RXC1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RXC1.exe
Size

22.9MB
MD5

f3effd3ac0259de4b0aa007cb5a2212f
SHA1

367ec2f837be4b14cb43ec8a5068be23eb547e82
SHA256

b6f1b55ec47bea2543978b5ec6b93bf9aa1e56f5e9727ce09d14b20205e02a53
SHA512

044b25e53ee1f506c014f425b192ae57bb6351135172ebdeac20d98a02750e3d14c77af6b25b643fa03c788604b2c7e690ec7c65e6fa01eb448bde408854ff86
SSDEEP

196608:MdMLTWt6q8YU0lvqlvkTt3UfYLW5yONA3nBFzZi/BtS80CGBFzDN//dArcDfuAJJ:LLTWtbZvq8fZiZtwBDNXdRyMbfXFIfFQ

Score

1^/10

Malware Config

Signatures

Files

RXC1.exe
.exe windows x86

Password: 10

b6d57e57460da0139dd9dca043cf9d50

Code Sign

06:0c:dd:6c:60:2b:2e:85:e1:ff:2f:9e:37:6f:2d:e6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 00:00

Not After

03/07/2019, 12:00

Subject

CN=CAPCOM CO.\, LTD.,O=CAPCOM CO.\, LTD.,L=Chuo-ku,ST=Osaka,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:d3:f7:a7:de:07:e8:15:0a:5b:dd:48:3f:6e:74:de:ce:d2:6a:5c:fb:61:c2:36:5c:4f:58:90:8f:f4:9b:ae
Signer

Actual PE Digest

20:d3:f7:a7:de:07:e8:15:0a:5b:dd:48:3f:6e:74:de:ce:d2:6a:5c:fb:61:c2:36:5c:4f:58:90:8f:f4:9b:ae

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CAPCOM CO.\, LTD.,O=CAPCOM CO.\, LTD.,L=Chuo-ku,ST=Osaka,C=JP

15/05/2018, 11:04
Valid: true

Chain 1

CN=CAPCOM CO.\, LTD.,O=CAPCOM CO.\, LTD.,L=Chuo-ku,ST=Osaka,C=JP

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

d3d10

D3D10ReflectShader
D3D10DisassembleShader
D3D10CreateDeviceAndSwapChain

dinput8

DirectInput8Create

steam_api

SteamFriends
SteamAPI_RegisterCallback
SteamClient
SteamAPI_IsSteamRunning
SteamRemoteStorage
SteamAPI_RunCallbacks
SteamApps
SteamAPI_Init
SteamAPI_Shutdown
SteamUser
SteamMatchmaking
SteamUtils
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamUserStats
SteamAPI_UnregisterCallback

ws2_32

WSAGetLastError
WSACreateEvent
WSACleanup
WSAStartup

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

imm32

ImmGetDefaultIMEWnd
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

kernel32

VirtualProtect
LoadLibraryExA
GetPrivateProfileStringA
WritePrivateProfileStringA
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
VirtualAlloc
VirtualFree
GlobalAlloc
GlobalLock
GlobalUnlock
CreateDirectoryA
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileSize
ReadFile
ReadFileEx
SetEndOfFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
SleepEx
GetModuleFileNameA
CopyFileA
MoveFileA
FileTimeToSystemTime
GetCommandLineA
GetCurrentDirectoryA
ReleaseMutex
CreateMutexA
Sleep
CreateThread
GetExitCodeThread
ResumeThread
SetThreadExecutionState
GetUserDefaultLangID
SetEvent
WaitForSingleObject
CreateEventA
GetCurrentProcessId
RaiseException
ResetEvent
ReleaseSemaphore
LocalFree
SetThreadPriority
GetSystemInfo
SetThreadIdealProcessor
WaitForMultipleObjects
CreateSemaphoreA
GetStdHandle
GetCurrentProcess
TerminateProcess
CreateProcessA
FreeLibrary
GetModuleHandleA
GetProcAddress
GlobalFree
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryW
DebugBreak
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
VirtualQuery
SetLastError
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
GetStringTypeW
GetTimeZoneInformation
CompareStringW
LCMapStringW
DecodePointer
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetOverlappedResult
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
ReadConsoleW
WriteConsoleW
CreateFileW
InterlockedCompareExchange
InterlockedExchange
DeleteFileW
MoveFileExW
ExitProcess

user32

DeleteMenu
UpdateWindow
BeginPaint
EndPaint
SetPropA
RemovePropA
GetWindowRect
AdjustWindowRect
MessageBoxA
ShowCursor
SetCursor
ClipCursor
FindWindowW
LoadCursorA
LoadIconW
SystemParametersInfoA
SendMessageA
SetWindowPos
SetForegroundWindow
EnableMenuItem
GetWindowThreadProcessId
DefWindowProcA
GetPropA
GetSystemMetrics
GetClientRect
SetWindowLongA
RegisterHotKey
UnregisterHotKey
GetAsyncKeyState
GetCursorPos
ClientToScreen
ScreenToClient
CreateWindowExA
RegisterClassExW
RegisterClassExA
PostQuitMessage
DefWindowProcW
SendMessageW
PeekMessageA
DispatchMessageA
TranslateMessage
EmptyClipboard
SetClipboardData
GetSystemMenu
LoadAcceleratorsA
IsIconic
ShowWindow
DestroyWindow
CreateWindowExW
CloseClipboard

gdi32

GetStockObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

DragAcceptFiles
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

iphlpapi

NotifyAddrChange
GetAdaptersAddresses

msvfw32

ICCompressorFree
ICCompressorChoose

avifil32

AVIFileInit
AVIFileExit
AVIFileRelease
AVIStreamWrite
AVIMakeCompressedStream
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamRelease
AVIStreamSetFormat

wmvcore

WMCreateWriter
WMCreateProfileManager
WMCreateSyncReader

gdiplus

GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 10

b6d57e57460da0139dd9dca043cf9d50

Code Sign

06:0c:dd:6c:60:2b:2e:85:e1:ff:2f:9e:37:6f:2d:e6Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

20:d3:f7:a7:de:07:e8:15:0a:5b:dd:48:3f:6e:74:de:ce:d2:6a:5c:fb:61:c2:36:5c:4f:58:90:8f:f4:9b:aeSigner

Signature Validations

Verification

15/05/2018, 11:04 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

psapi

d3d10

dinput8

steam_api

ws2_32

winmm

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

msvfw32

avifil32

wmvcore

gdiplus

Exports

Exports

Sections

.text Size: 10.9MB - Virtual size: 10.9MB

.rdata Size: 11.8MB - Virtual size: 11.8MB

.data Size: 156KB - Virtual size: 5.0MB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 228B

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

06:0c:dd:6c:60:2b:2e:85:e1:ff:2f:9e:37:6f:2d:e6
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

20:d3:f7:a7:de:07:e8:15:0a:5b:dd:48:3f:6e:74:de:ce:d2:6a:5c:fb:61:c2:36:5c:4f:58:90:8f:f4:9b:ae
Signer

15/05/2018, 11:04
Valid: true

.text
Size: 10.9MB - Virtual size: 10.9MB

.rdata
Size: 11.8MB - Virtual size: 11.8MB

.data
Size: 156KB - Virtual size: 5.0MB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 228B

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB