rundll
Behavioral task
behavioral1
Sample
5e75fc32a1ba8f079bd8582d9df418b0N.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
5e75fc32a1ba8f079bd8582d9df418b0N.dll
Resource
win10v2004-20240802-en
General
-
Target
5e75fc32a1ba8f079bd8582d9df418b0N.exe
-
Size
16KB
-
MD5
5e75fc32a1ba8f079bd8582d9df418b0
-
SHA1
a71df192152b9986287416c1878c1fb7506df035
-
SHA256
4108b97e88718f4ea2475816815b773eccbcb524b06c7de631d53495c177c4b9
-
SHA512
425d772f98a77485fd95f9b0a1695cd7cee2f632010814861d33e8d4ff0b1fcd2ae615df3d9ab2f5cdc537dbdf59406e0e30a3fa1d3e965207b7b8d587eb6e10
-
SSDEEP
192:RniGhkfGBpFH+Z0hZ1WW8B52daFX4/PqfZSCG0GGGdWoBrSKja1cyHs:Y/fAeZ0hZwW42doxR3gWoBrtW1c
Malware Config
Extracted
systembc
192.168.1.149:4001
-
dns
5.132.191.104
ns1.vic.au.dns.opennic.glue
ns2.vic.au.dns.opennic.glue
Signatures
-
Systembc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5e75fc32a1ba8f079bd8582d9df418b0N.exe
Files
-
5e75fc32a1ba8f079bd8582d9df418b0N.exe.dll windows:4 windows x86 arch:x86
ea47177789465ada573c717425469cd1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
user32
GetWindowTextA
GetWindowThreadProcessId
LoadCursorA
LoadIconA
RegisterClassA
SendMessageA
ShowWindow
CreateWindowExA
TranslateMessage
UpdateWindow
GetMessageA
GetClassNameA
DispatchMessageA
DefWindowProcA
wsprintfA
kernel32
SetEvent
SetFilePointer
Sleep
RemoveDirectoryA
ResetEvent
OpenProcess
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
FileTimeToSystemTime
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetLastError
GetLocalTime
GetModuleHandleA
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
SystemTimeToFileTime
advapi32
GetSidSubAuthority
GetUserNameW
OpenProcessToken
GetTokenInformation
wsock32
htons
inet_addr
inet_ntoa
recv
select
send
setsockopt
shutdown
socket
connect
closesocket
ioctlsocket
WSAStartup
WSACleanup
shell32
CommandLineToArgvW
ws2_32
freeaddrinfo
WSAIoctl
getaddrinfo
ole32
CoUninitialize
CoInitialize
CoCreateInstance
secur32
GetUserNameExW
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
GetUserNameExA
InitializeSecurityContextA
QueryContextAttributesA
psapi
GetModuleFileNameExA
Exports
Exports
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 402B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ