rpcloader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rpcloader.exe
Size

120KB
MD5

85ad8ae0be34d9b21b0c13e5f6c5721a
SHA1

a2a664cf6a952027a7f9198000d6eb731bcc56ad
SHA256

68bd3cab732cab83b9c38096c8c2e705fab06a818e6cdc34b1db28b92f8c4f4f
SHA512

20c1b58df7873c37ea2404b46cca162eb15b1901dbed03e242f761bc13c2baf94e8d6c675d60dc5fcacad814e52cf3897a03d746a531777899fd58494e2c79f3
SSDEEP

3072:lMTUL/SyW/jcash3waJIucgAUcKBWK+Emf8VcmYfXoa:xL/SyWwa23waK/gAvStm5Ya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rpcloader.exe

Files

rpcloader.exe
.exe windows x64

bb5e4931611f453c4211dc819c9a8ae8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingA
RpcStringBindingComposeA

kernel32

GetCommandLineA
CreateFileW
WriteConsoleW
SetFilePointerEx
GetCurrentProcessId
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameA
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
RaiseException
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetFileType
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb5e4931611f453c4211dc819c9a8ae8

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 2KB - Virtual size: 1KB