ruster (1)[.]exe

Resubmissions

22/02/2024, 20:58

240222-zsm2jafb21 1

22/02/2024, 20:56

240222-zq6qvsfa81 1

22/02/2024, 20:55

240222-zqq1eafe25 1

Sharing

Copy URL Twitter E-mail

General

Target

ruster (1).exe
Size

1.9MB
MD5

5d5c4c47ccae89a73b6f1f42542c834c
SHA1

5b59fee042ea4897f88a573dbe38ae4cb71e3f7e
SHA256

03cdea5b068f994f8c15ded8e91c32a2638a7f646e68e3988a80e6a377ef6dec
SHA512

dc9ab01fb72f331ff0e7e384db5a43ad41215914c5363d8ab90de7a78ad5d3ef02511585a25189699c1b31d300ff42edd98988660b65da91058dc3fa6f5a786b
SSDEEP

24576:7QOFmaALa3ca3zt9oVgDVVA0fIJZyh/NwRYCtEkFMBVIH06iywuQn652AOafP:7QOFmgL3B9oV6VqLTy5IVuIU6idlO7P

Score

1^/10

Malware Config

Signatures

Files

ruster (1).exe
.exe windows:6 windows x64 arch:x64

3115cb2c75e3b1e536790f28e17253c1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/03/2021, 00:00

Not After

05/06/2024, 23:59

Subject

CN=Micro-Star International CO.\, LTD.,O=Micro-Star International CO.\, LTD.,L=Zhonghe District,ST=New Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:d1:46:9d:03:0b:db:e4:ac:b9:39:85:75:ec:4b:72:24:3f:cc
Signer

Actual PE Digest

2b:d4:d1:46:9d:03:0b:db:e4:ac:b9:39:85:75:ec:4b:72:24:3f:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

PostMessageA
FindWindowA

advapi32

SystemFunction036
GetTokenInformation
OpenProcessToken

kernel32

GetConsoleOutputCP
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
RtlVirtualUnwind
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryExA
GetProcAddress
FreeLibrary
GetLastError
FormatMessageW
WaitForSingleObject
GetModuleHandleA
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
SetLastError
Sleep
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetHandleInformation
SleepEx
ReadFileEx
GetEnvironmentStringsW
SetEnvironmentVariableW
DuplicateHandle
GetCurrentProcessId
WriteFileEx
GetFileType
GetFileInformationByHandleEx
CreateThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
FindNextFileW
FindClose
CreateFileW
FlushFileBuffers
GetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
FindFirstFileW
CopyFileExW
HeapReAlloc
GetCommandLineW
GetSystemTimeAsFileTime
GetTempPathW
CompareStringOrdinal
CreateProcessW
GetFileAttributesW
TerminateProcess
FreeEnvironmentStringsW
GetModuleHandleW
ExitProcess
CreateNamedPipeW
GetFullPathNameW
GetModuleFileNameW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetSystemDirectoryW
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

bcrypt

BCryptGenRandom

ws2_32

select
WSAGetLastError
WSASocketW
ioctlsocket
recv
WSARecv
WSASend
setsockopt
getsockopt
freeaddrinfo
getaddrinfo
send
getpeername
bind
listen
getsockname
closesocket
WSAStartup
WSACleanup
connect
WSADuplicateSocketW
accept

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
SysFreeString
SysStringLen
SysAllocStringLen

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx

ntdll

NtWriteFile
RtlNtStatusToDosError

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 667KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

3115cb2c75e3b1e536790f28e17253c1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75Certificate

Extended Key Usages

Key Usages

2b:d4:d1:46:9d:03:0b:db:e4:ac:b9:39:85:75:ec:4b:72:24:3f:ccSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

bcrypt

ws2_32

oleaut32

ole32

ntdll

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 667KB - Virtual size: 666KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 26KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 7KB - Virtual size: 7KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75
Certificate

2b:d4:d1:46:9d:03:0b:db:e4:ac:b9:39:85:75:ec:4b:72:24:3f:cc
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 667KB - Virtual size: 666KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 26KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 7KB - Virtual size: 7KB