RevShell-BC-sam[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

RevShell-BC-sam.zip
Size

532KB
MD5

7b366e6ecd1295b5642f93d38c1f6548
SHA1

968012bc4dc9d64cb3e5cb283a489268d43e6383
SHA256

e157489d5a4f7aff1cb3cf08d98a37c051a9b1763c23753ddc92053fb6134dea
SHA512

5ac8c56c5d550e8d1182fc8d9676b5420c11332f9e30adf9b227c4d639df7ce93713ea9a8016e7e2b78a764e536caed997c7d53d1326d304c87989c495b952d0
SSDEEP

12288:p4rol/m2qm81InFfqohgN8MPCyN9A6MeE8rw4Eb:pLdmm86nFfLhgN8May8twEb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5db5dbe79636b17fbab78b9a16725ca8ea55d6a4c87b4e55de97495e9410b415

Files

RevShell-BC-sam.zip
.zip

Password: infected
5db5dbe79636b17fbab78b9a16725ca8ea55d6a4c87b4e55de97495e9410b415
.exe windows:4 windows x64

e717963cfea9be7cf777116d0f7f8e39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_initterm
_lseeki64
_onexit
_read
_setjmp
_strdup
_strnicmp
_ultoa
_write
_write
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
isspace
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

ws2_32

WSAConnect
WSASocketA
WSAStartup
htons
inet_addr

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e717963cfea9be7cf777116d0f7f8e39

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 640KB - Virtual size: 640KB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 57KB - Virtual size: 57KB

.pdata Size: 44KB - Virtual size: 43KB

.xdata Size: 58KB - Virtual size: 58KB

.bss Size: - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 224B

/19 Size: 82KB - Virtual size: 82KB

/31 Size: 4KB - Virtual size: 4KB

/45 Size: 5KB - Virtual size: 5KB

/57 Size: 1KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 838B

/81 Size: 5KB - Virtual size: 4KB

/92 Size: 512B - Virtual size: 496B

.text
Size: 640KB - Virtual size: 640KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 57KB - Virtual size: 57KB

.pdata
Size: 44KB - Virtual size: 43KB

.xdata
Size: 58KB - Virtual size: 58KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 224B

/19
Size: 82KB - Virtual size: 82KB

/31
Size: 4KB - Virtual size: 4KB

/45
Size: 5KB - Virtual size: 5KB

/57
Size: 1KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 838B

/81
Size: 5KB - Virtual size: 4KB

/92
Size: 512B - Virtual size: 496B