rc7[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

rc7.exe
Size

1.3MB
MD5

a522edac6a0f62abdb7eab22cc264830
SHA1

92be89cdd6b82d6f4d97274bde1fd3c4ee026d65
SHA256

b294fb0872c6b921239027ffd88b804a7a2239f5bb2c77f3af9c2177456fddcc
SHA512

27b0ae28330ecec365ac31f6a2e0967a13716dcad029318a89ea4ca43c081349c4d8ce98585bd96bd08f10fae536d23746067d82df9acce7d2e5aebbcde668c0
SSDEEP

12288:Nk5NHUUzXbu37wHYsR2k1u+kfXrd5CImFg/PPPzhsn9LRbRa/bAM/:NCeUzLurwHVulvrHCaPPPzOrRazAM/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rc7.exe

Files

rc7.exe
.exe windows x86

a26b26aac5943f032cfa8ebe84d79a5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutA
GetObjectA
SetTextColor
SelectObject
DeleteDC
CreatePatternBrush
CreateCompatibleDC
BitBlt
DeleteObject
SetBkMode
CreateSolidBrush
CreateFontA

user32

SendMessageA
DefWindowProcA
PostQuitMessage
DispatchMessageA
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
SetWindowPos
SendDlgItemMessageA
TranslateMessage
GetMessageA
UnregisterClassA
GetFocus
GetAsyncKeyState
SetForegroundWindow
GetWindowRect
LoadCursorA
LoadImageA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetWindowTextA
LoadBitmapA
GetParent
GetDesktopWindow
MapWindowPoints
ScreenToClient
GetCursorPos
GetClientRect
GetWindowTextA
InvalidateRect
GetForegroundWindow
TrackPopupMenu
AppendMenuA
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
SetMenu
MessageBoxA

kernel32

WaitForSingleObjectEx
DecodePointer
EncodePointer
HeapReAlloc
HeapSize
SetEndOfFile
ReadConsoleW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetProcessHeap
GetCPInfo
GetOEMCP
IsValidCodePage
DeleteFileW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
CloseHandle
GetModuleHandleA
CreateDirectoryA
CreateFileA
GlobalAlloc
GlobalLock
CreateEventW
Sleep
FindClose
GetModuleFileNameA
FindFirstFileA
AllocConsole
GetProcAddress
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
OpenProcess
TerminateProcess
RaiseException
CreateThread
CreateRemoteThread
GetLastError
ReadProcessMemory
WriteProcessMemory
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateToolhelp32Snapshot
Process32First
Process32Next
ExitProcess
SetUnhandledExceptionFilter
LoadLibraryA
GetCurrentProcess
SetFilePointer
ReadFile
SetEvent
ResetEvent
InitializeSListHead
QueryPerformanceCounter
GetCurrentProcessId
RtlUnwind
InterlockedPushEntrySList
FindFirstFileExA
FlushFileBuffers
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
GetStringTypeW
MoveFileExW
GetCommandLineW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
FindNextFileA
GetCommandLineA
GlobalUnlock
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetACP
GetCurrentThreadId
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
DeleteCriticalSection
MultiByteToWideChar
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
WideCharToMultiByte

comctl32

ord413
ord410
InitCommonControlsEx

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

ws2_32

htons
inet_addr
recv
send
connect
WSAStartup
WSACleanup
WSAGetLastError
shutdown
closesocket
socket

psapi

GetModuleFileNameExA
EnumProcesses

winmm

PlaySoundA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

lua5.1

lua_tolstring
lua_pushstring
lua_getfield
lua_setfield
lua_pcall
lua_gc
luaL_openlibs
luaL_loadstring
luaL_newstate
lua_close

shell32

ShellExecuteA

shlwapi

PathFindFileNameA

Exports

Exports

BeaEngineRevision
BeaEngineVersion
Disasm

Sections

.text
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 713KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a26b26aac5943f032cfa8ebe84d79a5e

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

comctl32

advapi32

ws2_32

psapi

winmm

comdlg32

lua5.1

shell32

shlwapi

Exports

Exports

Sections

.text Size: 463KB - Virtual size: 462KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 29KB - Virtual size: 2.8MB

.gfids Size: 1024B - Virtual size: 520B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 713KB - Virtual size: 713KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 463KB - Virtual size: 462KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 29KB - Virtual size: 2.8MB

.gfids
Size: 1024B - Virtual size: 520B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 713KB - Virtual size: 713KB

.reloc
Size: 30KB - Virtual size: 29KB