rztn[.]exe | Triage

Resubmissions

15/11/2023, 17:21

231115-vw2xmsec4z 5

19/07/2023, 21:16

230719-z4e53abb94 5

Sharing

Copy URL Twitter E-mail

General

Target

rztn.exe
Size

1.5MB
MD5

1a527d9250d86be6759fce3fad7093ff
SHA1

a6777542b83072e5c620ad6a06deca27047b3bf0
SHA256

99d624e445b4339946b44be66d66aa348f62ee9a1dcc23e489cf381f997e7ace
SHA512

3e3eb592fb994352ace2dd090c2ffdfe166085e056462c46932442cac70c16368deab0ffc7e1bd8d59f3c853e7779ffc6ea5597528c3ffeec20d81d818b2239d
SSDEEP

24576:G2cMfCkLemYFeSMgRpS/9Kqu/1/d5FQq+SnM8uENuL/2ObmUWi1PhFOtdPxCehx4:GbMfCkGeSMgR6S/p1nAkurHR1yTPxCeM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rztn.exe

Files

rztn.exe
.exe windows:4 windows x64

c867a2412d3c21d834dbd6ba512cfbd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ChangeServiceConfigA

kernel32

CloseHandle

msvcrt

__C_specific_handler

user32

wsprintfA

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ