ruodfy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ruodfy.exe
Size

2.6MB
MD5

63bc529bfa3b18e5c8627cfb417472a7
SHA1

cb37341ddff7ad40ce5d1880cf752b80f2dd159f
SHA256

12bdbeecd9d808b14925869629e55919d5aba64508d4fae4c5756e7f5cf7b4db
SHA512

3dbfd5a868563b00f7e64b9afc7ed442e578f24b3e17fb1c11fd63f9dd0c82be8d986c0ac8408da8545d0f38560e8cc4a1c35eb8fe86d59c2a3c2aa9396ae172
SSDEEP

49152:/q5/sWxo+n99g9JbMwjerJCZ6VcAs+JARl5CFwg1HROFkPkATKvZqJ:/qiQo+nSJbML7CApJAR2ag1HxEo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ruodfy.exe

Files

ruodfy.exe
.exe windows x86

188be003468d2adf62f6632aaacbf49f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Sleep
GetTickCount
GetLocalTime
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetComputerNameA
CreateThread
VirtualProtect
DeviceIoControl
GlobalMemoryStatus
GetLastError
GetSystemDEPPolicy
GetModuleFileNameA
SetPriorityClass
GetConsoleWindow
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
TerminateThread
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
VirtualFree
VirtualAlloc
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
OpenProcess
GetModuleHandleA
GetProcAddress
CloseHandle
CreateFileA

user32

ShowWindow
EnumDisplayDevicesA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ws2_32

connect
send
WSAStartup
socket
WSAGetLastError
closesocket
recv
htons

msvcrt

sscanf
fgets
tolower
vprintf
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
remove
fclose
fopen
rand
sprintf
free
malloc
strstr
_localtime64
__wgetmainargs
_stricmp
memcpy
memset

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 776KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

188be003468d2adf62f6632aaacbf49f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 776KB - Virtual size: 2.8MB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 776KB - Virtual size: 2.8MB

.reloc
Size: 9KB - Virtual size: 9KB