580837638f784491eca21912094d4d63

Sharing

Copy URL

Twitter E-mail

General

Target

580837638f784491eca21912094d4d63
Size

124KB
MD5

580837638f784491eca21912094d4d63
SHA1

0becc58c5f17a58aed6964a910d1ddc319b93ac7
SHA256

47d99164764aee28c3624162f20e22d0ac53ad72dd130b374cc7444bfc82d0b9
SHA512

f43ed50208655d5c2568e266de5dd605198f26a56d0ad9d563cb151e2cfe3c80f47385e67e2ef07ef8eaf1f3c83978c3897ddbee12f2402540ed65d4e9e7bead
SSDEEP

3072:AfIz8pHwE7gwYkD4ynjcRAFxRQSJS+einxr1Qwo:HzQHwE7g1kD4SoAlQG/1xuwo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rcat/nc-orig.exe
unpack001/rcat/rcat.exe

Files

580837638f784491eca21912094d4d63
.zip
rcat/doexec.c
rcat/generic.h
rcat/getopt.c
rcat/getopt.h
rcat/hobbit.txt
rcat/license.txt
rcat/makefile
rcat/nc-orig.exe
.exe windows:4 windows x86 arch:x86

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
select
listen
getsockname
recvfrom
accept
WSASetLastError
socket
setsockopt
bind
connect
htons
getservbyport
ntohs
getservbyname
inet_addr
gethostbyname
inet_ntoa
gethostbyaddr
WSAGetLastError
WSAStartup
WSACleanup
shutdown
closesocket
recv
send

kernel32

GetSystemTimeAsFileTime
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
VirtualQuery
InterlockedExchange
GetLastError
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
GetStdHandle
FreeConsole
ExitProcess
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
SetEndOfFile
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rcat/netcat.c
rcat/rcat.exe
.exe windows:4 windows x86 arch:x86

b2ac77f5aeeb8b3f2699ec8dce327a26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FreeConsole
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
PeekNamedPipe
ReadFile
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WriteFile

msvcrt

_close
_dup
_itoa
_kbhit
_open
_read
_strcmpi
_strnicmp
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_isatty
_onexit
_setjmp
_setmode
_sleep
_winmajor
abort
atexit
atoi
calloc
exit
fflush
fprintf
fputc
free
fwrite
getenv
gets
longjmp
malloc
memcmp
memcpy
memset
rand
signal
sprintf
srand
strcat
strchr
strcpy
strlen
strncpy
time
vfprintf

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
htons
inet_addr
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 528B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rcat/readme.txt

Sharing

General

Malware Config

Signatures

Files

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 7KB

b2ac77f5aeeb8b3f2699ec8dce327a26

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 96B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 528B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/4 Size: 512B - Virtual size: 32B

/19 Size: 512B - Virtual size: 54B

/35 Size: 512B - Virtual size: 107B

/51 Size: 3KB - Virtual size: 3KB

/63 Size: 512B - Virtual size: 206B

/77 Size: 512B - Virtual size: 330B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 96B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 528B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 512B - Virtual size: 32B

/19
Size: 512B - Virtual size: 54B

/35
Size: 512B - Virtual size: 107B

/51
Size: 3KB - Virtual size: 3KB

/63
Size: 512B - Virtual size: 206B

/77
Size: 512B - Virtual size: 330B