ruffle[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ruffle.exe
Size

13.0MB
MD5

b1fa00034a50168ce549eed89dc8ebb5
SHA1

2c0ddca9c1e000872948d1b703f5a0960ceb0065
SHA256

8857fad17520961107730313dc0e4920ea9854e407604e20ca468635cf94e318
SHA512

18cff2d9e1195c73b38b85a4fc0dd4044ec7ee75f91812967b71b25a3f78c7810d9857cea6affe589898e02030752500610f6f3abcb08582469e0f0ed998f6fe
SSDEEP

98304:cvxD/jlnh8kGEmK3jDlqqFjR5qrEN03nwOWpF4rNXyYmt409dG5Y+EIN5lczi1NZ:73EjqM5qrEN03nwOWpF4rNXyYDrmzAN

Score

1^/10

Malware Config

Signatures

Files

ruffle.exe
.exe windows x64

38b830f798e1b7bafea376c172e9a212

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

ScreenToClient
CloseTouchInputHandle
GetWindowLongW
ClientToScreen
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
DefWindowProcW
LoadCursorW
SetCursor
CreateWindowExW
GetSystemMetrics
RegisterTouchWindow
InvalidateRgn
GetMessageW
TranslateMessage
DispatchMessageW
ChangeDisplaySettingsExW
TrackMouseEvent
GetWindowPlacement
WaitForInputIdle
GetForegroundWindow
SetWindowTextW
GetWindowTextW
MessageBoxW
EnumWindows
OpenClipboard
EmptyClipboard
SetClipboardData
MonitorFromRect
MapVirtualKeyA
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
DestroyWindow
CloseClipboard
CreateIcon
GetTouchInputInfo
GetClientRect
RedrawWindow
SetWindowPlacement
ToUnicodeEx
SendMessageW
RegisterWindowMessageA
SetForegroundWindow
SendInput
MapVirtualKeyW
RegisterClassExW
AdjustWindowRectEx
GetMenu
ClipCursor
GetClipCursor
ShowCursor
GetActiveWindow
SetWindowLongW
ShowWindow
IsProcessDPIAware
GetDC
PostMessageW
GetKeyboardLayout
GetKeyboardState
GetKeyState
SystemParametersInfoA
GetWindowLongPtrW
GetRawInputData
ReleaseCapture
SetCapture
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
SetWindowLongPtrW
DestroyIcon

comdlg32

GetOpenFileNameW

ole32

OleInitialize
RegisterDragDrop
CoTaskMemFree
RevokeDragDrop
CoInitializeEx
CoUninitialize
CoCreateInstance

shell32

DragFinish
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW

ws2_32

getaddrinfo
WSASetLastError
__WSAFDIsSet
select
htonl
freeaddrinfo
WSACleanup
socket
ntohs
htons
WSAGetLastError
WSAStartup
WSAIoctl
WSASocketW
bind
connect
ioctlsocket
listen
accept
getsockname
getpeername
recv
send
getsockopt
setsockopt
closesocket
WSACloseEvent
WSACreateEvent

crypt32

CertOpenStore
PFXImportCertStore
CertAddCertificateContextToStore
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
CertFindCertificateInStore
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CryptStringToBinaryA
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
SystemFunction036

comctl32

ord412
ord413
ord410

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

kernel32

DeleteFileW
CreateDirectoryW
DeviceIoControl
GetFileInformationByHandle
CreateFileW
FindNextFileW
CreateMutexA
SetThreadStackGuarantee
AddVectoredExceptionHandler
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
TlsAlloc
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
TryEnterCriticalSection
WakeConditionVariable
WakeAllConditionVariable
GetFinalPathNameByHandleW
CreateEventW
TerminateProcess
GetExitCodeProcess
SetFilePointerEx
DuplicateHandle
FlushFileBuffers
WriteFile
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
SwitchToThread
ReleaseMutex
FindClose
FreeEnvironmentStringsW
WaitForMultipleObjectsEx
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
UnmapViewOfFile
MapViewOfFileEx
VirtualFree
VirtualAlloc
CreateFileMappingW
GetSystemInfo
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
VerSetConditionMask
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
Sleep
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
FormatMessageW
GetCurrentProcessId
SleepConditionVariableSRW
SetFileCompletionNotificationModes
GetTickCount64
SetHandleInformation
ExitProcess
CreateThread
InitializeCriticalSectionAndSpinCount
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
TlsFree
GetFileType
GetDriveTypeW
PeekNamedPipe
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetFullPathNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
DeleteCriticalSection
CompareStringW
LCMapStringW
OutputDebugStringW
GetFileAttributesExW
CreatePipe
SetStdHandle
ReadConsoleInputW
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
HeapSize
RtlLookupFunctionEntry
WaitForMultipleObjects
ResetEvent
RtlUnwind
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
FreeConsole
AttachConsole
GetModuleHandleW
CreateEventA
GetCurrentThreadId
TryAcquireSRWLockExclusive
lstrlenW
LoadLibraryExW
GetLastError
GetProcAddress
WaitForSingleObject
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
SetThreadErrorMode
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
GetConsoleOutputCP
ReadConsoleW
WriteConsoleW
SetConsoleCP
SetConsoleOutputCP
GetConsoleWindow
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
PostQueuedCompletionStatus
GetHandleInformation
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection

uxtheme

SetWindowTheme

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38b830f798e1b7bafea376c172e9a212

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

ole32

shell32

ws2_32

crypt32

bcrypt

advapi32

comctl32

d3dcompiler_47

dwmapi

gdi32

kernel32

uxtheme

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 10KB - Virtual size: 30KB

.pdata Size: 244KB - Virtual size: 243KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 10KB - Virtual size: 30KB

.pdata
Size: 244KB - Virtual size: 243KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 61KB - Virtual size: 60KB