rpcbackdoor | malware[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

malware.exe
Size

273KB
MD5

88ecbe38dbafde7f423eb2feb6dc4a74
SHA1

e069cf88918e405878b16cd6e1b956a253347e29
SHA256

f2efe1f797b32a1a4c47f4f9f2ff3023a4c4af0eb7905d6a321911e47cb2ba47
SHA512

3bbb098f07d2e2c0a4032bc93147d333c9f094e43f4d2e6f55e3635f1e57ef34e20ee1cb6a93957a210d9032fca7e27eebb800a26f6b6ffac831045cb95b9662
SSDEEP

6144:6ngGoJepHgPHFnngZeHsPt3TdMPH3vRAOyyd:6ngGoJqkHFnyeYyhd

Score

10^/10

rpcbackdoor

Malware Config

Signatures

Detects RPCBackdoor 1 IoCs

resource	yara_rule
sample	family_rpcbackdoor

Rpcbackdoor family
rpcbackdoor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
malware.exe

Files

malware.exe
.dll windows x86

71fedee4dc0e5e262638297f8ce593c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrClientCall2
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA

kernel32

DeleteFileA
ReadFile
WriteFile
CloseHandle
Sleep
OpenProcess
GetModuleFileNameA
GetModuleFileNameW
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemInfo
CreateFileA
GetVersionExW
GetModuleHandleA
GlobalMemoryStatus
GetPrivateProfileStringW
GetComputerNameW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
FindClose
SetEndOfFile
WriteConsoleW
HeapSize
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetSystemDirectoryW
GetCPInfo
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
HeapReAlloc
DeleteFileW
ReadConsoleW
GetEnvironmentStringsW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetOEMCP
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetConsoleOutputCP
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
GetACP

user32

wsprintfA
LoadStringW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetUserNameA
RegQueryValueExW

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

netapi32

NetApiBufferFree
NetGetJoinInformation

shlwapi

PathFileExistsA
ord487

Exports

Exports

?msedgeupdate_core@@YGHXZ

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71fedee4dc0e5e262638297f8ce593c6

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

netapi32

shlwapi

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 198KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 4KB - Virtual size: 163KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 198KB - Virtual size: 198KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 4KB - Virtual size: 163KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB