rc7[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rc7.exe
Size

2.2MB
MD5

e746ef4f55dbfa2a4143aa13f8120f2a
SHA1

41b1a35e820e021186d56288d66ba1515779caaf
SHA256

9c4ce2af98a9a464907e3c39bdeb296a05d69863661bf915810bcde5879a6ebe
SHA512

d90361131ff07b54d9ce6988cbd94a1ca6aa09348493603c8ac0c9f2c1cfe29b098575da4329aca69f36ab90c4fc6085cd474eafbad601daafbd044a250a97bf
SSDEEP

49152:4fR2a1wzZw4HxQgMuo0flqxlOcnxzVPNwppmf5WYS:yF12yexQgMuo0flslOUxzVPisf5WY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rc7.exe

Files

rc7.exe
.exe windows:6 windows x86 arch:x86

f48635d1594b3fa6c54c63f740cae0d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutA
GetObjectA
SetTextColor
SetBkMode
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePatternBrush
CreateFontA
CreateCompatibleDC
BitBlt

user32

TranslateMessage
DispatchMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
GetMessageA
MessageBoxA
LoadCursorA
LoadImageA
IsWindowVisible
SetForegroundWindow
ShowScrollBar
GetWindowTextA
FindWindowA
SendMessageA
CallWindowProcA
IsWindow
SetWindowPos
SetFocus
SetWindowTextA
ShowWindow
GetAsyncKeyState
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
LoadBitmapA
GetWindowThreadProcessId
GetParent
GetDesktopWindow
GetWindowLongA
MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
GetWindowTextLengthA
InvalidateRect
GetForegroundWindow

kernel32

SetEvent
CreateEventW
HeapReAlloc
HeapSize
WaitForSingleObjectEx
DecodePointer
EncodePointer
CreateFileW
GetModuleHandleExW
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetProcessHeap
GetCPInfo
ResetEvent
IsValidCodePage
MoveFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteProcessMemory
CreateThread
LoadLibraryA
Sleep
WriteFile
ReadFile
FindClose
CloseHandle
CreateFileA
FindFirstFileA
GetProcAddress
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
OpenProcess
GetCurrentProcess
ExitProcess
CreateRemoteThread
ReadProcessMemory
SetFilePointer
GetModuleFileNameA
GetModuleHandleA
CreateDirectoryA
FindNextFileA
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
FindFirstFileExA
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineA
GetCommandLineW
GetOEMCP
LoadLibraryExW
FreeLibrary
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
SetEndOfFile
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
GetStringTypeW
GetStartupInfoW
GetFileType
GetStdHandle
GetACP
HeapAlloc
DeleteFileW
WideCharToMultiByte
GetModuleHandleW
HeapFree
GetCurrentThreadId
SetLastError
MultiByteToWideChar
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

comctl32

ord413
ord410

advapi32

RegQueryValueExA
RegSetValueA
RegQueryValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

winmm

PlaySoundA

uxtheme

IsThemeActive
SetWindowTheme

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

ws2_32

closesocket
connect
htons
inet_addr
inet_ntoa
recv
send
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
socket

lua5.1

lua_tolstring
lua_pushstring
lua_getfield
lua_setfield
lua_pcall
lua_gc
luaL_openlibs
luaL_loadstring
luaL_newstate
lua_close

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcessModulesEx
EnumProcessModules
EnumProcesses

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f48635d1594b3fa6c54c63f740cae0d8

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

comctl32

advapi32

winmm

uxtheme

shell32

comdlg32

ws2_32

lua5.1

psapi

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 2.8MB

.gfids Size: 512B - Virtual size: 392B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 2.8MB

.gfids
Size: 512B - Virtual size: 392B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 13KB - Virtual size: 12KB