systembc | e47a771775138fbac8b6c8794b5b2a6a1900659c1072ed099acfeaf65a433c38

Sharing

Copy URL

Twitter E-mail

General

Target

e47a771775138fbac8b6c8794b5b2a6a1900659c1072ed099acfeaf65a433c38
Size

6KB
MD5

3594b43ecdf2b9ca8ca71d963be00a95
SHA1

cc8f7afb14ff68dc6e85781b50291956ae8949c7
SHA256

e47a771775138fbac8b6c8794b5b2a6a1900659c1072ed099acfeaf65a433c38
SHA512

5891fb0ea1d768c4da2593e21df3346680ea12257570c8be31bab1f0d98509f35a3407970b8d05ba09dabf622b2964e9193383ad8931fad2ac7cc86eaa5079c9
SSDEEP

192:EqTI3iHnRfpcG2ggmbrBENA1TZXC2eOKSJUF+4FOMAqA:EqTEixfdrBENAJZX1eDHFIqA

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

149.248.3.194:443

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe

Files

e47a771775138fbac8b6c8794b5b2a6a1900659c1072ed099acfeaf65a433c38
.zip

Password: infected
219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe
.exe windows:4 windows x86 arch:x86

801793b2be29822524e8824fc3c47535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
RegisterClassA
LoadIconA
LoadCursorA
GetWindowThreadProcessId
ShowWindow
GetMessageA
TranslateMessage
UpdateWindow
wsprintfA
GetClassNameA
EnumWindows
CreateWindowExA
DispatchMessageA
DefWindowProcA
GetWindowTextA

kernel32

LocalAlloc
OpenProcess
SetEvent
LocalFree
OpenMutexA
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
SystemTimeToFileTime
Sleep
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteFileA
ExitProcess
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
GetModuleFileNameA
GetVolumeInformationA
GetProcAddress
GetTempPathA
SetFilePointer

advapi32

GetSidSubAuthority
OpenProcessToken
GetTokenInformation

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSACleanup

shell32

CommandLineToArgvW

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExA
GetUserNameExW

psapi

GetModuleFileNameExA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

801793b2be29822524e8824fc3c47535

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

secur32

psapi

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 386B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 386B