rvgl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rvgl.exe
Size

3.0MB
MD5

c4a75ce8912cb9609011c7e9ae024f80
SHA1

bed3ecfcd349022b26b2a48a1376d96f0a214f2a
SHA256

f136b44ef7a1fd71bd3a5d40fd6b4914d33825a5c4b6b329803146f40c419904
SHA512

6004f2178266d72e7b2c86a65ca229026a52e0b3dde1fd2c51290095447e274461730f67b21bcb5a38e81320a00afcdd75e3cde5f1557f52def250618815f73f
SSDEEP

49152:HjM6634wN959JMGO7wAZQXVteK2Yx3yIRNqhzPSafM7PPAFYsCujm:DUMtdyXTZ3lR2SafMEzj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rvgl.exe

Files

rvgl.exe
.exe windows:4 windows x64

367c2d7387c1fa5841d510d39f006748

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

openal32

alBufferData
alDeleteBuffers
alDeleteSources
alDistanceModel
alGenBuffers
alGenSources
alGetEnumValue
alGetError
alGetSourcei
alGetString
alIsBuffer
alIsExtensionPresent
alIsSource
alSource3f
alSourcePause
alSourcePlay
alSourceQueueBuffers
alSourceStop
alSourceUnqueueBuffers
alSourcef
alSourcei
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetContextsDevice
alcGetCurrentContext
alcGetError
alcGetIntegerv
alcGetProcAddress
alcGetString
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice

sdl2

SDL_ConvertSurfaceFormat
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateSemaphore
SDL_CreateSystemCursor
SDL_CreateThread
SDL_CreateWindow
SDL_Delay
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DestroyWindow
SDL_DetachThread
SDL_FreeSurface
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_GetAttribute
SDL_GL_GetDrawableSize
SDL_GL_GetProcAddress
SDL_GL_MakeCurrent
SDL_GL_ResetAttributes
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GameControllerAddMappingsFromRW
SDL_GameControllerClose
SDL_GameControllerGetAxis
SDL_GameControllerGetButton
SDL_GameControllerGetJoystick
SDL_GameControllerMappingForGUID
SDL_GameControllerNameForIndex
SDL_GameControllerOpen
SDL_GetBasePath
SDL_GetClipboardText
SDL_GetDesktopDisplayMode
SDL_GetDisplayMode
SDL_GetError
SDL_GetKeyFromScancode
SDL_GetKeyboardState
SDL_GetModState
SDL_GetMouseState
SDL_GetNumDisplayModes
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetPlatform
SDL_GetPrefPath
SDL_GetRelativeMouseState
SDL_GetScancodeName
SDL_GetVersion
SDL_GetWindowSize
SDL_HapticClose
SDL_HapticDestroyEffect
SDL_HapticIndex
SDL_HapticName
SDL_HapticNewEffect
SDL_HapticNumAxes
SDL_HapticNumEffects
SDL_HapticOpenFromJoystick
SDL_HapticQuery
SDL_HapticRunEffect
SDL_HapticSetAutocenter
SDL_HapticSetGain
SDL_HapticUpdateEffect
SDL_HasClipboardText
SDL_Init
SDL_InitSubSystem
SDL_IsGameController
SDL_JoystickClose
SDL_JoystickGetAxis
SDL_JoystickGetButton
SDL_JoystickGetDeviceGUID
SDL_JoystickGetGUIDString
SDL_JoystickIsHaptic
SDL_JoystickNameForIndex
SDL_JoystickNumAxes
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_LoadFunction
SDL_LoadObject
SDL_LockMutex
SDL_NumJoysticks
SDL_PollEvent
SDL_Quit
SDL_RWFromFile
SDL_SemPost
SDL_SemWait
SDL_SetClipboardText
SDL_SetCursor
SDL_SetHint
SDL_SetMainReady
SDL_SetRelativeMouseMode
SDL_SetWindowBrightness
SDL_SetWindowDisplayMode
SDL_SetWindowFullscreen
SDL_SetWindowGammaRamp
SDL_ShowCursor
SDL_ShowMessageBox
SDL_ShowSimpleMessageBox
SDL_ShowWindow
SDL_ThreadID
SDL_TryLockMutex
SDL_UnloadObject
SDL_UnlockMutex
SDL_WaitThread
SDL_free
SDL_iconv_string
SDL_setenv
SDL_strlen
SDL_wcslen

sdl2_image

IMG_Init
IMG_Load_RW
IMG_Quit
IMG_SavePNG_RW

libdiscord-rpc

Discord_ClearPresence
Discord_Initialize
Discord_Register
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

libenet-7

enet_address_get_host_ip
enet_address_set_host
enet_deinitialize
enet_host_broadcast
enet_host_connect
enet_host_create
enet_host_destroy
enet_host_service
enet_initialize
enet_packet_create
enet_packet_destroy
enet_peer_disconnect
enet_peer_disconnect_now
enet_peer_reset
enet_peer_send
enet_socket_connect
enet_socket_create
enet_socket_destroy
enet_socket_get_address
enet_socket_receive
enet_socket_send
enet_socket_set_option

libunistring-2

u8_casecmp
u8_check
u8_strconv_from_encoding
u8_strconv_to_encoding
u8_strmblen
u8_strmbtouc
u8_tolower
u8_totitle
u8_toupper
uc_is_property_combining

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_initterm
_localtime64
_lock
_lseeki64
_onexit
_setjmp
_strnicmp
_time64
_ultoa
_unlock
_wchdir
_wfindfirst64
_wfindnext64
_wfopen
_wfreopen
_wfullpath
_wmkdir
_wremove
_wrename
_wrmdir
_wstat64
abort
atof
atol
calloc
exit
fclose
feof
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalpha
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
remove
rewind
setlocale
setvbuf
signal
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscoll
wcscpy
wcsftime
wcslen
wcsncpy
wcsxfrm
longjmp
_write
_strdup
_read
_putenv
_mktemp
_fileno
_fdopen
_close

shell32

CommandLineToArgvW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 167.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

367c2d7387c1fa5841d510d39f006748

Headers

File Characteristics

Imports

openal32

sdl2

sdl2_image

libdiscord-rpc

libenet-7

libunistring-2

kernel32

msvcrt

shell32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 53KB - Virtual size: 52KB

.rdata Size: 295KB - Virtual size: 295KB

.pdata Size: 76KB - Virtual size: 76KB

.xdata Size: 106KB - Virtual size: 105KB

.bss Size: - Virtual size: 167.8MB

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 64KB - Virtual size: 64KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 53KB - Virtual size: 52KB

.rdata
Size: 295KB - Virtual size: 295KB

.pdata
Size: 76KB - Virtual size: 76KB

.xdata
Size: 106KB - Virtual size: 105KB

.bss
Size: - Virtual size: 167.8MB

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 64KB - Virtual size: 64KB