systembc | a130a2c82983817cd8f4d4bf6685cc19[.]bin

General

Target

a130a2c82983817cd8f4d4bf6685cc19.bin
Size

7KB
MD5

ba79f98baac7cd485edb4bfaa3bcc3c6
SHA1

a469b54d62287911856ae0a6e7e3082f7cd01bb3
SHA256

87de373056b9799bb232df3ff64099cc99c116c4c5ac730c9611f022f6ea22f1
SHA512

c5294809ae0e1be611ee72a026cd66d07663c410898a02a52a3cd3775fbffed450fbd485c2bb3e93ec60c3eefb999b4cfdfb31b2b9192cd193150fc5b6af4d53
SSDEEP

192:uqRj6U2WY4z+NMuHasI5qMOrY43pqlxQ/5aDltA:uqZ6ehzmQ5qMOrz3OoUDle

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

45.61.136.241:4001

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/33626834ce190f58584d566022ca50ff38f6b34d0231944ef0d27bd7ab7ae6b7.dll

Files

a130a2c82983817cd8f4d4bf6685cc19.bin
.zip

Password: infected
33626834ce190f58584d566022ca50ff38f6b34d0231944ef0d27bd7ab7ae6b7.dll
.dll windows:4 windows x86

7fb7ae4f64db732e394920baa7ca1fe4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ShowWindow
UpdateWindow
PostQuitMessage
LoadIconA
LoadCursorA
wsprintfA
RegisterClassA
TranslateMessage
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

SetEvent
SetFilePointer
Sleep
GetTempPathA
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
CloseHandle
CreateEventA
CreateFileA
CreateThread
ExitProcess
FileTimeToSystemTime
GetCurrentProcess
GetLocalTime
GetModuleHandleA
LocalFree
GetVolumeInformationA
LocalAlloc
SystemTimeToFileTime

advapi32

GetTokenInformation
OpenProcessToken
GetSidSubAuthority

wsock32

WSAStartup
closesocket
connect
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExW
GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

7fb7ae4f64db732e394920baa7ca1fe4

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

ws2_32

ole32

secur32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 428B

.reloc Size: 512B - Virtual size: 306B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 428B

.reloc
Size: 512B - Virtual size: 306B