rrinstaller[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rrinstaller.exe
Size

47KB
MD5

e5face634ea569edcdce0ff46de443c7
SHA1

f6ba7b10a20c815f4e2fd32b7b8da80a26f34b4e
SHA256

162c88d66c0de35f6d3fcd02084459f9d4a6e08d89bdda8d1801955a4cd48a70
SHA512

a77f6d940096ce4803af3fa9ae91419d6b84f25cb59b159e766dc0d5b2153ee6a193fdb3250b07756f5ace394089c72684303d070d9451d288a4b96ab3ffc647
SSDEEP

768:VNQdSEDN95arVSU8HsrBz+NwONDhel46K74PBeRUR3UqMIYGquyzicIEIRvzSXir:VNySmNVEF6wclel46nKUR3UqLLquy4EU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

rrinstaller.exe

resource
rrinstaller.exe

Files

rrinstaller.exe
.exe windows:10 windows x64 arch:x64

0f7716c51d703df0fea1b2ee96b8c0c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RRInstaller.pdb

Imports

msvcrt

_amsg_exit
_callnewh
_wcmdln
__C_specific_handler
_fmode
_initterm
_exit
_unlock
__dllonexit
exit
_XcptFilter
_onexit
_errno
__set_app_type
__setusermatherr
realloc
_cexit
?terminate@@YAXXZ
__wgetmainargs
_commode
_purecall
wcsstr
_vscwprintf
vswprintf_s
memcpy
memmove_s
memcpy_s
malloc
wcsncpy_s
free
_lock
memset

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
VarUI4FromStr
SysAllocString

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadLibraryExA
FreeLibrary
GetModuleFileNameW
LoadResource
LockResource
LoadLibraryExW
GetModuleHandleW
GetProcAddress
LoadStringW
SizeofResource

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CLSIDFromString

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
CreateThread

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapDestroy
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f7716c51d703df0fea1b2ee96b8c0c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 200B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 200B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 324B