rk-dropper[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rk-dropper.exe
Size

3.2MB
MD5

97492c2392ea7404930e5499c3dcc607
SHA1

01b5672fd4fe463b72eada09837924cb578bfd3a
SHA256

1196afa54d18ff2ddf0be7a77616657dbd286147f6705d16357239b2dd941ea0
SHA512

c78b054ee431927ccfef26d957002db939e63fe8823faa2bcc026206058609368d008b26c912f87143d4d6203f43b91e2de90a184066a6baf4641bf96cf0bd50
SSDEEP

49152:JCC2cqg5EJPdbt5TZVV58C6Q7xBGnOC6H4B25HcZO:JV+g5CdbZ57L7xMnU4BRO

Score

1^/10

Malware Config

Signatures

Files

rk-dropper.exe
.exe windows:5 windows x86 arch:x86

b15aa3f8f2c4f386d6157b8cf32ec572

Code Sign

3c:af:3d:81:c3:80:71:74:49:0e:c4:59:a0:8a:ac:c0
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/01/2017, 00:00

Not After

05/12/2017, 23:59

Subject

CN=Kharkiv Vagon-Remont\, LLC,OU=Kharkiv Vagon-Remont\, LLC,O=Kharkiv Vagon-Remont\, LLC,POSTALCODE=61010,STREET=Bud 12 prospekt Gagarina,L=Kharkiv,ST=Ukraine,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:40:e4:d5:90:ca:36:1f:0c:db:4d:d6:9d:2b:6c:ec:c2:e1:8f:08
Signer

Actual PE Digest

b3:40:e4:d5:90:ca:36:1f:0c:db:4d:d6:9d:2b:6c:ec:c2:e1:8f:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit

kernel32

VirtualFree
SetConsoleOutputCP
GlobalUnlock
WritePrivateProfileSectionW
VirtualAlloc
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
SwitchToThread
GetCalendarInfoW
GetCurrentThreadId
OpenThread
GetExitCodeThread
GetLastError
ResetEvent
ReleaseMutex
WriteFile
ClearCommError
GetTickCount
CreatePipe
OpenMutexW
CreateEventW
CreateSemaphoreW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
GetDiskFreeSpaceW
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
CreateNamedPipeW
GetACP
GetOEMCP
GetThreadLocale
GetUserDefaultLCID
IsBadStringPtrW
FindNextVolumeW
RtlUnwind
GetStartupInfoW
FreeLibraryAndExitThread
GlobalFindAtomW
LockResource
GetNumberOfConsoleInputEvents
VirtualAllocEx
IsProcessInJob
GetLogicalDriveStringsW
FindVolumeMountPointClose
GetModuleHandleW
IsValidCodePage
SetComputerNameExW
GetUserDefaultUILanguage
MapViewOfFileEx
InterlockedCompareExchange
CopyFileW
DuplicateHandle
CreateMutexW
FillConsoleOutputAttribute
IsDBCSLeadByte
SystemTimeToFileTime
FindVolumeClose
GetCurrentDirectoryW
GetCurrentThread

advapi32

RegOpenKeyW

user32

DrawIcon
AppendMenuW
CharNextW

gdi32

GetWorldTransform
CreateMetaFileW
GetCharWidthW
GetKerningPairsW
CreateCompatibleBitmap
CreateICW
SetColorAdjustment
PlgBlt
SetTextAlign
SetArcDirection
FlattenPath
GetRegionData
CloseMetaFile
GetEnhMetaFilePaletteEntries
GetTextFaceW
ExtCreatePen
CreateRectRgnIndirect
PlayEnhMetaFile
Chord
CopyEnhMetaFileW
OffsetViewportOrgEx
SetStretchBltMode
FillRgn
CreatePatternBrush
ArcTo
SetMiterLimit
CreatePolyPolygonRgn
CreateDIBPatternBrushPt
CreatePenIndirect
TranslateCharsetInfo
SetTextJustification
GetWindowExtEx
StretchDIBits
GetGlyphOutlineW
GetROP2
CreateEllipticRgn
AnimatePalette
InvertRgn
SetPixelFormat
PathToRegion
GetRgnBox
SetBoundsRect
SetRectRgn

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b15aa3f8f2c4f386d6157b8cf32ec572

Code Sign

3c:af:3d:81:c3:80:71:74:49:0e:c4:59:a0:8a:ac:c0Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

b3:40:e4:d5:90:ca:36:1f:0c:db:4d:d6:9d:2b:6c:ec:c2:e1:8f:08Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

gdi32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 2.5MB

.rsrc Size: 29KB - Virtual size: 29KB

3c:af:3d:81:c3:80:71:74:49:0e:c4:59:a0:8a:ac:c0
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

b3:40:e4:d5:90:ca:36:1f:0c:db:4d:d6:9d:2b:6c:ec:c2:e1:8f:08
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 2.5MB

.rsrc
Size: 29KB - Virtual size: 29KB