rlm[.]foundry[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rlm.foundry.exe
Size

1.9MB
MD5

b3905f31c10bf4469e7719ad765f232a
SHA1

825229799627dcdb5f7eb140721ff8d5ecda9e34
SHA256

9c241ec6cb0fc04bec70fa95d2a58b469f96197649458e6ebb992f303abda1fb
SHA512

03fae13455080d379e744e1e843338e7338e64a032ae93d156745e5d9095683be3eb615c93c998288dcf1eb948cff63896bd0b3fd15841bc0b936b981360541c
SSDEEP

49152:D7MjL37rszb572AnZsOT2BKBET7WDqwpW/6IMJQkFW:EXI2AnlT2Bx7GvFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rlm.foundry.exe

Files

rlm.foundry.exe
.exe windows:4 windows x64

8615f480428ab9de97d0c9c273316df3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

ws2_32

sendto
recv
inet_ntoa
ntohl
accept
recvfrom
send
socket
ioctlsocket
connect
select
getsockopt
__WSAFDIsSet
shutdown
closesocket
bind
listen
setsockopt
htons
htonl
gethostbyname
WSACleanup
WSAStartup
getsockname
ntohs
gethostname
inet_addr
gethostbyaddr
WSAGetLastError

advapi32

InitializeAcl
ChangeServiceConfig2A
CreateServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateWellKnownSid
CloseServiceHandle
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA

user32

MessageBoxW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

kernel32

GetOEMCP
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
SetStdHandle
LCMapStringA
LCMapStringW
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CompareStringA
GetACP
LocalAlloc
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
IsDebuggerPresent
TerminateProcess
SetEvent
Sleep
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
GetLastError
WaitForSingleObject
CreateThread
CreateEventA
GetCommandLineA
ExitThread
CreateProcessA
GetStdHandle
CreateSemaphoreA
CloseHandle
GetVersionExA
ReleaseSemaphore
GetVolumeInformationA
DeviceIoControl
CreateFileA
CreateDirectoryA
GetFileInformationByHandle
GetCurrentThreadId
GetVersion
MultiByteToWideChar
GetFileType
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
LocalFree
CompareStringW
CreateMutexA
ReleaseMutex
FormatMessageA
GetEnvironmentVariableA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetCurrentProcess
TlsFree
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleA
ReadFile
WriteFile
GetFileSize
GetLocalTime
SetErrorMode
HeapReAlloc
SearchPathA
OpenSemaphoreA
HeapCreate
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
ExitProcess
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetExitCodeProcess
MoveFileA
LockFile
UnlockFile
GetTimeZoneInformation
ResumeThread
GetFullPathNameA
FileTimeToLocalFileTime
GetDriveTypeA
PeekNamedPipe
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
DeleteFileA
SetFileAttributesA
GetFileAttributesA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
SetHandleCount
GetStartupInfoA
HeapSetInformation

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8615f480428ab9de97d0c9c273316df3

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

advapi32

user32

kernel32

shell32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 225KB - Virtual size: 1.4MB

.pdata Size: 59KB - Virtual size: 59KB

_RDATA Size: 512B - Virtual size: 116B

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 225KB - Virtual size: 1.4MB

.pdata
Size: 59KB - Virtual size: 59KB

_RDATA
Size: 512B - Virtual size: 116B

.rsrc
Size: 1024B - Virtual size: 688B