RPG_RT[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RPG_RT.exe
Size

1.4MB
MD5

0c55cf60e2ae0b52c2c28dd4ecebad1c
SHA1

737b9ff0e5848101d917afcaa6ef52b604fa7eb8
SHA256

49c33cb9f7e23a56631f60efec924567ffba7dc231263f1f7030207fe0b64b5c
SHA512

8b8c7eee0cc043b5ab6bf9f42cbb67ec2b5319ada127eaf85cece3be7b5572751e6e8b65c005cf4f714661fe0e43c8c3510f82d944c9a01a6e6954989e58c08b
SSDEEP

24576:K7Uwc9Z0+kuOKtXMs+36bAVPM1o/PqJgnwLRf1+XZGM7wh0buaXhLbT1YAKTdvOH:YUl0+kbKJGKUPugnwLRf17M7wUXhLbTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RPG_RT.exe

Files

RPG_RT.exe
.exe windows x86

25a89201aa21c87f9688882d7a031e83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmStreamOpen
acmFormatSuggest

winmm

joyGetPos
joyGetDevCapsA
joyGetNumDevs
timeGetTime
midiOutShortMsg
midiOutClose
midiOutReset
midiOutOpen
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
midiOutLongMsg
midiOutUnprepareHeader
midiOutPrepareHeader
mixerSetControlDetails
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerGetControlDetailsA
timeSetEvent
timeKillEvent
joyGetPosEx

kernel32

GetConsoleMode
HeapAlloc
GetFileType
HeapFree
CreateFileA
GetFileSize
ReadFile
CloseHandle
InitializeCriticalSection
MultiByteToWideChar
Sleep
EnterCriticalSection
LeaveCriticalSection
lstrcpyA
WideCharToMultiByte
MulDiv
FindFirstFileA
FindNextFileA
FindClose
GetLocalTime
GetFullPathNameA
GetFileAttributesA
ExitProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
GetFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
FindResourceA
LoadResource
SizeofResource
LockResource
SetThreadLocale
WaitForSingleObject
TerminateThread
GlobalAlloc
GlobalHandle
GlobalFree
WriteFile
GetStdHandle
GetModuleHandleExW
SetFilePointerEx
GetCommandLineW
GetCommandLineA
RaiseException
RtlUnwind
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
WaitForSingleObjectEx
HeapReAlloc
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ReadConsoleW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
SetEndOfFile
SetEvent
GetLastError
InitializeSListHead
GetCurrentProcessId
WriteConsoleW
ExitThread
GetStartupInfoW
IsDebuggerPresent
GetStringTypeW
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

user32

GetSystemMenu
PeekMessageA
PtInRect
MessageBoxA
PostMessageA
SetCursorPos
ClientToScreen
DispatchMessageA
TranslateMessage
IsDialogMessageA
PostQuitMessage
GetMessageA
DestroyWindow
GetDesktopWindow
CallWindowProcA
GetCursorPos
ShowCursor
InsertMenuItemA
ScreenToClient
SetFocus
DefWindowProcA
SetWindowPos
GetClientRect
GetWindowRect
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
InvalidateRect
SendMessageA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
BringWindowToTop
GetAsyncKeyState
UpdateWindow
ShowWindow
SetWindowTextA
FillRect
ReleaseDC
GetDC
InflateRect
MoveWindow

gdi32

GetTextExtentPoint32A
AddFontMemResourceEx
TextOutA
SetBkMode
CreateFontA
SetBkColor
SetTextColor
AddFontResourceExA
GetTextExtentExPointA
CreateFontIndirectA
StretchBlt
CreateSolidBrush
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
ExtTextOutA
GetStockObject

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

dsound

ord1

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25a89201aa21c87f9688882d7a031e83

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

winmm

kernel32

user32

gdi32

advapi32

ole32

dsound

imagehlp

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 14KB - Virtual size: 76KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 14KB - Virtual size: 76KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 65KB - Virtual size: 65KB