General
-
Target
e51eaf47156d60ddbb5fc1c9f8448f95d30e0fafdc85f02c7639db2b2d335578.bin
-
Size
264KB
-
MD5
e625d26e053cc365b98f2cee4ecbc7ae
-
SHA1
eff45a712c6464649928b4564da4d79670fe992f
-
SHA256
e51eaf47156d60ddbb5fc1c9f8448f95d30e0fafdc85f02c7639db2b2d335578
-
SHA512
59a87c10fea18ff4dee546f26359e812dff12fdc4eb39dbff91533e3edb3ed5f28f170a5edf23f74edd80c60ae6a6a8859025b2b026bf47c753a0ee92e181411
-
SSDEEP
6144:xVp/OWqMRxR0ji+4z00wn4iZh+vMAXhyg8EWEdHHv7qRbfkcs2yn9nk:3p/OWqMRxR0ji+4z00wn4iZh+vMAXhyh
Malware Config
Extracted
socks5systemz
51.159.66.125
217.23.6.51
151.80.38.159
217.23.9.168
37.187.122.227
-
rc4_key
heyfg645fdhwi
Signatures
-
Detect Socks5Systemz Payload 1 IoCs
resource yara_rule sample family_socks5systemz -
Socks5systemz family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e51eaf47156d60ddbb5fc1c9f8448f95d30e0fafdc85f02c7639db2b2d335578.bin
Files
-
e51eaf47156d60ddbb5fc1c9f8448f95d30e0fafdc85f02c7639db2b2d335578.bin.dll windows:5 windows x86 arch:x86
479f644832439c43ff707727227afc4e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
wininet
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetReadFile
dnsapi
DnsFree
DnsQuery_A
kernel32
SetFilePointer
TlsGetValue
SetWaitableTimer
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
QueryPerformanceCounter
InterlockedCompareExchange
SleepEx
VirtualFree
WriteFile
InitializeCriticalSection
TlsSetValue
GlobalAlloc
CreateFileA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProcessHeap
HeapAlloc
CreateEventA
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
Sleep
GetSystemTimeAsFileTime
LeaveCriticalSection
ReadFile
CreateFileW
InterlockedExchange
TerminateThread
SetLastError
GetProcAddress
VirtualAlloc
QueueUserAPC
EnterCriticalSection
GlobalFree
InterlockedExchangeAdd
LocalAlloc
PostQueuedCompletionStatus
WaitForMultipleObjects
GetModuleFileNameA
CreateIoCompletionPort
GetModuleHandleA
LoadLibraryExA
lstrcatW
DeleteCriticalSection
GetVersionExA
TlsAlloc
CloseHandle
GetCurrentProcessId
CreateWaitableTimerA
LocalFree
TlsFree
lstrcpyW
CreateThread
FreeLibrary
GetWindowsDirectoryA
LoadLibraryA
DeviceIoControl
GetFileTime
OutputDebugStringW
SetFilePointerEx
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetLastError
VirtualQuery
WideCharToMultiByte
AreFileApisANSI
GetModuleHandleExW
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetModuleHandleW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetModuleFileNameW
FormatMessageA
OpenEventA
ReleaseSemaphore
GetCurrentThreadId
ResetEvent
ResumeThread
EncodePointer
DecodePointer
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
ExitProcess
GetStdHandle
user32
wsprintfA
shell32
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ws2_32
htonl
getaddrinfo
WSARecv
WSASend
select
WSAGetLastError
htons
ntohs
inet_addr
shutdown
setsockopt
WSACleanup
freeaddrinfo
WSASetLastError
closesocket
getsockopt
WSASocketA
ntohl
WSAStartup
inet_ntoa
connect
WSAStringToAddressA
ioctlsocket
getsockname
Sections
.text Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ