systembc | 1e809bb5f85026c31ca54558e986ef87304252f48c354546c74f214c4b443e86

Sharing

Copy URL Twitter E-mail

General

Target

1e809bb5f85026c31ca54558e986ef87304252f48c354546c74f214c4b443e86
Size

8KB
MD5

c28b9c47b02b9bdca1109103e511ae0b
SHA1

16c1adb1f3a80f99406e1f1cad20bc9ff1f51d47
SHA256

1e809bb5f85026c31ca54558e986ef87304252f48c354546c74f214c4b443e86
SHA512

ef5902de831206ef2e7d3df91cb775607ab152d6594c6371048c073db179a198ec70f4f565afc4cb26439b108e04c78f5b45f848b513d4671cb77665a737170a
SSDEEP

192:5irhP+Kg93cmOm5hghskkN7jlxTsVTstYB4xPJaX6fcd1OTKtPT/:ArIKg932KgSDRTsOYm1Pf4tL/

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

193.233.21.140:4001

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/08dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f.exe

Files

1e809bb5f85026c31ca54558e986ef87304252f48c354546c74f214c4b443e86
.zip

Password: infected
08dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f.exe
.exe windows:4 windows x86 arch:x86

b83b4c7be0b1cdd8e117bba9096d9768

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
GetWindowTextA
GetWindowThreadProcessId
LoadCursorA
LoadIconA
CreateWindowExA
RegisterClassA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow
GetClassNameA
EnumWindows
DispatchMessageA
DefWindowProcA
wsprintfA

kernel32

ResetEvent
SetEvent
SetFilePointer
OpenProcess
RemoveDirectoryA
LocalAlloc
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
SystemTimeToFileTime
CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FileTimeToSystemTime
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
GetVolumeInformationA
LocalFree
Sleep

advapi32

GetSidSubAuthority
GetUserNameW
OpenProcessToken
GetTokenInformation

wsock32

htons
inet_addr
inet_ntoa
recv
select
send
setsockopt
shutdown
socket
connect
closesocket
ioctlsocket
WSAStartup
WSACleanup

shell32

CommandLineToArgvW

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExW
QueryContextAttributesA
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
GetUserNameExA
InitializeSecurityContextA

psapi

GetModuleFileNameExA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

b83b4c7be0b1cdd8e117bba9096d9768

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

secur32

psapi

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 812B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 812B