RpcPing[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RpcPing.exe
Size

25KB
MD5

44a207460b28a52c51c030230dfe8f3c
SHA1

d7be307ce03e99e5cf03577c3738899e78cad434
SHA256

32c29908c059e7205c92aeaac6253081c99519eccd530d75a6e8e1f6778a0acf
SHA512

93ba4343647351da6728ae328d4db3f6ed79dd07aa755ff73ebf00dabd909e0f1a8852d1f86ef5c467a5d6de0691d504f85e61e14ffa2f28fdfb9beaecfa7cad
SSDEEP

384:R97FQI4DTH+cRKT0dpk1K3PFHXMgk3x5ntfLQERFXpM4lSpPCGPIV08HWMs0WIYN:LmIt8J+x5ntsQXSQHG8kt6g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RpcPing.exe

Files

RpcPing.exe
.exe windows x86

89435027dc91d36de2f8c72d38a57c7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
EventActivityIdControl
ConvertStringSidToSidW
RegGetValueW

kernel32

FileTimeToSystemTime
MultiByteToWideChar
GetStdHandle
SetThreadPreferredUILanguages
GetLastError
HeapSetInformation
HeapFree
LocalFree
GetFileType
WriteConsoleW
GetConsoleMode
WideCharToMultiByte
WriteFile
GetProcAddress
FormatMessageW
LoadLibraryW
SetThreadUILanguage
GetModuleHandleW
GetComputerNameW
HeapAlloc
TerminateProcess
GetCurrentProcess
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetTickCount
Sleep
UnhandledExceptionFilter

msvcrt

memcpy
_except_handler4_common
_controlfp
memset
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
exit
_iob
fprintf
malloc
wcschr
_wtoi
_cgetws_s
wcstol
wcsstr
_getch
free
_wcsicmp
?terminate@@YAXXZ

rpcrt4

RpcEpResolveBinding
RpcMgmtInqStats
RpcBindingSetAuthInfoExW
RpcMgmtStatsVectorFree
RpcErrorLoadErrorInfo
RpcErrorGetNumberOfRecords
RpcErrorGetNextRecord
UuidCreate
RpcStringFreeW
RpcErrorClearInformation
RpcErrorEndEnumeration
UuidToStringW
RpcErrorResetEnumeration
RpcErrorStartEnumeration
RpcErrorSaveErrorInfo
I_RpcCertProcessAndProvision
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidFromStringW
RpcCertGeneratePrincipalNameW

ntdll

WinSqmIncrementDWORD
WinSqmIsOptedIn

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpQueryOption
WinHttpSetOption
WinHttpOpenRequest
WinHttpReceiveResponse

crypt32

CertFreeCertificateContext

credui

SspiPromptForCredentialsW
CredUIPromptForCredentialsW

sspicli

SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89435027dc91d36de2f8c72d38a57c7f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

winhttp

crypt32

credui

sspicli

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB