systembc | dump[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dump.exe
Size

10KB
MD5

f6027fb8824e1c97d7751e97d3d5794f
SHA1

e27ca84e11313e7cb2989a2bc96251b2f614f25a
SHA256

e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583
SHA512

46de92e1316f3845ebbc4a6e38978d1037953dd4c28a915e1a27b3b9eb3f6faac4486df87d798557db9b218ab05e2617cac357db5302b8ecd39bec9903d1b54b
SSDEEP

192:F8fzqMmTL+f6eeAY82mNZRZ1eLP/x1fkNvFCDko:F8GMmv+f6eX22RZ0LXTsN0ko

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

69.10.60.115:4018

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dump.exe

Files

dump.exe
.exe windows:4 windows x86 arch:x86

d66000edfed0a9938162b2b453ffa516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetLocalTime
GetModuleFileNameA
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
GetCurrentProcess
SetFilePointer
Sleep
SystemTimeToFileTime
FileTimeToSystemTime
VirtualFree
WaitForSingleObject
WriteFile
ExitProcess
CreateThread
CreateFileA
CreateEventA
CloseHandle
SetEvent
VirtualAlloc

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
RegOpenKeyExA
RegDeleteValueA

wsock32

WSAStartup
accept
bind
closesocket
connect
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoInitialize
CoCreateInstance
CoUninitialize

secur32

GetUserNameExW
GetUserNameExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ