Resubmissions
20/02/2024, 20:19
240220-y33djaee3z 3Static task
static1
General
-
Target
RtkAudUService64.exe
-
Size
1.5MB
-
MD5
9d3cd6768f06437d39df85c090097786
-
SHA1
eba4ebfd95acfaa5dc98ea7205e77afb7bd285b5
-
SHA256
76c39d2a2ccea211eb0087c564f27fbbb158d5fa58e4e7b6c408b9d6ac5a213c
-
SHA512
3792d5bc52709ae27664a978726d72c77f74e125ec89996d3ccd13c9da507af5081a49fdb903a110934876aef68f178c8e8918280fc100cdf4206d25a3d20c55
-
SSDEEP
12288:GfZy1/gjrV7kajl3Bwlt72NwETFsZPt4oiRmVvDbYD:nBgjrV7c72NwUePPvDbYD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RtkAudUService64.exe
Files
-
RtkAudUService64.exe.exe windows:4 windows x64 arch:x64
a1aa8e6380e273c50b16267cd686a857
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
GetUserNameA
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
libgcc_s_seh-1
_Unwind_Resume
gdi32
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
kernel32
CreateDirectoryW
DeleteCriticalSection
EnterCriticalSection
GetComputerNameA
GetFileAttributesW
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
msvcrt
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_commode
_errno
_filelengthi64
_fileno
_fmode
_initterm
_localtime64
_mktime64
_onexit
_stat64
_time64
_utime
_wcsdup
_wfopen
abort
calloc
exit
fclose
fflush
fgetpos
fopen_s
fprintf
fputc
fputwc
fread
free
freopen_s
fsetpos
fwprintf
fwrite
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
remove
signal
strerror
strlen
strncmp
strtol
vfprintf
wcslen
shell32
SHFileOperationA
SHFileOperationW
libstdc++-6
_ZNKRSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEE3strEv
_ZNKRSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEE3strEv
_ZNKRSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEE3strEv
_ZNKSt10filesystem7__cxx1128recursive_directory_iteratordeEv
_ZNKSt10filesystem7__cxx114path17_M_find_extensionEv
_ZNKSt10filesystem7__cxx114path5_List13_Impl_deleterclEPNS2_5_ImplE
_ZNKSt10filesystem7__cxx114path7compareERKS1_
_ZNKSt13basic_fstreamIcSt11char_traitsIcEE5rdbufEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE10do_unshiftERiPcS2_RS2_
_ZNKSt25__codecvt_utf8_utf16_baseIwE11do_encodingEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE13do_max_lengthEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE16do_always_noconvEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIwE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIwE9do_lengthERiPKcS3_y
_ZNKSt9type_info7__equalERKS_
_ZNSo5writeEPKcx
_ZNSolsEPFRSoS_E
_ZNSolsEPSt15basic_streambufIcSt11char_traitsIcEE
_ZNSolsEi
_ZNSt10filesystem6statusERKNS_7__cxx114pathE
_ZNSt10filesystem7__cxx1116filesystem_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10error_code
_ZNSt10filesystem7__cxx1116filesystem_errorD1Ev
_ZNSt10filesystem7__cxx1128recursive_directory_iteratorC1ERKNS0_4pathENS_17directory_optionsEPSt10error_code
_ZNSt10filesystem7__cxx1128recursive_directory_iteratorD1Ev
_ZNSt10filesystem7__cxx1128recursive_directory_iteratorppEv
_ZNSt10filesystem7__cxx114path14_M_split_cmptsEv
_ZNSt10filesystem7__cxx114path5_ListC1ERKS2_
_ZNSt10filesystem7__cxx114path5_ListC1Ev
_ZNSt12__shared_ptrINSt10filesystem7__cxx1128recursive_directory_iterator10_Dir_stackELN9__gnu_cxx12_Lock_policyE2EEC1EOS6_
_ZNSt12__shared_ptrINSt10filesystem7__cxx1128recursive_directory_iterator10_Dir_stackELN9__gnu_cxx12_Lock_policyE2EEC1Ev
_ZNSt13basic_fstreamIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_fstreamIcSt11char_traitsIcEEC1EPKwSt13_Ios_Openmode
_ZNSt13basic_fstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt13basic_fstreamIcSt11char_traitsIcEED1Ev
_ZNSt13basic_ostreamIwSt11char_traitsIwEElsEm
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt25__codecvt_utf8_utf16_baseIwED2Ev
_ZNSt3_V216generic_categoryEv
_ZNSt6chrono3_V212system_clock3nowEv
_ZNSt6thread15_M_start_threadESt10unique_ptrINS_6_StateESt14default_deleteIS1_EEPFvvE
_ZNSt6thread6_StateD2Ev
_ZNSt6thread6detachEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE15_M_replace_coldEPwyPKwyy
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEC1Ev
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEEC1Ev
_ZNSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEED1Ev
_ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEC1Ev
_ZNSt7codecvtIwciEC2Ey
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_range_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt24__throw_invalid_argumentPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt28__throw_bad_array_new_lengthv
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt5wcout
_ZSt9terminatev
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_PKS3_
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_PKc
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_S3_
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_c
_ZStlsIwSt11char_traitsIwESaIwEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt6thread6_StateE
_ZTVSt25__codecvt_utf8_utf16_baseIwE
_ZdaPv
_ZdlPv
_ZdlPvy
_Znay
_Znwy
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_rethrow
__cxa_throw
__dynamic_cast
__gxx_personality_seh0
user32
CloseClipboard
GetAsyncKeyState
GetClipboardData
GetDesktopWindow
GetForegroundWindow
GetKeyboardLayout
GetWindowDC
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
OpenClipboard
ReleaseDC
libvmime
_ZN5vmime11addressList13appendAddressERKSt10shared_ptrINS_7addressEE
_ZN5vmime11addressListC1Ev
_ZN5vmime11addressListD1Ev
_ZN5vmime11propertySet12findOrCreateERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime11propertySet8property8setValueIbEEvRKT_
_ZN5vmime11propertySetixERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime12emailAddressC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime14fileAttachmentC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKNS_9mediaTypeE
_ZN5vmime14messageBuilder10setSubjectERKNS_4textE
_ZN5vmime14messageBuilder12setExpeditorERKNS_7mailboxE
_ZN5vmime14messageBuilder13setRecipientsERKNS_11addressListE
_ZN5vmime14messageBuilder16appendAttachmentERKSt10shared_ptrINS_10attachmentEE
_ZN5vmime14messageBuilderC1Ev
_ZN5vmime14messageBuilderD1Ev
_ZN5vmime16headerFieldValue16getGeneratedSizeERKNS_17generationContextE
_ZN5vmime3net6tracer14traceSendBytesEyRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime3net6tracer17traceReceiveBytesEyRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime3net7service16setTracerFactoryERKSt10shared_ptrINS0_13tracerFactoryEE
_ZN5vmime3net7service22setCertificateVerifierERKSt10shared_ptrINS_8security4cert19certificateVerifierEE
_ZN5vmime3net7session12getTransportERKNS_7utility3urlERKSt10shared_ptrINS_8security13authenticatorEE
_ZN5vmime3net7session13getPropertiesEv
_ZN5vmime3net7session6createEv
_ZN5vmime3net9transport11sendOptionsC1Ev
_ZN5vmime3net9transport11sendOptionsD1Ev
_ZN5vmime4textC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime4textD1Ev
_ZN5vmime6objectC2Ev
_ZN5vmime6objectD2Ev
_ZN5vmime7mailboxC1ERKNS_12emailAddressE
_ZN5vmime7utility3urlC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime8platform10getHandlerEv
_ZN5vmime8security4cert16certificateChain5getAtEy
_ZN5vmime8security4cert26defaultCertificateVerifier19setX509TrustedCertsERKSt6vectorISt10shared_ptrINS1_15X509CertificateEESaIS6_EE
_ZN5vmime8security4cert26defaultCertificateVerifier6verifyERKSt10shared_ptrINS1_16certificateChainEERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5vmime8security4cert26defaultCertificateVerifierC2Ev
_ZN5vmime8security4cert26defaultCertificateVerifierD2Ev
_ZN5vmime8security4sasl24defaultSASLAuthenticator10setServiceERKSt10shared_ptrINS_3net7serviceEE
_ZN5vmime8security4sasl24defaultSASLAuthenticator14setSASLSessionERKSt10shared_ptrINS1_11SASLSessionEE
_ZN5vmime8security4sasl24defaultSASLAuthenticator16setSASLMechanismERKSt10shared_ptrINS1_13SASLMechanismEE
_ZN5vmime8security4sasl24defaultSASLAuthenticatorC2Ev
_ZN5vmime8security4sasl24defaultSASLAuthenticatorD2Ev
_ZN5vmime9component9parseImplERKNS_14parsingContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEyyPy
_ZN5vmime9component9parseImplERKNS_14parsingContextERKSt10shared_ptrINS_7utility24parserInputStreamAdapterEEyyPy
_ZN5vmime9componentD2Ev
_ZN5vmime9mediaTypeC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNK5vmime10exceptions13command_error7commandB5cxx11Ev
_ZNK5vmime10exceptions13command_error8responseB5cxx11Ev
_ZNK5vmime10exceptions16invalid_response8responseB5cxx11Ev
_ZNK5vmime10exceptions20authentication_error8responseB5cxx11Ev
_ZNK5vmime10exceptions20filesystem_exception4pathEv
_ZNK5vmime10exceptions25connection_greeting_error8responseB5cxx11Ev
_ZNK5vmime14messageBuilder9constructEv
_ZNK5vmime8security4sasl24defaultSASLAuthenticator11getHostnameB5cxx11Ev
_ZNK5vmime8security4sasl24defaultSASLAuthenticator14getAccessTokenB5cxx11Ev
_ZNK5vmime8security4sasl24defaultSASLAuthenticator14getServiceNameB5cxx11Ev
_ZNK5vmime8security4sasl24defaultSASLAuthenticator17getAnonymousTokenB5cxx11Ev
_ZNK5vmime8security4sasl24defaultSASLAuthenticator23getAcceptableMechanismsERKSt6vectorISt10shared_ptrINS1_13SASLMechanismEESaIS6_EERKS6_
_ZNK5vmime9component8generateB5cxx11Eyy
_ZNK5vmime9component8generateERKNS_17generationContextERNS_7utility12outputStreamEyPy
_ZNK5vmime9component8generateERNS_7utility12outputStreamEyPy
_ZNK5vmime9exception5otherEv
_ZTVN5vmime12emailAddressE
_ZTVN5vmime16headerFieldValueE
_ZTVN5vmime3net13tracerFactoryE
_ZTVN5vmime3net6tracerE
_ZTVN5vmime4wordE
_ZTVN5vmime7addressE
_ZTVN5vmime7charsetE
_ZTVN5vmime7mailboxE
_ZTVN5vmime9mediaTypeE
Sections
.text Size: 272KB - Virtual size: 272KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 3KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 728B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/4 Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/31 Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/45 Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/57 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/70 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/81 Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/97 Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/113 Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ