systembc | 07102023_1339_samples_part00[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

07102023_1339_samples_part00.zip
Size

1.2MB
MD5

f43927c3be5cad9523d8dab422f09ce2
SHA1

8d11c3e4be81df538401518bb679f3ddf4982ceb
SHA256

922ceb1d012920ad840955075cde0d92829d179d67e7116ebb97b61214d1b537
SHA512

650b83cc318c5c68b0a42c920b05b444991ebfbce73a66b2205ba39ea45134bef8cfc70d98f735553b66ad2fb6b5a286b587df5d77a99b282e3d4d7402d59f1d
SSDEEP

24576:y5HwQF5zbL/HtFuL+lGwp3WbTtGX9IqMjOLbCT0DR5eD0n:6QC1THtgL58WqMjOLT/rn

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

93.115.28.138:443

192.168.1.28:443

Signatures

Systembc family
systembc

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.bin
unpack001/048b7d11768267d538ae8066805e65a387d52c90ecfd929f695866120e853904.bin
unpack001/0f9f03bf486e3823a6ad596d4c1bd707fe19031acc0d17a3138409c8f3ee89ae.bin
unpack001/13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.bin
unpack001/13c6577c68731d9e93655897eecd39234af0eee76ba36844c8e57421c7a191d4.bin

Files

07102023_1339_samples_part00.zip
.zip
0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.bin
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
048b7d11768267d538ae8066805e65a387d52c90ecfd929f695866120e853904.bin
.exe windows:6 windows x86

ac02242614f7e8b38463eec95e866d14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetSystemDirectoryA
VirtualAlloc
MapViewOfFile
UnmapViewOfFile
GetProcAddress
CreateFileMappingA
LoadLibraryA
CreateActCtxA
ActivateActCtx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
QueryPerformanceFrequency
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
HeapReAlloc
RaiseException
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
SetFilePointerEx
WriteConsoleW
CreateFileW

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0f9f03bf486e3823a6ad596d4c1bd707fe19031acc0d17a3138409c8f3ee89ae.bin
.exe windows:5 windows x86

d8b16a288a1c30be5c0e239ee1263b71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
GetProfileSectionW
VerifyVersionInfoW
LocalFree
GetProcessPriorityBoost
VirtualQuery
GlobalGetAtomNameW
FindResourceW
GetComputerNameExA
GetModuleHandleA
GetTempPathW
BuildCommDCBAndTimeoutsA
GetProcAddress
VirtualProtect
_lwrite
LockFile
GetPrivateProfileStructA
GetDiskFreeSpaceExA
DefineDosDeviceW
SetVolumeMountPointW
GetAtomNameW
SetConsoleScreenBufferSize
EnumResourceLanguagesA
GetCPInfoExW
SetThreadContext
lstrlenW
SetProcessAffinityMask
SetConsoleCtrlHandler
IsProcessInJob
CopyFileW
lstrcpynA
WriteConsoleW
GetLastError
GetCommandLineW
SearchPathA
FormatMessageW
GetModuleHandleW
CreateJobObjectA
InitializeCriticalSection
FindNextVolumeA
GetConsoleCursorInfo
LoadLibraryW
MoveFileWithProgressW
WriteProfileSectionW
AddAtomW
InterlockedDecrement
LoadLibraryA
GetDefaultCommConfigA
SetLastError
TerminateThread
HeapFree
LeaveCriticalSection
GetComputerNameA
EnumSystemLocalesW
GetVersion
OpenMutexW
LocalFileTimeToFileTime
SearchPathW
GetProcessShutdownParameters
CreateMutexA
FormatMessageA
EnumDateFormatsW
GetNumberOfConsoleInputEvents
InterlockedExchangeAdd
FoldStringW
GlobalAlloc
GetFileInformationByHandle
GetConsoleScreenBufferInfo
GetFileAttributesA
GetSystemWindowsDirectoryA
ReadConsoleInputW
EnumDateFormatsA
GetPrivateProfileStructW
_hread
GetConsoleAliasA
CreateIoCompletionPort
lstrcatW
GetFullPathNameW
DebugBreakProcess
SetCurrentDirectoryW
SetCalendarInfoA
lstrcpyA
FindNextFileA
ReadConsoleOutputCharacterA
CopyFileExW
GetConsoleAliasW
MoveFileA
DeleteFileA
RaiseException
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
DeleteCriticalSection
EnterCriticalSection
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
InterlockedIncrement
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
DebugBreak
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
CloseHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA

user32

GetMessageTime

gdi32

GetCharWidthA
GetBoundsRect
SelectObject

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.bin
.exe windows:4 windows x86

244e050a81e77998691e7f8e5062a40a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetCommandLineA
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
CloseHandle
CreateEventA
CreateMutexA
CreateThread
ExitProcess
OpenMutexA
GetModuleHandleA
GetVolumeInformationA
SetEvent

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
13c6577c68731d9e93655897eecd39234af0eee76ba36844c8e57421c7a191d4.bin
.exe windows:5 windows x86

0588ee478c2f970a1d27d379ec7f0453

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
WriteConsoleInputW
TryEnterCriticalSection
WritePrivateProfileStructA
GetConsoleAliasesLengthW
CopyFileExW
GetModuleHandleExA
GetConsoleAliasExesA
SetComputerNameExA
GetDriveTypeW
MoveFileExA
DebugActiveProcessStop
lstrcpynA
GetConsoleAliasExesLengthA
FindResourceW
BuildCommDCBAndTimeoutsA
LoadResource
UpdateResourceA
InterlockedIncrement
_lwrite
GetQueuedCompletionStatus
VerSetConditionMask
ReadConsoleA
InterlockedDecrement
ZombifyActCtx
SetDefaultCommConfigW
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GetProfileSectionA
SetConsoleScreenBufferSize
InterlockedCompareExchange
WriteConsoleInputA
GetComputerNameW
GetModuleHandleW
GetTickCount
GetConsoleAliasesLengthA
GetDllDirectoryW
GetPrivateProfileStringW
GetConsoleTitleA
ReadConsoleOutputA
GetDateFormatA
GetCommandLineA
CreateActCtxW
EnumResourceTypesA
SetProcessPriorityBoost
GetDriveTypeA
GetPriorityClass
GetPrivateProfileIntA
GetSystemDirectoryW
CopyFileW
AssignProcessToJobObject
GetCalendarInfoA
ReadProcessMemory
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GetSystemWindowsDirectoryA
FormatMessageW
GetVersionExW
GetFileAttributesA
SetConsoleMode
GetConsoleAliasW
GetWriteWatch
VerifyVersionInfoA
GetBinaryTypeA
WritePrivateProfileSectionW
TerminateProcess
GetAtomNameW
GetMailslotInfo
GetCompressedFileSizeA
GetTimeZoneInformation
CreateFileW
GetOverlappedResult
GetACP
lstrcmpW
GetVolumePathNameA
lstrlenW
FindNextVolumeMountPointW
CreateMailslotW
DisconnectNamedPipe
DeactivateActCtx
GetNamedPipeHandleStateW
GetConsoleAliasesW
ReleaseActCtx
SetCurrentDirectoryA
GetStartupInfoA
GetCPInfoExW
FillConsoleOutputCharacterW
GetHandleInformation
GetLastError
GetLongPathNameW
ReadConsoleOutputCharacterA
CreateNamedPipeA
EnumDateFormatsExA
CreateTimerQueueTimer
WriteProfileSectionA
SetComputerNameA
VerLanguageNameW
GlobalGetAtomNameA
DefineDosDeviceA
ResetEvent
OpenWaitableTimerA
GetLocalTime
LoadLibraryA
WriteConsoleA
UnhandledExceptionFilter
InterlockedExchangeAdd
LocalAlloc
SetCalendarInfoW
WritePrivateProfileStringA
MoveFileA
SetConsoleOutputCP
GetExitCodeThread
AddAtomW
GetProfileStringA
HeapLock
GetCommMask
HeapWalk
GetTapeParameters
FoldStringA
SetSystemTime
GlobalWire
GetPrivateProfileSectionNamesA
GetOEMCP
FindNextFileA
EnumDateFormatsA
CreateIoCompletionPort
FindFirstChangeNotificationA
lstrcatW
FreeEnvironmentStringsW
FindNextFileW
GetStringTypeW
BuildCommDCBA
VirtualProtect
OutputDebugStringA
SetThreadAffinityMask
EndUpdateResourceA
CloseHandle
GetVersion
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
GetFileInformationByHandle
DebugBreak
FindActCtxSectionStringW
SuspendThread
lstrcpyA
SetUnhandledExceptionFilter
WideCharToMultiByte
GetStartupInfoW
HeapValidate
IsBadReadPtr
RaiseException
Sleep
GetProcAddress
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
GetCPInfo
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
DeleteCriticalSection
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
DeleteFileA
GetModuleHandleA

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 451KB - Virtual size: 450KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 32KB - Virtual size: 31KB

.rsrc Size: 575KB - Virtual size: 575KB

ac02242614f7e8b38463eec95e866d14

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 11KB - Virtual size: 17KB

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

d8b16a288a1c30be5c0e239ee1263b71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 79KB - Virtual size: 4.1MB

.rsrc Size: 27KB - Virtual size: 26KB

244e050a81e77998691e7f8e5062a40a

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

ws2_32

secur32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

0588ee478c2f970a1d27d379ec7f0453

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 187KB - Virtual size: 186KB

.data Size: 110KB - Virtual size: 362KB

.rsrc Size: 49KB - Virtual size: 48KB

CODE
Size: 451KB - Virtual size: 450KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 575KB - Virtual size: 575KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 11KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 79KB - Virtual size: 4.1MB

.rsrc
Size: 27KB - Virtual size: 26KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 187KB - Virtual size: 186KB

.data
Size: 110KB - Virtual size: 362KB

.rsrc
Size: 49KB - Virtual size: 48KB