Rec58[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Rec58.exe
Size

1.8MB
MD5

cea02e35a0a51717da4bd5838edad3f0
SHA1

4a1b2a9a2273a8de1e4cf381a89bed175cc69281
SHA256

f7bb81d45cd78f505f825111d54a19e66c9800e0ed6c616936dff59e421439bf
SHA512

d4ca7f63cb784dc5e8a36cac0c59866fa71b5ce900d16d6fd29a2f605bb99889dc03b1c25a5ea8e650c0dfd8ab0fb7dd98578608140d5788b29af452566e618a
SSDEEP

24576:LbDhhs34uU/SFFTWc3tO16VzF0MzscQsI9sA5oPFU5NR8mx2PPmrkX/4w5D:LbDhhs34uU/SFFicrFFscQsKR8Tlb5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rec58.exe

Files

Rec58.exe
.exe windows x86

9969c114d528b784685455057cd16913

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3

mpr

WNetGetLastErrorW
WNetOpenEnumW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupOpenInfFileW
SetupIterateCabinetW
SetupGetStringFieldW
SetupGetMultiSzFieldW
SetupGetLineTextW
SetupGetLineCountW
SetupGetFieldCount
SetupFindNextLine
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupFindFirstLineW

kernel32

IsValidCodePage
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpA
CreateFileMappingA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EnumSystemLocalesA
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetCPInfo
GetPrivateProfileStringW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadPriority
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsDBCSLeadByte
IsValidLocale
LCMapStringA
LCMapStringW
LoadLibraryExW
LoadLibraryW
GetCommandLineA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenSemaphoreA
OutputDebugStringW
PeekNamedPipe
QueryDosDeviceW
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetProcessAffinityMask
SetProcessWorkingSetSize
SetStdHandle
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
SetVolumeLabelW
SizeofResource
Sleep
SleepEx
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFileEx
InitializeCriticalSection
EnterCriticalSection
GetTickCount
ExitProcess
LeaveCriticalSection
LoadLibraryA
GetOEMCP
LoadResource

user32

SetTimer
RegisterClassW
PostThreadMessageW
PostQuitMessage
PostMessageW
PeekMessageW
MessageBoxW
LoadStringW
KillTimer
GetWindowLongW
GetMessageW
ExitWindowsEx
DispatchMessageW
DestroyWindow
DefWindowProcW
SetClassLongW
SetWindowLongW
WaitMessage
wsprintfA
wsprintfW

winspool.drv

SetPortW
XcvDataW
StartDocPrinterW
StartDocPrinterA
SetPrinterW
SetPrinterA
OpenPrinterW
SetPortA
EnumPrintersW
WritePrinter
DocumentPropertiesW
SetPrinterDataW
SetPrinterDataExA
SetPrinterDataExW
WaitForPrinterChange
ClosePrinter
StartPagePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ControlService
CreateServiceW
DeleteService
DeregisterEventSource
DuplicateToken
FreeSid
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
LookupAccountNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
NotifyChangeEventLog
OpenEventLogW
StartServiceCtrlDispatcherW
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
ReportEventW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegLoadKeyW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenServiceW
OpenThreadToken
QueryServiceStatus
ReadEventLogW
RegConnectRegistryW
RegCreateKeyExW
OpenProcessToken
OpenSCManagerW

ole32

CoUninitialize
ProgIDFromCLSID
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
OleFlushClipboard
CoTaskMemRealloc

shlwapi

PathIsUNCW
PathRemoveFileSpecW
PathSkipRootW
PathStripToRootW
StrCmpW
StrTrimW
PathIsDirectoryW

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fky58
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9969c114d528b784685455057cd16913

Headers

File Characteristics

Imports

msvcrt

mpr

version

setupapi

kernel32

user32

winspool.drv

advapi32

ole32

shlwapi

Sections

.text Size: 436KB - Virtual size: 432KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 14.0MB

.tls Size: 4KB - Virtual size: 12B

.rsrc Size: 176KB - Virtual size: 176KB

.fky58 Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 436KB - Virtual size: 432KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 14.0MB

.tls
Size: 4KB - Virtual size: 12B

.rsrc
Size: 176KB - Virtual size: 176KB

.fky58
Size: 1.2MB - Virtual size: 1.2MB