systembc | socks64[.]dll | Triage

Sharing

General

Target

socks64.dll
Size

9KB
MD5

58b3b98f42dc2ccbf1562d9deec03182
SHA1

d2f6f6bde35d1f9c4306a2e8d5f5effd2e4fee70
SHA256

71ae05cfeb685885835b6172c08dedc2c6ec775ff5f21680532c17cf0e4403cc
SHA512

63e5557fb87bc30b81cae1ade71cee7f9957c0bb156bb8b0aacad1da75362f4ce6b5df27d1d1e861b65c150efc88e3b96a2e3a80e0dc651941ede3b3345bf601
SSDEEP

192:EloShg+/Nj2JD7ZgUdlphMSGNlXHM6CYQ:EHj0JD7ZVPbGfH/CYQ

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

66.85.173.11:4001

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
socks64.dll

Files

socks64.dll
.dll windows:5 windows x64 arch:x64

76038256c06e1998602febe61a364b5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

freeaddrinfo
getaddrinfo
inet_addr
send
WSACleanup
setsockopt
socket
closesocket
shutdown
recv
WSAIoctl
select
connect
ioctlsocket
htons
WSAStartup

kernel32

CreateThread
SetEvent
WaitForSingleObject
ExitThread
VirtualFree
CloseHandle
Sleep
LocalAlloc
GetVolumeInformationA
VirtualAlloc
CreateEventA
LocalFree

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ