systembc | 06131d9a214a318897fd7f150fcbba6d7d66b8d39b3a366ff8c34d9090109e30

General

Target

06131d9a214a318897fd7f150fcbba6d7d66b8d39b3a366ff8c34d9090109e30
Size

5KB
MD5

3ff6a0d97081381a6702d0d8755da6c0
SHA1

8005dd2abf0a59f965e1b7766de5ed8eb572e56f
SHA256

06131d9a214a318897fd7f150fcbba6d7d66b8d39b3a366ff8c34d9090109e30
SHA512

5e18ed61fba9249b932cf2ae4b1f2382f6711c16b7f239d01f1cd2528a892f2cd62fe0a058aba6664e1c2847c3e5740e8e7c517ca1aecfc9e3ea0c8bb86bd701
SSDEEP

96:Z1L6XLs0ACUc2hEcDS7sn94IUGSn0qyB/GS0b7imRaeYfKkabeZnd/PBZZ5Kuml4:ZV6XPACUcIE2Asn2fGkpiGoTabend/Pb

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

137.220.61.94:4001

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/9493b512d7d15510ebee5b300c55b67f9f2ff1dda64bddc99ba8ba5024113300

Files

06131d9a214a318897fd7f150fcbba6d7d66b8d39b3a366ff8c34d9090109e30
.zip

Password: infected
9493b512d7d15510ebee5b300c55b67f9f2ff1dda64bddc99ba8ba5024113300
.exe windows:4 windows x86 arch:x86

d66000edfed0a9938162b2b453ffa516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetLocalTime
GetModuleFileNameA
GetTempPathA
GetVolumeInformationA
LocalAlloc
LocalFree
GetCurrentProcess
SetFilePointer
Sleep
SystemTimeToFileTime
FileTimeToSystemTime
VirtualFree
WaitForSingleObject
WriteFile
ExitProcess
CreateThread
CreateFileA
CreateEventA
CloseHandle
SetEvent
VirtualAlloc

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
RegOpenKeyExA
RegDeleteValueA

wsock32

WSAStartup
accept
bind
closesocket
connect
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoInitialize
CoCreateInstance
CoUninitialize

secur32

GetUserNameExW
GetUserNameExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

d66000edfed0a9938162b2b453ffa516

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

ws2_32

ole32

secur32

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 508B

.reloc Size: 512B - Virtual size: 278B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 508B

.reloc
Size: 512B - Virtual size: 278B