rp[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

rp.exe
Size

155KB
MD5

2dd755be5842e71b304d2fbff93eb2a3
SHA1

54058cc1fadab57223f2d7004ad79333d63c628b
SHA256

a4778d50307de4ab13e48de90d72b7c5e19b4f9356a611a9faf95cfda0523c46
SHA512

6f0a74c253227de5e78d8b2aa5a50fdf1a59103baa80fd06693dc34d43fc77d07359201256ce54ba366e267f60594a676be67d5cc1c2e521660fa362952804c2
SSDEEP

3072:OkZ3S+4uT4jKhwkF5FETnXn74/8Q/kV1tZGKbJQ:O6SGTnhwS7KnXnI/KV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rp.exe

Files

rp.exe
.exe windows:6 windows x64

959a83047e80ab68b368fdb3f4c6e4ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
CreateFileW
WriteConsoleW
GetProcAddress
OpenProcess
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
ConnectNamedPipe
CreateThread
CloseHandle
GetCurrentThread
WaitForSingleObject
CreateNamedPipeW
ReadFile
GetProcessHeap
HeapAlloc
GetLastError
HeapFree
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WideCharToMultiByte
GetFileType
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW

user32

SetProcessWindowStation
CloseDesktop
GetUserObjectInformationW
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
OpenDesktopW
wsprintfW

advapi32

AddAccessAllowedAce
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
EqualSid
CloseServiceHandle
OpenSCManagerW
CreateProcessWithTokenW
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserW
OpenServiceW
DuplicateTokenEx
QueryServiceStatusEx
GetTokenInformation
ImpersonateNamedPipeClient
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AllocateAndInitializeSid
CopySid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid

ole32

CoTaskMemAlloc
CoInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoGetInstanceFromIStorage
CoUninitialize
CLSIDFromString

rpcrt4

RpcServerRegisterIf2
RpcEpRegisterA
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcServerInqBindings
RpcServerUseProtseqEpA
RpcServerListen
RpcServerRegisterAuthInfoA

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959a83047e80ab68b368fdb3f4c6e4ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

ntdll

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB