalSection

  CreateFileA

  FindResourceA

  LoadResource

  HeapAlloc

  HeapFree

  GetProcessHeap

  WriteFile

  SizeofResource

  GetLastError

  LockResource

  GetModuleHandleA

  CloseHandle

  GetComputerNameA

  HeapReAlloc

  MoveFileExA

  WaitForSingleObject

  SetEvent

  GetModuleHandleW

  GetSystemWow64DirectoryA

  CreateProcessA

  GetSystemDirectoryA

  GetEnvironmentVariableA

  CopyFileA

  CreateEventW

  GetModuleFileNameA

  DeleteFileA

  GetFileSize

  ReadFile

  WideCharToMultiByte

  GetProcAddress

  GetTempFileNameA

  GetTempPathA

  FlushFileBuffers

  GetConsoleMode

  GetCommandLineW

  GetStartupInfoW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  EncodePointer

  DecodePointer

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  FlsGetValue

  FlsSetValue

  FlsFree

  SetLastError

  GetCurrentThreadId

  FlsAlloc

  ExitProcess

  GetStdHandle

  GetModuleFileNameW

  RtlUnwindEx

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  DeleteCriticalSection

  HeapSetInformation

  GetVersion

  HeapCreate

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  Sleep

  MultiByteToWideChar

  SetFilePointer

  GetConsoleCP

  user32

  GetDC

  Sections

  .text

  Size: 49KB - Virtual size: 48KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 192B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 774B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ