systembc | systembc_21660286308[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

systembc_21660286308.zip
Size

7KB
MD5

b9a26a1004231a38570d68d3bff3bb0f
SHA1

d836f0499330529273cddbe8429d584ea42f849c
SHA256

30e6ba1aa37273355fa7450df0ef28200209345eb54593e3cbf32847f719cc77
SHA512

e24896e8a78c1f49f175e1de9e8a4116f4c3e85e0898383c99f65d122a6df8895c41c9dc64a6f34076ce716b756e923d7e915c8acef4f8a4a99e11b58a8ec6bc
SSDEEP

192:Uv50d2vtCzOFmF5xhHyEBZ/EX3r0mQ+YONAX:UvtCDxtydnr0mQ+zK

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

88.198.147.80:4174

78.47.64.46:4174

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a

Files

systembc_21660286308.zip
.zip

Password: infected!!
1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a
.exe windows:4 windows x86 arch:x86

Password: infected!!

801793b2be29822524e8824fc3c47535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
RegisterClassA
LoadIconA
LoadCursorA
GetWindowThreadProcessId
ShowWindow
GetMessageA
TranslateMessage
UpdateWindow
wsprintfA
GetClassNameA
EnumWindows
CreateWindowExA
DispatchMessageA
DefWindowProcA
GetWindowTextA

kernel32

LocalAlloc
OpenProcess
SetEvent
LocalFree
OpenMutexA
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
SystemTimeToFileTime
Sleep
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteFileA
ExitProcess
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
GetModuleFileNameA
GetVolumeInformationA
GetProcAddress
GetTempPathA
SetFilePointer

advapi32

GetSidSubAuthority
OpenProcessToken
GetTokenInformation

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSACleanup

shell32

CommandLineToArgvW

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExA
GetUserNameExW

psapi

GetModuleFileNameExA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected!!

Password: infected!!

801793b2be29822524e8824fc3c47535

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

secur32

psapi

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 386B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 386B