Rivel[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rivel.exe
Size

392KB
MD5

4582b3d9597ca83a33ee138c8077128b
SHA1

5d0bfe330461263ee96974f4aa8f6ff6b464ee13
SHA256

8adb97209b2561124e6197753273eab83b87a4a957f492f9827075fb63658367
SHA512

5b233f49a4513e705b28511e1d58b1c13869a3d4b47db1a8009a37c82db4b2505c01dc235655123e8c243ecc51dbd9aad027480fadefe2476d2f24b234a50a08
SSDEEP

12288:RlZiQeACPxNTbfsgbg7IqTEpIbNuZ4e+rOk8nc7gm0TyAsQUTqiVIZefYjIfMcdo:sQeACPfLsgbg7IqTEpIbNuZ4e+rOk8nj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rivel.exe

Files

Rivel.exe
.exe windows x64

7b7b366c6d4bea4a46a8f75a9d65c2aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memcpy
malloc
free
strncpy
strncmp
_strnicmp
strlen
strcmp
memmove
strcpy
strcat
sprintf

kernel32

GetModuleHandleA
HeapCreate
RemoveDirectoryA
GetShortPathNameA
HeapDestroy
ExitProcess
GetTempFileNameA
FindResourceA
LoadResource
SizeofResource
HeapFree
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
GetCommandLineA
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetExitCodeProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetVersionExA
HeapReAlloc
SetLastError
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileA
GetTempPathA
CreateDirectoryA
WriteFile
CreateFileA
SetFilePointer
ReadFile

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA

shlwapi

PathQuoteSpacesA

user32

MessageBoxA
SendMessageA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
DestroyWindow
GetSysColor
GetSysColorBrush
CreateWindowExA
GetWindowLongPtrA
PostMessageA
CallWindowProcA
SetWindowLongPtrA
SetFocus
GetWindowTextLengthA
GetWindowTextA
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetPropA
GetParent
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRect
GetSystemMetrics
GetActiveWindow
GetWindowRect
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SetCursorPos
LoadImageA
SetCursor
MapWindowPoints
MoveWindow
SystemParametersInfoA
GetKeyState
SetCapture
GetCursorPos
ReleaseCapture
EnumChildWindows
GetClientRect
FillRect
DefFrameProcA
GetFocus
IsChild
GetClassNameA

gdi32

GetStockObject
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject

comctl32

InitCommonControls
InitCommonControlsEx

Sections

.code
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b7b366c6d4bea4a46a8f75a9d65c2aa

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

shell32

shlwapi

user32

gdi32

comctl32

Sections

.code Size: 10KB - Virtual size: 9KB

.text Size: 28KB - Virtual size: 27KB

.pdata Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 342KB - Virtual size: 341KB

.code
Size: 10KB - Virtual size: 9KB

.text
Size: 28KB - Virtual size: 27KB

.pdata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 342KB - Virtual size: 341KB