rdclientax[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

rdclientax.dll
Size

10.5MB
MD5

35994be1f88ce2db2b8b758bfca8c392
SHA1

c4d2e5dfcc3460698f65081b976e0c2c5d6ff97b
SHA256

503ea7b4b6b0356290c92c05f12c9406221c8b4bd9a21b9a65b7f6d511a6af59
SHA512

07a68e83c1a3d3d3d03e51f0b3a9b4a241baf2c5408bf7fc2d180dfbb949f9390d91ff00505ac22c3107966ed7230050c7763af7b29b1e1d3bb6c3239f214c31
SSDEEP

196608:24JZ3W2oe74LYmpyaBv31PRnoTH2oeHnoSRRR8lmsg/YsupqRN6G1aUvNvNLeJdg:2j2Z74LYmpRR1PR2H2oeHnoSRRRUg/yg

Score

N/A

Malware Config

Signatures

Files

rdclientax.dll
.dll regsvr32 windows x64

3ce786e2883cc57d05500c176a57e3da

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:db:12:ec:81:8a:a2:ab:7d:d1:31:1d:61:27:62:d0:4f:20:96:44:81:b5:38:bd:26:ff:3b:63:59:00:24:52
Signer

Actual PE Digest

a2:db:12:ec:81:8a:a2:ab:7d:d1:31:1d:61:27:62:d0:4f:20:96:44:81:b5:38:bd:26:ff:3b:63:59:00:24:52

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

13/01/2023, 12:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DebugBreak
GetOverlappedResult
FindClose
FindCloseChangeNotification
GetVersionExW
QueryDosDeviceW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindFirstChangeNotificationW
FindNextChangeNotification
GetVolumeInformationW
GetDiskFreeSpaceW
GetFileInformationByHandle
GetFileAttributesExW
SetFileTime
RemoveDirectoryW
MoveFileW
LockFileEx
LockFile
UnlockFile
LoadLibraryExW
WaitForMultipleObjectsEx
GetComputerNameA
GetComputerNameW
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
EscapeCommFunction
GetCommState
SetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
GetCommTimeouts
SetupComm
GetCommMask
SetCommMask
PurgeComm
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
GetDefaultCommConfigW
FormatMessageW
VerifyVersionInfoW
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
GetCurrentThreadId
IsDebuggerPresent
ReleaseMutex
GetModuleFileNameA
GetModuleHandleExW
HeapSize
HeapReAlloc
HeapDestroy
GetModuleFileNameW
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
CompareStringOrdinal
CreateSemaphoreExW
WaitForSingleObjectEx
CreateEventExW
lstrcmpW
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
Sleep
GetTickCount64
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetTickCount
GetActiveProcessorCount
GetProcessAffinityMask
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalAlloc
GlobalLock
lstrcmpiW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
OutputDebugStringA
MulDiv
DisableThreadLibraryCalls
EncodePointer
GlobalUnlock
CompareStringW
GetSystemDirectoryW
ResetEvent
CreateWaitableTimerExW
GetExitCodeThread
CreateSemaphoreW
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
GetCurrentProcessId
CancelThreadpoolIo
CreateThreadpoolIo
DisconnectNamedPipe
QueueUserWorkItem
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
ProcessIdToSessionId
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableCS
SetThreadPriority
GetFileSizeEx
SetFilePointerEx
CompareStringEx
PowerCreateRequest
PowerSetRequest
PowerClearRequest
ExpandEnvironmentStringsW
NormalizeString
SuspendThread
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
GetSystemTimeAsFileTime
GetComputerNameExW
GetFileSize
TerminateThread
GetVersion
SwitchToThread
OpenThread
TryEnterCriticalSection
WaitForThreadpoolTimerCallbacks
GetLocalTime
CreateFileMappingW
GlobalAddAtomW
GlobalDeleteAtom
GetSystemDefaultLangID
GetDynamicTimeZoneInformation
Beep
GetModuleHandleA
GetTimeZoneInformation
lstrcmpA
CreateMutexW
IsProcessorFeaturePresent
GetACP
GetTempPathW
LocalSize
GetTempFileNameW
CreateProcessW
OpenFileMappingW
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
InitOnceExecuteOnce
InterlockedFlushSList
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
LocaleNameToLCID
LCIDToLocaleName
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
SearchPathW
GetSystemFirmwareTable
GetNumberFormatW
GetNativeSystemInfo
GlobalHandle
ChangeTimerQueueTimer
DeleteTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
GetThreadId
OpenEventW
SetEvent
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
CreateDirectoryW
SetEndOfFile
DeleteFileW
CreateFileW
GetFileAttributesW
SetErrorMode
WriteFile
ReadFile
SetFilePointer
DeviceIoControl
CreateEventW
LoadLibraryW
FlushFileBuffers
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
OpenProcess
K32GetModuleFileNameExW
AcquireSRWLockShared
CancelIo
BindIoCompletionCallback
GetNamedPipeClientProcessId
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
ReleaseSRWLockShared
GlobalSize
IsDBCSLeadByte
OpenMutexW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
GetWindowsDirectoryW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetLastError
WaitForSingleObject
ResumeThread
GetLastError
CreateThread
FreeLibraryAndExitThread
LocalAlloc
GetVersionExA
WaitForMultipleObjects
CloseHandle
GetCurrentProcess
DuplicateHandle
LoadLibraryA
DeleteCriticalSection
GetModuleHandleExA
GetProcAddress
FreeLibrary
InitializeCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
LeaveCriticalSection
StartThreadpoolIo
EnterCriticalSection

user32

GetKeyboardState
keybd_event
GetRawInputData
GetKeyboardLayoutNameW
TrackMouseEvent
AttachThreadInput
SetWindowsHookExW
UnhookWindowsHookEx
FlashWindow
MessageBeep
GetMessageExtraInfo
SetKeyboardState
CallNextHookEx
RegisterRawInputDevices
ShowCursor
DestroyCursor
CreateCursor
LoadStringW
CreateDialogParamW
DialogBoxParamW
LoadMenuW
MsgWaitForMultipleObjectsEx
EnumDisplaySettingsW
MonitorFromRect
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
GetAsyncKeyState
GetWindow
CopyIcon
DestroyIcon
CreateIconIndirect
GetWindowDC
CopyRect
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromWindow
KillTimer
SetTimer
RegisterClassW
SetWindowDisplayAffinity
ValidateRect
ReleaseCapture
GetCapture
SetCursor
SetCapture
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MoveWindow
GetWindowRect
UpdateWindow
SendMessageW
IntersectRect
EqualRect
OffsetRect
FillRect
GetForegroundWindow
GetSystemMetrics
GetWindowLongW
SetWindowLongW
DrawTextW
SetWindowTextW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
LoadCursorW
GetParent
GetKeyboardType
ShowWindow
IsChild
GetFocus
GetKeyState
PtInRect
UnionRect
IsWindow
InvalidateRect
GetClientRect
BeginPaint
GetDC
EndPaint
ReleaseDC
CharNextW
DefWindowProcW
DestroyWindow
GetMessageW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
GetMonitorInfoW
MonitorFromPoint
GetDesktopWindow
EnumWindows
GetClassNameW
IsWindowVisible
GetWindowThreadProcessId
SetForegroundWindow
SetRect
RedrawWindow
SendMessageTimeoutW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetTopWindow
UnregisterHotKey
UpdateLayeredWindow
GetLastInputInfo
UnhookWinEvent
SetWinEventHook
GetCaretBlinkTime
FindWindowExW
GetWindowTextW
GetWindowTextLengthW
EndDeferWindowPos
DeferWindowPos
GetGUIThreadInfo
BeginDeferWindowPos
GetActiveWindow
ClientToScreen
SetPropW
SendInput
SetCursorPos
PostMessageW
GetLastActivePopup
RemovePropW
EnableWindow
GetCursorPos
RegisterHotKey
CharPrevA
CharNextA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardData
IsClipboardFormatAvailable
PostThreadMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
IsWindowEnabled
GetAncestor
MapVirtualKeyW
SetParent
SetFocus
DefDlgProcW
DrawIconEx
FlashWindowEx
GetClassInfoW
LoadImageW
MapWindowPoints
ScreenToClient
SetActiveWindow
IsIconic
IsZoomed
SetWindowRgn
SystemParametersInfoW
GetWindowRgn
UnregisterClassW
SetWindowPos
RegisterWindowMessageW
GetKeyboardLayout
GetKeyboardLayoutNameA
RegisterClipboardFormatW
IsRectEmpty
LoadIconW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetWindowPlacement
SystemParametersInfoA
LockWindowUpdate
GetSysColor
SetScrollPos
AdjustWindowRect
ShowScrollBar
SetScrollInfo
GetCursorInfo
CheckDlgButton
EndDialog
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
GetProcessDefaultLayout
GetDlgCtrlID
SetLayeredWindowAttributes
GetSubMenu
TrackPopupMenuEx
SetClassLongPtrW
GetClassLongPtrW
GetMenuItemInfoW
SetMenuItemInfoW
DestroyMenu
CharLowerW
AnimateWindow
SendDlgItemMessageW
GetNextDlgTabItem
GetDlgItemTextW
InflateRect
GetSysColorBrush
SetRectEmpty
CharLowerBuffW

shlwapi

UrlGetPartW
ord388
PathRemoveFileSpecW
PathIsFileSpecW
StrStrIW
PathFindFileNameW
PathStripPathW
ord12
SHDeleteKeyW
UrlCombineW

ntdll

RtlCaptureContext
VerSetConditionMask
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlAreBitsSet
RtlClearBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
NtReadFile
NtWriteFile
NtDeviceIoControlFile
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
RtlInitString
RtlNtStatusToDosError
RtlStringFromGUID
NtClose
RtlFreeUnicodeString
NtSetInformationFile
RtlUnwindEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ncrypt

NCryptSetProperty
BCryptHashData
BCryptImportKeyPair
BCryptDestroyHash
BCryptFinishHash
NCryptSignHash
BCryptEncrypt
NCryptExportKey
BCryptImportKey
NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptOpenStorageProvider
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
NCryptFreeObject
BCryptCreateHash

uiautomationcore

UiaHostProviderFromHwnd
UiaReturnRawElementProvider

psapi

GetModuleFileNameExW

gdi32

CreateDCW
DeleteDC
RestoreDC
GetDeviceCaps
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
SelectObject
Rectangle
GetStockObject
CreateRectRgnIndirect
DeleteObject
CreateRectRgn
CombineRgn
SetRectRgn
GetRgnBox
OffsetRgn
GetRegionData
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
DPtoLP
IntersectClipRect
SelectClipRgn
SetGraphicsMode
GetWorldTransform
SetWorldTransform
BitBlt
SelectPalette
RealizePalette
SetBrushOrgEx
GetBrushOrgEx
SetBkMode
GetBkMode
SetBkColor
SetTextColor
SetTextAlign
GetTextAlign
StretchDIBits
SetDCBrushColor
EqualRgn
ExtCreateRegion
SetMetaFileBitsEx
GetMetaFileBitsEx
PlayMetaFile
DeleteEnhMetaFile
GetPixel
UpdateColors
GetClipRgn
GetTextExtentPointW
GetMapMode
StretchBlt
SetStretchBltMode
CreatePolygonRgn
ExtTextOutW
GetTextExtentPoint32W
SetPixel
CreateFontIndirectW
PtInRegion
GdiFlush
CreateSolidBrush
PatBlt
SetROP2
MoveToEx
LineTo
SetPolyFillMode
Ellipse
Polygon
FrameRgn
FillRgn
GetCurrentObject
GetObjectW
CreateCompatibleBitmap
CreateBitmap
SetBitmapBits
CreatePen
CreateBrushIndirect
CreateDIBPatternBrushPt
CreatePalette
GetNearestPaletteIndex
SetDIBColorTable
GetNearestColor
GetClipBox
GetPaletteEntries
GetDIBColorTable

setupapi

SetupDiEnumDeviceInfo
CM_Locate_DevNodeW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
CM_Get_Device_ID_Size
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Status
CM_Get_Parent
SetupDiOpenClassRegKeyExW
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
CM_Get_Sibling
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
SetupDiGetDeviceInterfaceDetailW

pdh

PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW

Exports

Exports

DllCanUnloadNow
DllDeleteSavedCreds
DllGetClaimsToken
DllGetClassObject
DllGetNewActivityId
DllGetTscCtlVer
DllLogoffClaimsToken
DllPreCleanUp
DllRegisterServer
DllSetAuthProperties
DllUnregisterServer
OSChecker_IsOsSupported

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ce786e2883cc57d05500c176a57e3da

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a2:db:12:ec:81:8a:a2:ab:7d:d1:31:1d:61:27:62:d0:4f:20:96:44:81:b5:38:bd:26:ff:3b:63:59:00:24:52Signer

Signature Validations

Verification

13/01/2023, 12:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

ntdll

version

ncrypt

uiautomationcore

psapi

gdi32

setupapi

pdh

Exports

Exports

Sections

.text Size: 7.4MB - Virtual size: 7.4MB

.orpc Size: 512B - Virtual size: 302B

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 70KB - Virtual size: 116KB

.pdata Size: 263KB - Virtual size: 262KB

.didat Size: 3KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 601KB - Virtual size: 600KB

.reloc Size: 53KB - Virtual size: 53KB

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a2:db:12:ec:81:8a:a2:ab:7d:d1:31:1d:61:27:62:d0:4f:20:96:44:81:b5:38:bd:26:ff:3b:63:59:00:24:52
Signer

13/01/2023, 12:38
Valid: false

.text
Size: 7.4MB - Virtual size: 7.4MB

.orpc
Size: 512B - Virtual size: 302B

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 70KB - Virtual size: 116KB

.pdata
Size: 263KB - Virtual size: 262KB

.didat
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 601KB - Virtual size: 600KB

.reloc
Size: 53KB - Virtual size: 53KB