rqiner-x86-ivybridge[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rqiner-x86-ivybridge.exe
Size

3.8MB
MD5

ece3d6abcd9494d5f058b89bcacc43dd
SHA1

1b2ce4a06c354d29cd0b171af3ffbba6bffa685e
SHA256

eafe92c4c68d3980808b1db4a00ffac4c41c5473f24b2ac6d8e153f6e35ba8de
SHA512

5655796c96a42027bbbc9981532a0df3e9a96ed6b78fa7aae6835ebb98d14b8f33b0ebb80db53363417a1d357027414c2499f0a39d7671066d6be4d589154909
SSDEEP

49152:mA6Xb/nM1t4KGvrTewAlzlaSdpTRNsG0RRFhsMeSeC99LDJcaNURK2sdIPWJIU6i:MXDMynVGBVUJzkcDKEvMWu+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rqiner-x86-ivybridge.exe

Files

rqiner-x86-ivybridge.exe
.exe windows:6 windows x64 arch:x64

8c5bbb22255f66d772579f5159980eff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcryptprimitives

ProcessPrng

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

iphlpapi

GetAdaptersAddresses

kernel32

TerminateProcess
IsProcessorFeaturePresent
HeapFree
SwitchToThread
GetCurrentThread
SetThreadAffinityMask
CloseHandle
GetCurrentProcess
GetProcessAffinityMask
GetLastError
Sleep
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
GetSystemInfo
HeapReAlloc
GetCommandLineW
SetLastError
GetModuleFileNameW
GetStdHandle
GetConsoleMode
SetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetSystemTimePreciseAsFileTime
GetQueuedCompletionStatusEx
GetFinalPathNameByHandleW
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetProcAddress
PostQueuedCompletionStatus
AddVectoredExceptionHandler
SetThreadStackGuarantee
LocalFree
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
lstrlenW
GetEnvironmentVariableW
CreateThread
ExitProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
GetFileType
GetFileInformationByHandleEx
SetHandleInformation
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime

ntdll

NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

bcrypt

BCryptGenRandom

ws2_32

ioctlsocket
WSAIoctl
bind
shutdown
WSASend
setsockopt
recv
connect
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSASocketW
closesocket
getsockname
WSAGetLastError
send
getpeername
getsockopt

vcruntime140

memcmp
memmove
__current_exception_context
__current_exception
memcpy
__C_specific_handler
memset
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_crt_atexit
exit
_register_onexit_function
_initialize_onexit_table
_initterm
_exit
__p___argc
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_cexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c5bbb22255f66d772579f5159980eff

Headers

DLL Characteristics

File Characteristics

Imports

bcryptprimitives

advapi32

iphlpapi

kernel32

ntdll

api-ms-win-core-synch-l1-2-0

bcrypt

ws2_32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 884KB - Virtual size: 883KB

.data Size: 512B - Virtual size: 10KB

.pdata Size: 40KB - Virtual size: 40KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 884KB - Virtual size: 883KB

.data
Size: 512B - Virtual size: 10KB

.pdata
Size: 40KB - Virtual size: 40KB

.reloc
Size: 17KB - Virtual size: 16KB