RWRBE60[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RWRBE60.EXE
Size

181KB
MD5

bc8bb51b46b62eceda57230e81dd5dad
SHA1

60864ef81e44bfe36dcbc059e1230eda5e7d55ed
SHA256

0a69af3e2c30d0f3fe81b635325b0d7bc2ed7b02f5ff40261c0537fd479067a9
SHA512

6d0b64ca2d1f836c4c19a037dd3d2d228d32cb1e8100197a8cb9158c7043a70d9e84b907b3b8b9818ef847481be179d2d3007448ee17d4097546a823ae6a1859
SSDEEP

1536:abHN8M4WDG3U6TZznUu1hW0iAYwkmuDXx9nGF/D1OiIzfbvb+rd00uXJw:azN8M4WDG3jbW0iqQXx9ny58bvb9tJw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RWRBE60.EXE

Files

RWRBE60.EXE
.exe windows x86

b18efa7e76b5a650d582b8912e0f74d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

printf
_stricmp
sprintf
memcpy
__p__fmode
_controlfp
_except_handler3
__set_app_type
asctime
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
strncmp
strcmp
memset
strlen
strncat
sscanf
_ftol
localtime
_isctype
__p__pctype
atol
atof
time
_splitpath
free
strcpy
malloc
strcat
strncpy
__p___mb_cur_max

kernel32

GlobalUnlock
LocalFree
LocalUnlock
LocalLock
LocalAlloc
GetStartupInfoA
GlobalLock
GlobalAlloc
GetModuleHandleA
GetModuleFileNameA
GlobalFree

user32

GetWindowLongA
EndPaint
GetWindowRect
LoadCursorA
DrawTextA
SetCapture
DialogBoxParamA
SetWindowLongA
ReleaseCapture
BeginPaint
EndDialog
WinHelpA
GetDesktopWindow
AppendMenuA
RegisterClassA
MoveWindow
DefWindowProcA
DestroyWindow
SetCursor
ReleaseDC
SetWindowTextA
GetDC
CreateWindowExA
RemoveMenu
InsertMenuA
MessageBeep
DrawMenuBar
InvalidateRect
CreateMenu
LoadIconA
TranslateMessage
MessageBoxA
SetDlgItemTextA
PostMessageA
ShowWindow
UpdateWindow
PeekMessageA
SendMessageA
GetFocus
SetMessageQueue
DispatchMessageA
RegisterWindowMessageA

nlsrtl33

ord175
ord4
ord11
ord203
ord201
ord117
ord6
ord3
ord2
ord277
ord174
ord127
ord233
ord227
ord231
ord279
ord276
ord248
ord246
ord281
ord179
ord268
ord215
ord214
ord224
ord278
ord237

nn60

ord28
ord4
ord85
ord136
ord131
ord132

uiw60

ord1267
ord1466
ord1451
ord1461
ord8006
ord8010
ord8003
ord1477
ord1483
ord1277
ord8001
ord1486
ord1021
ord1270
ord1481
ord1358
ord8011
ord11006
ord8002
ord8005
ord1351
ord1269
ord1077

gdi32

SelectObject
GetDeviceCaps
Rectangle
GetTextExtentPointA
SetROP2
CreatePen
MoveToEx
LineTo
GetTextMetricsA
DeleteObject
GetStockObject

ca60

ord99
ord345
ord98
ord59
ord69
ord54
ord526
ord527
ord487
ord354
ord346
ord106
ord60
ord75
ord56
ord492
ord485
ord489
ord484
ord101
ord107
ord2
ord5
ord3
ord421
ord95
ord94
ord92
ord77
ord340

de60

ord709
ord5422
ord210
ord5070
ord3478
ord3477
ord214
ord190
ord3374
ord5598
ord105
ord3457
ord5599
ord481
ord5608
ord301

mmi60

ord2
ord1

mms60

ord2

mmv60

ord2

mmw60

ord41

ora805

slfnp
slgfn

uirem60

ord184
ord250
ord174
ord255
ord195

sqllib80

sqloer
sqlu2s
sqlcps
sqliap
sqgrct
sqgctx
sqlexp
sqloew
sqltex
sqlret
sqlprc
sqlclu
sqlald
sqlcxt
sqls2u
SQLRCXGet
sqlcln
sqlofftb

qmg60

rwosk2nocomm

utc60

ord10
ord13
ord14

utl60

ord39
ord38

rwlib60

ruereget
rstmrut
rstmst
ruerformat
ruereset
ropsdf
ropintcbs
rrrpensr
rxmbtc
rxglermcc
rxslrunprd
rimfr
rrdlba
rimal
ropintcp
srufrn
rxmcofcp
rrofnshd
rrodap
riulgo
roulgs
relgtan
rxbcod
rwbmnds
rwbmnhr
rwbmnmk
rwbwttl
rimrat
rimfrt
rwbmngt
rwffmdestroy
relgtmn
srwbcdcreate
rxmcmlf
rxmcml
riulgf
rwbmlo
rxierr
rxmcmlgl
relgtsn
rxicep
rxslattach
rxglerclm
rxiefm
rxsldetach
rxfini
rolgro
rrrpensd
rxticl
rxmbtcrun
rxtdes
ropindeu
rwnole_InitWinOleInfo
rwnole_DestroyWinOleInfo
ropfin
rwbmas
rxnname
rroahp
rxinit
rxmcmlfl
rimalt
rrdps2put
ropubput
rrdps1get
ropubget

zrc60

zrcctsa_SetAuthId
zrcctdi_Disconnect
zrcctcr_Create
zrcctco_Connect
zrcctde_Destroy
zrcctgg_GetOutputGeneral
zrcctgo_GetOutput
zrcctrs_RunReportSync
zrcctra_RunReportAsync

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b18efa7e76b5a650d582b8912e0f74d7

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

nlsrtl33

nn60

uiw60

gdi32

ca60

de60

mmi60

mms60

mmv60

mmw60

ora805

uirem60

sqllib80

qmg60

utc60

utl60

rwlib60

zrc60

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 93KB - Virtual size: 96KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 93KB - Virtual size: 96KB