C:\Users\kaede\Downloads\RFOInstaller\x64\Release\RFOInstaller.pdb
Static task
static1
1 signatures
General
-
Target
RFOInstallerTemp.zip
-
Size
431KB
-
MD5
42f3f0ce95d8480fb60d009d463f4868
-
SHA1
6ba78198ab7f562f854a34787bc469b836477ead
-
SHA256
5b6590a66b343156a84ee3de35d2140afb52e6e29812827e6e11808b92843705
-
SHA512
af1e457dd3564dd311fb0f0379f7df454b8706ad4c60f9b690453f02048fe9b8af3f297e90918fa0aa624722ac966044878cb758c816b2e4e3dd4e30508cfe73
-
SSDEEP
12288:unqnuPOX0HF9FvklH1eaiwHV4Vt5FO0POhnS3eQq6eI:uHOX0HFjMHEaRHV4e0YnS3Hqe
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/RFOInstaller.exe
Files
-
RFOInstallerTemp.zip.zip
-
!run.cmd.cmd .vbs
-
RFOInstaller.exe.exe windows:6 windows x64 arch:x64
d38b569edccfc8a5fa9f952303bf5901
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ws2_32
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
send
WSAEnumNetworkEvents
getsockopt
wldap32
ord41
ord22
ord26
ord27
ord32
ord60
ord35
ord79
ord30
ord200
ord301
ord45
ord33
ord211
ord46
ord50
ord217
ord143
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
normaliz
IdnToAscii
IdnToUnicode
kernel32
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
GetFileSizeEx
CreateFileA
CloseHandle
CreateProcessA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
advapi32
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
RegDeleteValueA
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
msvcp140
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??Bid@locale@std@@QEAA_KXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception
_CxxThrowException
__C_specific_handler
__current_exception_context
strstr
memmove
memchr
strrchr
strchr
memset
memcmp
memcpy
__std_exception_destroy
__std_exception_copy
api-ms-win-crt-heap-l1-1-0
calloc
_callnewh
realloc
free
_set_new_mode
malloc
api-ms-win-crt-stdio-l1-1-0
fgets
_open
_lseeki64
_read
_set_fmode
fopen
__stdio_common_vsprintf
fputc
fflush
_close
__p__commode
__stdio_common_vsscanf
__acrt_iob_func
fread
_fileno
_write
ftell
fwrite
feof
fseek
fputs
fclose
fopen_s
api-ms-win-crt-runtime-l1-1-0
exit
terminate
_initialize_onexit_table
_initterm_e
_crt_atexit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_errno
_c_exit
_cexit
system
_initialize_narrow_environment
__p___argv
_beginthreadex
_configure_narrow_argv
__p___argc
__sys_errlist
__sys_nerr
_seh_filter_exe
_set_app_type
_initterm
_exit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
api-ms-win-crt-string-l1-1-0
strcspn
strncmp
strncpy
strpbrk
strspn
_strdup
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
strftime
api-ms-win-crt-convert-l1-1-0
strtoll
atoi
strtoul
strtol
wcstombs
api-ms-win-crt-filesystem-l1-1-0
_fstat64
_access
_stat64
_unlink
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
_fdopen
__setusermatherr
Sections
.text Size: 420KB - Virtual size: 419KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
readme.txt