rtisdwqqjg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rtisdwqqjg.exe
Size

139KB
MD5

63ca43097ed96b39cd84182f45f6d46b
SHA1

b303392142c1722114bbc94a5f9c31c96f6bad6a
SHA256

ef5ae5d133c3c69bad062e4b1909ac48dca335deaf3058fbf19cc616b8725e7e
SHA512

395e14ac1a3f6f4b0ee8491a965dc9bf78ce2ff92e4a9984d681937dc453ce7e05221ebddb0bf53c8e53107962375dd75aa67ec3e20648fa2344da79063e5f53
SSDEEP

1536:GfXL2BPX5ws7o9oMeTsIpGq0g2izcZZzD0vLF5rWGINOsuPOnW/0yBtEFt2x:GfXLoo2TM1ZZzgvLF5rpIN8OW/zi

Score

1^/10

Malware Config

Signatures

Files

rtisdwqqjg.exe
.exe windows x86

fdf343bf0cf4d88f257fb571d9107a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord410
ord17

shlwapi

wnsprintfW

kernel32

IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetLocaleInfoEx
CompareStringEx
GetDateFormatEx
GetTimeFormatEx
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleCP
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeLibrary
InterlockedExchange
lstrcpyW
CloseHandle
GetLocalTime
FindClose
VirtualAlloc
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
ReadFile
MulDiv
GetTimeFormatW
EnumSystemLocalesEx
GetProcessHeap
HeapFree
HeapAlloc
FindFirstFileW
GetFileSize
GetDateFormatW
Sleep
FatalAppExitA
GetModuleHandleW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentThreadId
GetCurrentThread
InterlockedIncrement
SetLastError
GetStartupInfoW
InitOnceExecuteOnce
DeleteCriticalSection
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
RtlUnwind
SetEndOfFile
InitializeCriticalSectionAndSpinCount
WriteFile
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
AreFileApisANSI
GetProcAddress
InterlockedDecrement
GetLastError
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
GetCommandLineW
ExitProcess
EnumDateFormatsExW
Process32NextW
FreeLibraryAndExitThread
IsDBCSLeadByteEx
GetFileType
GetStringTypeW
SetConsoleDisplayMode
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW

odbc32

ord11
ord54
ord66
ord9
ord117
ord127
ord77

mpr

WNetUseConnectionW
WNetGetUniversalNameA
MultinetGetConnectionPerformanceA
WNetAddConnection2W
WNetGetNetworkInformationW
WNetCloseEnum
WNetDisconnectDialog1W
WNetCancelConnectionW
WNetGetConnectionW

gdi32

StartPage
EndPage
GetTextExtentPoint32W
GetTextMetricsW
CreateFontIndirectW
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
SetMapMode
ExtTextOutW
GetTextExtentExPointW
StartDocW
EndDoc
GetGlyphIndicesW
Pie
GetEnhMetaFileDescriptionW
GetObjectW
GetRasterizerCaps

winspool.drv

XcvDataW
DeletePrintProcessorA
GetPrinterDriverDirectoryA
SetJobA
AddPortW
AdvancedDocumentPropertiesA

user32

LoadIconW
GetWindowTextW
GetDlgItem
EndDialog
LoadStringW
ShowWindow
CreateWindowExW
MessageBoxW
GetMenu
RegisterClassExW
SetDlgItemTextW
SendMessageW
UpdateWindow
SetWindowTextW
WinHelpW
GetMonitorInfoW
CheckMenuItem
MonitorFromRect
DispatchMessageW
GetDlgItemTextW
IsDialogMessageW
SetDlgItemInt
TranslateMessage
SetFocus
GetClientRect
LoadCursorW
GetParent
DialogBoxParamW
PostMessageW
LoadImageW
RegisterWindowMessageW
GetMessageW
SetActiveWindow
GetDlgItemInt
TranslateAcceleratorW
GetWindowTextLengthW
DestroyWindow
GetSystemMetrics
LoadAcceleratorsW

comdlg32

FindTextW
PrintDlgW
GetSaveFileNameW
ReplaceTextW
GetOpenFileNameW
ChooseFontW

advapi32

IsTextUnicode

shell32

ShellAboutW
DragAcceptFiles

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdf343bf0cf4d88f257fb571d9107a9c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

odbc32

mpr

gdi32

winspool.drv

user32

comdlg32

advapi32

shell32

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB