r77 | 0b6f65cba69ca908cc80c20a92e6c47385e4845e75db213c83e77a04a6b718ac

Sharing

Copy URL

Twitter E-mail

General

Target

0b6f65cba69ca908cc80c20a92e6c47385e4845e75db213c83e77a04a6b718ac
Size

305KB
MD5

f60a0d8a53e09e26b366f89f1aa6b9f4
SHA1

2b0fd5a428c46f8a9856f58b9b1552a3ac661376
SHA256

0b6f65cba69ca908cc80c20a92e6c47385e4845e75db213c83e77a04a6b718ac
SHA512

1008ed423bbd35d2a38fe6816b974c80af0e913f0bb380ef50cdb4665ef22948c7b28bb6c9090198e9f0e8af6f788b0f0a77b8659330fa9395c3028c74a5b0c2
SSDEEP

6144:3wvogtFbxCp/4Y4Kndkz/McIkKQ85GHHWNKB:3w9inRczX

Score

10^/10

r77

Malware Config

Signatures

R77 family
r77

r77 rootkit payload 1 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
sample	r77_payload

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b6f65cba69ca908cc80c20a92e6c47385e4845e75db213c83e77a04a6b718ac

Files

0b6f65cba69ca908cc80c20a92e6c47385e4845e75db213c83e77a04a6b718ac
.dll windows:6 windows x64 arch:x64

cb913eca49306aa856b4da889700badf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
GetTickCount
QueryPerformanceCounter
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetLastError
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind

winmm

timeGetTime

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb913eca49306aa856b4da889700badf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 10KB - Virtual size: 15KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 10KB - Virtual size: 15KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB