ragexe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ragexe.exe
Size

14.3MB
MD5

1a07ced34c0b9105aec2e94e4e255845
SHA1

22048a7706ff438b48f4581bd4a05f61eb1ad3b7
SHA256

b248060bfc76b10ed255456562046c2ad82b892d1b1e5f11fb1eeff407a6d5a9
SHA512

d9c862d18d853d7c180791f46869c8e99794f42e0417c672a4e7db8eb0c9e696b7b89fae785e39d197af18f1695cc092564732917308dded5334b7feff023e82
SSDEEP

196608:rCdlHDclzu/6I2qq9/j8abudJ7CPqfp+:rC/HQlKyI2P/j8abuD7Ffp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ragexe.exe

Files

ragexe.exe
.exe windows x86

24ce0abf9391c897ce2821091c9a752d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
CryptVerifySignatureA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegCreateKeyA
CryptEncrypt

ddraw

DirectDrawCreateEx

dinput

DirectInputCreateA

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
CreateDIBSection
CreateFontIndirectA
CreateFontA
EnumFontFamiliesExA
GetCurrentObject
GetTextExtentPoint32W
SetBkColor
SetBkMode
SetTextColor
TextOutW
TextOutA
CreateSolidBrush
FillRgn
CreatePolygonRgn
GetStockObject
DeleteDC

imm32

ImmNotifyIME
ImmGetCandidateListW
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext
ImmGetVirtualKey

iphlpapi

GetAdaptersInfo

kernel32

WaitForMultipleObjects
GetExitCodeProcess
ResetEvent
ResumeThread
CreateMutexA
SetEndOfFile
SetEvent
OpenFileMappingA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
OpenMutexA
DecodePointer
EncodePointer
GlobalLock
OpenEventA
GetSystemDirectoryA
GetModuleFileNameW
VirtualQuery
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
HeapAlloc
GetFileInformationByHandle
lstrlen
CreateEventA
CopyFileA
MoveFileExA
TerminateThread
ReleaseMutex
ExitProcess
IsProcessorFeaturePresent
IsBadReadPtr
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe
lstrcpy
CreateProcessA
SetPriorityClass
TerminateProcess
GetCurrentDirectoryA
CreateDirectoryA
GlobalMemoryStatus
GetSystemTime
IsDBCSLeadByte
DeleteFileA
VirtualProtect
IsDebuggerPresent
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
lstrcat
GetVersionExA
OpenProcess
VirtualFree
VirtualAlloc
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
QueryPerformanceFrequency
QueryPerformanceCounter
GetUserDefaultLangID
SetThreadPriority
CreateThread
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalLock
GlobalUnlock
WideCharToMultiByte
GetLastError
FindNextFileA
FindFirstFileA
FindClose
lstrcmpi
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
LoadLibraryA
GlobalAlloc
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetCurrentThread
GetCurrentProcess
SetUnhandledExceptionFilter
GetTickCount
GetLocalTime
Sleep
GetProcessHeap
HeapCompact
MultiByteToWideChar
MulDiv
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GlobalFree
VirtualProtect
Sleep

msvcp110

?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1_Container_base12@std@@QAE@XZ
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
??0_Timevec@std@@QAE@PAX@Z
??1_Container_base12@std@@QAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Container_base12@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1_Lockit@std@@QAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1_Container_base12@std@@QAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??1_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IBEXXZ
??0_Lockit@std@@QAE@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

msvcr110

__CxxFrameHandler
mbstowcs
wcstombs
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1__non_rtti_object@std@@UAE@XZ
wcscpy_s
strcat_s
_ltoa
sscanf
_snprintf
_itoa
puts
_controlfp
_local_unwind4
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
wcslen
_spawnl
_access
abort
_unlock_file
_lock_file
_fseeki64
fsetpos
fputc
fgetpos
fgetc
putchar
printf
isprint
strcoll
_isatty
_fileno
signal
strpbrk
tolower
toupper
ispunct
isxdigit
tmpnam
remove
_gmtime32
clock
system
setlocale
strncat
strcspn
strtod
getenv
_HUGE
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_cos_precise
_libm_sse2_atan_precise
_libm_sse2_asin_precise
_CItanh
_CIsinh
_CIcosh
modf
ldexp
frexp
ceil
srand
localeconv
_mbsnbicmp
iscntrl
isalnum
isdigit
isalpha
tmpfile
setvbuf
_popen
_pclose
fscanf
fflush
clearerr
_setjmp3
longjmp
_mbscmp
_mbsicmp
_mbsrchr
_mbsnbcpy
_except_handler3
_mbslwr
_strnicmp
wcscpy
_strdup
wcsstr
_wcslwr
_wcsdup
_mbsnbcat
_strlwr
_libm_sse2_pow_precise
strtoul
fputs
isspace
strerror
realloc
ungetc
fgetc
freopen
ferror
__iob_func
_errno
wcsnlen
??1__non_rtti_object@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
memmove
_CxxThrowException
__CxxFrameHandler
_libm_sse2_acos_precise
memcpy
sprintf
memset
free
malloc
??_V@YAXPAX@Z
fclose
fopen
fwrite
rand
_libm_sse2_tan_precise
_libm_sse2_exp_precise
strrchr
_snprintf_s
_ctime32
strcpy_s
_beginthreadex
_vsnprintf
_CIatan2
atof
atoi
_splitpath
strchr
strstr
strncpy
memcpy_s
_vsnprintf_s
_mbsstr
_mkdir
sprintf_s
_atoi64
memchr
_difftime32
_time32
calloc
_recalloc
__RTDynamicCast
strtol
fread
fseek
ftell
_i64toa
_localtime32
strftime
_mktime32
_mbsbtype
_setmbcp
strtok
feof
fgets
strncmp
floor
_CIfmod
_wfopen
exit
isupper
_unlink
_stricmp
strncpy_s
fprintf
islower
_iswspace_l
vsprintf
_i64toa_s
_chmod
_rmdir
rename
??0exception@std@@QAE@ABQBD@Z

netapi32

Netbios

oleaut32

SysAllocString
VariantInit
SysFreeString

shell32

SHFileOperation
ShellExecuteA

shlwapi

PathRemoveFileSpecA
StrStrIW

user32

GetWindow
ShowWindow
DrawMenuBar
AdjustWindowRect
ValidateRect
GetActiveWindow
IsIconic
RegisterClassA
DispatchMessageA
TranslateMessage
GetClipboardData
GetKeyboardLayout
LoadIconA
LoadCursorA
LoadBitmapA
SetParent
GetParent
WindowFromPoint
ScreenToClient
GetCursorPos
SetCursor
SetCursorPos
ShowCursor
GetWindowTextA
SetActiveWindow
UpdateWindow
IsWindowVisible
SetWindowPos
DestroyWindow
CreateWindowExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
SendMessageA
wsprintfA
GetKeyState
CharPrevExA
CharNextExA
GetAsyncKeyState
PostThreadMessageA
PeekMessageA
GetWindowRect
SetWindowTextA
GetSystemMetrics
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgItem
EndDialog
DialogBoxParamA
MoveWindow
GetDC
SetWindowLongA
SetRect
ClientToScreen
MessageBoxA
GetClientRect
RedrawWindow

winmm

timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime
timeKillEvent

ws2_32

send
select
recv
htons
socket
WSAStartup
ioctlsocket
connect
closesocket
gethostname
gethostbyname
inet_addr
inet_ntoa
WSACleanup
WSAGetLastError
htonl
sendto
WSASend

binkw32

_BinkOpen@8
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkGoto@12
_BinkPause@8
_BinkClose@4
_BinkWait@4

cps

uncompress
compress

granny2

_GrannyReadEntireFileFromMemory@8
_GrannyPlayControlledAnimation@12
_GrannySetControlActive@8
_GrannySetControlLoopCount@8
_GrannyFreeControl@4
_GrannyGetMeshIndexCount@4
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4
_GrannyGetMaterialTextureByType@8
_GrannyGetMeshBytesPerIndex@4
_GrannyGetMeshIndices@4
_GrannyCopyMeshIndices@12
_GrannyNewMeshBinding@12
_GrannyFreeMeshBinding@4
_GrannyFreeFile@4
_GrannyMeshIsRigid@4
_GrannyNewLocalPose@4
_GrannyFreeLocalPose@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexType@4
_GrannyGetMeshVertexCount@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyGetMeshBindingToBoneIndices@4
_GrannyNewMeshDeformer@12
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
_GrannyCopyTextureImage@32
_GrannyTextureHasAlpha@4
_GrannyVersionsMatch_@16
_GrannyNewWorldPose@4
_GrannyGetFileInfo@4
_GrannyFreeWorldPose@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyControlModelsNext@4
_GrannyBuildWorldPose@24
GrannyRGBA8888PixelFormat
GrannyPNT332VertexType
_GrannyGetControlDurationLeft@4
_GrannyGetSystemSeconds@0
_GrannyGetSecondsElapsed@8
_GrannyFreeFileSection@8
_GrannySampleModelAnimations@16

ijl15

ijlInit
ijlFree
ijlRead
ijlWrite

mss32

_AIL_set_stream_loop_count@8
_AIL_stream_volume@4
_AIL_set_stream_volume@8
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_open_stream@12
_AIL_sample_status@4
_AIL_set_sample_volume@8
_AIL_end_sample@4
_AIL_start_sample@4
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_set_redist_directory@4
_AIL_close_digital_driver@4
_AIL_open_digital_driver@16
_AIL_set_preference@8
_AIL_stream_status@4
_AIL_startup@0
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_volume@8
_AIL_3D_sample_status@4
_AIL_3D_room_type@4
_AIL_set_3D_room_type@8
_AIL_3D_speaker_type@4
_AIL_set_3D_speaker_type@8
_AIL_set_3D_sample_distances@12
_AIL_file_type@8
_AIL_set_3D_sample_effects_level@8
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_orientation@28
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_close_3D_provider@4
_AIL_shutdown@0
_AIL_allocate_3D_sample_handle@4
_AIL_mem_free_lock@4
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12

ole32

CoUninitialize
OleSetContainedObject
CoCreateInstance
CoInitialize

Sections

Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Tut4you
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

etvimdom
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wkizwclm
Size: 36KB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PE_ADS
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdiff
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24ce0abf9391c897ce2821091c9a752d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ddraw

dinput

gdi32

imm32

iphlpapi

kernel32

msvcp110

msvcr110

netapi32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

binkw32

cps

granny2

ijl15

mss32

ole32

Sections

Size: 10.3MB - Virtual size: 10.3MB

.rsrc Size: 10KB - Virtual size: 12KB

.Tut4you Size: 4KB - Virtual size: 4KB

Size: 2.1MB - Virtual size: 2.1MB

etvimdom Size: 1.7MB - Virtual size: 1.7MB

wkizwclm Size: 36KB - Virtual size: 15.2MB

PE_ADS Size: 69KB - Virtual size: 72KB

.xdiff Size: 32KB - Virtual size: 32KB

.rsrc
Size: 10KB - Virtual size: 12KB

.Tut4you
Size: 4KB - Virtual size: 4KB

etvimdom
Size: 1.7MB - Virtual size: 1.7MB

wkizwclm
Size: 36KB - Virtual size: 15.2MB

PE_ADS
Size: 69KB - Virtual size: 72KB

.xdiff
Size: 32KB - Virtual size: 32KB