REMOTLY[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

REMOTLY.rar
Size

71KB
MD5

79414cd4939eca83e9ae501fb89bc14e
SHA1

e837ffbb415c8aeb2e93623042f8b468ad6ff731
SHA256

359980c425009a996fb9bd3fdab767054cb55a608edf3f730198e74f65bd29fc
SHA512

f823d72b6628fb26a547ac1a76da1692423128585b6eefa34f727493ded8c4c1fa7221e9f415d4cb8f446a0dc93fa1c97eedc2a7c2daf95c9e79057db66dc744
SSDEEP

1536:k93urpzztRUXmSMWNADuQYhQxmGZmG1hRlLG6FE2hz888vbZjrUGEIru/6lb:k93IdRUbTgYhQxvmGjbKHiIbvJwMu/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BLNative.dll
unpack001/iControl_Installer.exe

Files

REMOTLY.rar
.rar
BLNative.dll
.dll windows x86

d1853b73aabd5dd5888fce30b6190b0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

jvm

JNI_GetCreatedJavaVMs

dxva2

OPMGetVideoOutputsFromHMONITOR
GetNumberOfPhysicalMonitorsFromHMONITOR

bcrypt

BCryptDestroyKey
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptImportKey
BCryptGetProperty
BCryptGenRandom
BCryptEncrypt

kernel32

TerminateProcess
MultiByteToWideChar
GetLastError
Process32First
GetUserDefaultLangID
IsProcessorFeaturePresent
OpenProcess
CreateToolhelp32Snapshot
QueryFullProcessImageNameA
Process32Next
CloseHandle
K32EnumProcesses
GetProcAddress
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
LocalFree
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleA

user32

OpenClipboard
GetForegroundWindow
MessageBoxA
SetWindowDisplayAffinity
GetWindow
SendInput
SetForegroundWindow
MonitorFromWindow
EnumDisplayMonitors
GetSystemMetrics
GetDesktopWindow
ShowWindow
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindowVisible
PostMessageA
IsWindow
SetFocus
FindWindowExA
CloseClipboard
EmptyClipboard
EnumWindows
SystemParametersInfoA

advapi32

CryptAcquireContextA
CloseServiceHandle
CryptGenRandom
CryptReleaseContext
EnumServicesStatusExA
OpenSCManagerA

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
_Query_perf_counter
?_Xout_of_range@std@@YAXPBD@Z
_Query_perf_frequency
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

crypt32

CertFreeCertificateContext
CertCloseStore
CryptVerifyCertificateSignatureEx
CryptImportPublicKeyInfoEx2
CertOpenStore
CertCompareCertificateName
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetIssuerCertificateFromStore

shlwapi

StrStrIW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

vcruntime140

_except_handler4_common
memset
_CxxThrowException
__std_terminate
__std_exception_copy
memmove
__std_type_info_destroy_list
memchr
memcpy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfwprintf
__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Exports

Exports

_Java_com_vue_browserlock_win_natives_NativeProxy_allowToggle@8
_Java_com_vue_browserlock_win_natives_NativeProxy_AllowScreenCapture@8
_Java_com_vue_browserlock_win_natives_NativeProxy_clearClipboard@8
_Java_com_vue_browserlock_win_natives_NativeProxy_clearClipboardHistory@8
_Java_com_vue_browserlock_win_natives_NativeProxy_disableEaseOfAccessKeys@8
_Java_com_vue_browserlock_win_natives_NativeProxy_enableEaseOfAccessKeys@8
_Java_com_vue_browserlock_win_natives_NativeProxy_getAllProcessIDs@8
_Java_com_vue_browserlock_win_natives_NativeProxy_getBackgroundProcessData@24
_Java_com_vue_browserlock_win_natives_NativeProxy_getCurrentProcessId@8
_Java_com_vue_browserlock_win_natives_NativeProxy_getDisplayCountEnumDisplay@8
_Java_com_vue_browserlock_win_natives_NativeProxy_getDisplayCountSystemMetrics@8
_Java_com_vue_browserlock_win_natives_NativeProxy_getDuplicateDisplayCount@8
_Java_com_vue_browserlock_win_natives_NativeProxy_getNameFromProcessId@16
_Java_com_vue_browserlock_win_natives_NativeProxy_getProcessIdFromName@12
_Java_com_vue_browserlock_win_natives_NativeProxy_getWindowProcesses@8
_Java_com_vue_browserlock_win_natives_NativeProxy_hideTaskBar@8
_Java_com_vue_browserlock_win_natives_NativeProxy_isDisplayHdcpCompliant@8
_Java_com_vue_browserlock_win_natives_NativeProxy_isSystemSettingsSuspended@16
_Java_com_vue_browserlock_win_natives_NativeProxy_isVirtualMachine@8
_Java_com_vue_browserlock_win_natives_NativeProxy_queryCIMV2Object@16
_Java_com_vue_browserlock_win_natives_NativeProxy_restoreMinimizedProcess@12
_Java_com_vue_browserlock_win_natives_NativeProxy_resumeProcess@16
_Java_com_vue_browserlock_win_natives_NativeProxy_showTaskBar@8
_Java_com_vue_browserlock_win_natives_NativeProxy_suspendProcess@16
_Java_com_vue_browserlock_win_natives_NativeProxy_terminateProcess@16

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iControl_Installer.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1853b73aabd5dd5888fce30b6190b0e

Headers

DLL Characteristics

File Characteristics

Imports

version

jvm

dxva2

bcrypt

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

crypt32

shlwapi

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 75KB - Virtual size: 75KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B