rundll
Behavioral task
behavioral1
Sample
wizard.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
wizard.dll
Resource
win10v2004-20231020-en
General
-
Target
16112023_2055_wizard_systembc.zip
-
Size
8KB
-
MD5
4839cf7cf6b828cd5f2f920510b2356e
-
SHA1
be3459d3d16fee82011e0af0dee3e5dcae45472a
-
SHA256
9124ff5f4b0866441bcb1d0bdc93c80e7d5eb09700ecb05daa68c38a12ab54bb
-
SHA512
90b6dd45028d1fe1c25a8d438ed51b5e0cb8a1d042825d09f9021b15c0a5845b76e00788d6b46808aef925d7d8300590294aa41432e510a54ac2e796149884f1
-
SSDEEP
192:BhXdwT+lq5a6cbQmKy3D9rsGsNcQOiXadTpKLKzatO9DI:fCT+lB6WKyT2tNxjXa2LKzd9DI
Malware Config
Extracted
systembc
62.173.140.37:4001
Signatures
-
Systembc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/wizard.cpl
Files
-
16112023_2055_wizard_systembc.zip.zip
Password: infected
-
wizard.cpl.dll windows:4 windows x86 arch:x86
Password: infected
ea47177789465ada573c717425469cd1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
user32
GetWindowTextA
GetWindowThreadProcessId
LoadCursorA
LoadIconA
RegisterClassA
SendMessageA
ShowWindow
CreateWindowExA
TranslateMessage
UpdateWindow
GetMessageA
GetClassNameA
DispatchMessageA
DefWindowProcA
wsprintfA
kernel32
SetEvent
SetFilePointer
Sleep
RemoveDirectoryA
ResetEvent
OpenProcess
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
FileTimeToSystemTime
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetLastError
GetLocalTime
GetModuleHandleA
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
SystemTimeToFileTime
advapi32
GetSidSubAuthority
GetUserNameW
OpenProcessToken
GetTokenInformation
wsock32
htons
inet_addr
inet_ntoa
recv
select
send
setsockopt
shutdown
socket
connect
closesocket
ioctlsocket
WSAStartup
WSACleanup
shell32
CommandLineToArgvW
ws2_32
freeaddrinfo
WSAIoctl
getaddrinfo
ole32
CoUninitialize
CoInitialize
CoCreateInstance
secur32
GetUserNameExW
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
GetUserNameExA
InitializeSecurityContextA
QueryContextAttributesA
psapi
GetModuleFileNameExA
Exports
Exports
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 402B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ