General
-
Target
55e9a9888dd9009ae8f049949c45228101f6db3218ca6308a130b2bdc116b6ac.bin
-
Size
648KB
-
MD5
1111537254f33646c3fcc140fc18f2e8
-
SHA1
5edd86344ff5cab8c5b7d102f1e6204d19c36e19
-
SHA256
55e9a9888dd9009ae8f049949c45228101f6db3218ca6308a130b2bdc116b6ac
-
SHA512
d2b4f7bffebbfb8d9fda901f49df60c4409b6f720d8ad44f6d615bfcfe783ee70bf2f5f263bec7ab8a0c06023637d23cdef64c6878e37f6bb22c48f889626322
-
SSDEEP
12288:QXn8+afvzPs0SXCkCKZzMoqO93bsUjlGR3w+bj35MyBO2xGbfHb1HInyaU6O08PP:QX8+ezPGykzZzMo59rselow+P5MyBO2+
Malware Config
Signatures
-
Detect Socks5Systemz Payload 1 IoCs
resource yara_rule sample family_socks5systemz -
Socks5systemz family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 55e9a9888dd9009ae8f049949c45228101f6db3218ca6308a130b2bdc116b6ac.bin
Files
-
55e9a9888dd9009ae8f049949c45228101f6db3218ca6308a130b2bdc116b6ac.bin.dll windows:5 windows x86 arch:x86
2b38fc15c0464b2291c5d44149645e35
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
wininet
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
InternetOpenUrlA
dnsapi
DnsFree
DnsQuery_A
kernel32
UnhandledExceptionFilter
HeapSize
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
CreateFileA
lstrlenA
TlsGetValue
SetWaitableTimer
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
QueryPerformanceCounter
InterlockedCompareExchange
SleepEx
WriteFile
InitializeCriticalSection
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProcessHeap
HeapAlloc
CreateEventA
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
Sleep
GetSystemTimeAsFileTime
LeaveCriticalSection
ReadFile
CreateFileW
lstrcatA
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
QueueUserAPC
EnterCriticalSection
InterlockedExchangeAdd
LocalAlloc
PostQueuedCompletionStatus
WaitForMultipleObjects
GetModuleFileNameA
CreateIoCompletionPort
GetModuleHandleA
lstrcatW
DeleteCriticalSection
GetVersionExA
TlsAlloc
CloseHandle
CreateWaitableTimerA
LocalFree
TlsFree
lstrcpyW
DeleteFileA
CreateThread
FreeLibrary
GetWindowsDirectoryA
LoadLibraryA
DeviceIoControl
GetFileTime
GetStartupInfoW
GetModuleFileNameW
GetStdHandle
WideCharToMultiByte
SetEndOfFile
ReadConsoleW
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
OutputDebugStringW
AreFileApisANSI
SetFilePointerEx
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetConsoleMode
GetConsoleCP
GetModuleHandleW
FormatMessageA
OpenEventA
ReleaseSemaphore
GetCurrentProcessId
GetCurrentThreadId
ResetEvent
ResumeThread
EncodePointer
DecodePointer
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
user32
wsprintfA
shell32
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ws2_32
ioctlsocket
WSAStringToAddressA
connect
inet_ntoa
WSAStartup
ntohl
inet_addr
htonl
getaddrinfo
WSARecv
WSASend
select
WSAGetLastError
htons
ntohs
getsockname
setsockopt
WSACleanup
freeaddrinfo
WSASetLastError
closesocket
getsockopt
WSASocketA
shutdown
Sections
.text Size: 149KB - Virtual size: 149KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 2B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 480B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 411KB - Virtual size: 411KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE