Behavioral task
behavioral1
Sample
08c751edec7a3ae530ac34bd90e31445.exe
Resource
win7-20231215-en
General
-
Target
08c751edec7a3ae530ac34bd90e31445
-
Size
32KB
-
MD5
08c751edec7a3ae530ac34bd90e31445
-
SHA1
13dace12ba3b0c2733fd9a5c041e469627b4cffc
-
SHA256
d7d2a183cb22b8327d1a46c2c5d13f45a488234fd51fa4b355b6b53144495db8
-
SHA512
44e5d2f1bf28ce7fb21dff8ce92e34e34c74c7edb4ba8e6c809c2fe1d5134c97ecc84291367ce496dd4047d78a26bb70007c3be4b61a1b24ce966807d46bfd67
-
SSDEEP
768:uZ+k6/WHzIyee1F0dPiXpwJo8eyhoJD3u3L3GG9:kG4zIyeGuIGC8eyhoB+b
Malware Config
Extracted
systembc
80.85.84.79:4001
Signatures
-
Systembc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 08c751edec7a3ae530ac34bd90e31445
Files
-
08c751edec7a3ae530ac34bd90e31445.exe windows:4 windows x86 arch:x86
cd40b7c26008d6c3c5692ca2c1c84e19
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
DefWindowProcA
DispatchMessageA
EnumWindows
GetMessageA
LoadCursorA
LoadIconA
CreateWindowExA
RegisterClassA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow
wsprintfA
kernel32
SetFilePointer
WriteFile
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
GetCommandLineW
GetCurrentProcess
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
LocalAlloc
LocalFree
OpenMutexA
OpenProcess
RemoveDirectoryA
SetEvent
WaitForSingleObject
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
advapi32
GetTokenInformation
CryptDestroyKey
CryptExportKey
CryptImportKey
CryptReleaseContext
OpenProcessToken
CryptAcquireContextA
GetSidSubAuthority
wsock32
htons
inet_addr
inet_ntoa
connect
recv
select
send
setsockopt
shutdown
socket
WSAStartup
closesocket
ioctlsocket
WSACleanup
shell32
ShellExecuteA
CommandLineToArgvW
ws2_32
freeaddrinfo
WSAIoctl
getaddrinfo
secur32
InitializeSecurityContextA
InitSecurityInterfaceA
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
QueryContextAttributesA
crypt32
CryptStringToBinaryA
CryptDecodeObject
psapi
GetModuleFileNameExA
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ