REAL[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

REAL.exe
Size

1.1MB
MD5

5937a094e1be26259862f385ddbf405d
SHA1

863b4684f49e8706858622ff75a55bef642c47b3
SHA256

d9767fd0e29a9fcdd274282de81c82d7b8fb16f268fa2a7cec50c01d0dd3c4ad
SHA512

588ddba668d02ac0f5b252fff8c5e36de5499103725568b185a244a58fa39f79245a65102af07181b8ecb732cf42699847ab33d1108b8bb886b2860f6af358dc
SSDEEP

24576:Mh1dyMyhjjL30sfXRHk1/Uwv03DdhetC3+czaLdQae86:w1dFyhjhfCCZdhr++w6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
REAL.exe

Files

REAL.exe
.exe windows:6 windows x64 arch:x64

70137d794c4550c98058e96367f1f181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
WSACleanup
WSAGetLastError
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
htonl
ntohl
socket
recv
send
__WSAFDIsSet
select
WSASetLastError
WSAStartup

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

wldap32

ord33
ord35
ord30
ord200
ord301
ord41
ord22
ord26
ord27
ord79
ord32
ord50
ord45
ord60
ord211
ord46
ord217
ord143

normaliz

IdnToUnicode
IdnToAscii

kernel32

AreFileApisANSI
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcessId
GetDynamicTimeZoneInformation
AllocConsole
FreeConsole
GetConsoleWindow
CreateDirectoryW
GetFileAttributesW
GetTempPathW
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameW
GetModuleHandleExW
GetCurrentThreadId
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
GetProcAddress
Sleep
SleepEx
GetTickCount64
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
MultiByteToWideChar
WideCharToMultiByte
RaiseException
HeapAlloc
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
VirtualQuery

user32

SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW

shell32

Shell_NotifyIconW
ShellExecuteExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

advapi32

CryptImportKey
AccessCheck
DuplicateToken
GetFileSecurityW
MapGenericMask
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
OpenProcessToken
CryptEncrypt

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Wcscoll
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Cnd_destroy_in_situ
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
_Wcsxfrm
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Strcoll
_Strxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

vcruntime140

__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
__C_specific_handler
strstr
strrchr
strchr
memcmp
memset
memmove
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memchr
memcpy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
__sys_nerr
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_getpid
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
terminate
_c_exit
_register_thread_local_exe_atexit_callback
strerror
_beginthreadex
_errno
_invalid_parameter_noinfo_noreturn
_register_onexit_function
strerror_s

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtol
atoi
strtod
strtoul

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_ldtest
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_read
_write
_close
_open
fputs
_fseeki64
fseek
fopen
fsetpos
fwrite
fread
__p__commode
setvbuf
fgets
ungetc
__stdio_common_vsprintf
_set_fmode
fputc
fgetpos
fgetc
fflush
__stdio_common_vsscanf
_kbhit
_lseeki64
fclose
freopen_s
_get_stream_buffer_pointers
ftell
__acrt_iob_func
__stdio_common_vsnprintf_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_stat64
_fstat64
_access

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_time64
_gmtime64_s
_gmtime64

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strspn
strncpy
strlen
strncmp
strcpy
wcslen
tolower
isupper
_strdup
strcat_s
strcpy_s
strpbrk

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70137d794c4550c98058e96367f1f181

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

shell32

ole32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 805KB - Virtual size: 805KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 62KB - Virtual size: 65KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 805KB - Virtual size: 805KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 62KB - Virtual size: 65KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 5KB - Virtual size: 4KB