rg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rg.exe
Size

3.6MB
MD5

393863918b422cd31f9a5d97d8c2ab7e
SHA1

893943f52fa40f973581e2da50390306d99bc17a
SHA256

4125309a857ed87f98553a699acc7bb74e9fd45621f4b9b2b3ae99f9afc72b7a
SHA512

95fe3a4efc1b7dd143f8d8de8125710377184be644ff2f950eee0880b56e6dc8d3d61aac0a7d938fc37ab01a5016a6dae11c6626a8137af86f5e5a4a515ce4d8
SSDEEP

49152:CqfuUmad+YK+DTboBYQwHBWSXQRdPBcEZm9nPy8meY5A5nD:ruUmad+YpoBLhf8me

Score

1^/10

Malware Config

Signatures

Files

rg.exe
.exe windows x86

269cfdfbd4ebd93dc20e5d9441880176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SystemFunction036
OpenProcessToken

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemInfo
CreateFileMappingW
MapViewOfFile
CloseHandle
VirtualProtect
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
VirtualAlloc
VirtualFree
GetFileType
GetLastError
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetFileInformationByHandle
ReleaseSRWLockShared
SleepConditionVariableSRW
TlsGetValue
TlsSetValue
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
InitializeCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
FindClose
SwitchToThread
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
WriteFile
FlushFileBuffers
DuplicateHandle
ReadFile
SetFilePointerEx
EnterCriticalSection
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
WakeAllConditionVariable
TryEnterCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsAlloc
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
AcquireSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
WaitForSingleObjectEx
LoadLibraryA
FindNextFileW
CreateFileW
DeviceIoControl
FindFirstFileW
GetFinalPathNameByHandleW
DeleteCriticalSection
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateProcessW
CreateNamedPipeW
CreateThread
QueryPerformanceFrequency
GetModuleHandleA
WriteConsoleW
ReadConsoleW
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
InitializeCriticalSectionAndSpinCount
EncodePointer
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
RaiseException
DecodePointer

ws2_32

WSACleanup

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 903KB - Virtual size: 903KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

269cfdfbd4ebd93dc20e5d9441880176

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

userenv

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 903KB - Virtual size: 903KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 903KB - Virtual size: 903KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 92KB - Virtual size: 92KB