$RUIHFQ5[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

$RUIHFQ5.exe
Size

17.3MB
MD5

ec02c6962ff0994f0dbc06133cb32f28
SHA1

1084bbf4c67fea18b2dd0232ad196f97ea17438c
SHA256

9663260edf06c3b9116a649af4c9fffa22f1bb3811f3e73e0f8fd6e3ba997565
SHA512

8d00d5f21209bb7ffa24ee7717db4e9294c720a62d50ee416ab6e6e6520afde1d9cacc3c364c2c4d81d3eb565efba29f9e815d384774ba0de0671496952418f6
SSDEEP

98304:hPkYQSoQUUnYfJRVIr20xqZv/fhBsAHYxeUJGf2nSfOLefAC5cQzijrsm931PVTh:e0AQZLefAssqE7g9c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
$RUIHFQ5.exe

Files

$RUIHFQ5.exe
.exe windows:6 windows x64 arch:x64

56bd6271f4ea0ff6e918eaa5fb138418

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036
ImpersonateAnonymousToken
RevertToSelf
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

ws2_32

getsockname
send
getaddrinfo
getpeername
WSACleanup
WSAStartup
freeaddrinfo
WSAIoctl
shutdown
getsockopt
connect
WSARecv
WSASend
WSAGetOverlappedResult
ioctlsocket
setsockopt
WSAGetLastError
bind
WSASocketW
closesocket
recv
listen

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree
LoadLibraryExW
OutputDebugStringW
OutputDebugStringA
AcquireSRWLockExclusive
CloseHandle
ReleaseSRWLockExclusive
HeapFree
SwitchToThread
FindFirstFileW
GetLastError
FindClose
RemoveDirectoryW
MoveFileExW
CopyFileExW
GetModuleHandleW
GetStdHandle
GetConsoleMode
SetConsoleMode
ReleaseMutex
GetCurrentThreadId
QueryPerformanceCounter
AddVectoredExceptionHandler
SetThreadStackGuarantee
lstrlenW
CompareStringOrdinal
CreatePipe
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
CancelIoEx
CreateIoCompletionPort
SleepConditionVariableSRW
GetQueuedCompletionStatusEx
WakeConditionVariable
HeapReAlloc
GlobalFree
GlobalUnlock
GetCurrentThread
GetFileType
GetFileInformationByHandleEx
CreateWaitableTimerExW
Sleep
SetWaitableTimer
WaitForSingleObject
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
SetEnvironmentVariableW
PostQueuedCompletionStatus
SetHandleInformation
GetModuleHandleA
GetProcAddress
GetUserDefaultLocaleName
GetSystemInfo
GetNativeSystemInfo
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalAlloc
WakeAllConditionVariable
QueryPerformanceFrequency
GetProcessId
TerminateProcess
WriteConsoleW
SetLastError
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
LocalFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
OpenProcess
LoadLibraryW
LoadLibraryExA
FreeLibrary
SetFilePointerEx
GetUserDefaultUILanguage
LCIDToLocaleName
CreateMutexW

ntdll

NtQuerySystemInformation
NtQueryInformationProcess
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlGetNtVersionNumbers
NtWriteFile
RtlGetVersion

user32

SetMenuItemInfoW
ShowCursor
AppendMenuW
CreateAcceleratorTableW
PostQuitMessage
AdjustWindowRectEx
SystemParametersInfoA
RegisterClassW
GetDC
IsProcessDPIAware
VkKeyScanW
MapVirtualKeyExW
CreateMenu
CreatePopupMenu
UnregisterHotKey
RegisterHotKey
GetAsyncKeyState
DispatchMessageA
ClipCursor
GetClipCursor
GetKeyboardState
AttachThreadInput
GetKeyState
EnumChildWindows
GetSystemMenu
CreateWindowExW
CallNextHookEx
ToUnicodeEx
TrackPopupMenu
GetKeyboardLayout
GetWindowThreadProcessId
SetClipboardData
EmptyClipboard
ShowWindow
GetClipboardData
IsClipboardFormatAvailable
GetMessageA
IsWindow
SetWindowsHookExA
MsgWaitForMultipleObjectsEx
SetWindowLongW
CloseClipboard
OpenClipboard
CreateIcon
SetWindowPlacement
ChangeDisplaySettingsExW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
GetRawInputData
RegisterRawInputDevices
GetMessageW
SetWindowLongPtrW
FindWindowW
GetMonitorInfoW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowPlacement
GetWindowLongW
RegisterTouchWindow
GetSystemMetrics
RegisterClassExW
DestroyAcceleratorTable
DestroyIcon
LoadCursorW
InvalidateRgn
SetWindowPos
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
GetWindowTextLengthW
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
SetWindowTextW
IsIconic
IsWindowVisible
GetWindowRect
MonitorFromWindow
ClientToScreen
GetMenu
FlashWindowEx
GetActiveWindow
SetMenu
RedrawWindow
PostMessageW
ReleaseCapture
GetCursorPos
EnumDisplayMonitors
MonitorFromPoint
GetClientRect
SendMessageW
RegisterWindowMessageA
CheckMenuItem
EnableMenuItem
DestroyWindow
DefWindowProcW
GetWindowLongPtrW
MessageBoxW
SetCursor

comctl32

TaskDialogIndirect
DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

bcrypt

BCryptGenRandom

shell32

SHGetKnownFolderPath
ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHCreateItemFromParsingName
CommandLineToArgvW
DragFinish
DragQueryFileW
Shell_NotifyIconGetRect

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
CoUninitialize
RevokeDragDrop

crypt32

CertEnumCertificatesInStore
CertDuplicateStore
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateChain
CertCloseStore

secur32

FreeContextBuffer
FreeCredentialsHandle
AcceptSecurityContext
AcquireCredentialsHandleA
QueryContextAttributesW
ApplyControlToken
EncryptMessage
DeleteSecurityContext
InitializeSecurityContextW
DecryptMessage

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

pdh

PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

oleaut32

SetErrorInfo
SysFreeString
SysStringLen
GetErrorInfo

api-ms-win-crt-string-l1-1-0

strcpy_s
strlen
wcslen
_wcsicmp
wcsncmp

api-ms-win-crt-math-l1-1-0

trunc
floor
__setusermatherr
round
pow

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_exit
_seh_filter_exe
__p___argv
_set_app_type
exit
_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
abort
_configure_narrow_argv
_initialize_narrow_environment
terminate
_crt_atexit
_cexit
_register_onexit_function
_initialize_onexit_table
_get_initial_narrow_environment
__p___argc
_initterm

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
calloc
malloc

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56bd6271f4ea0ff6e918eaa5fb138418

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

kernel32

ntdll

user32

comctl32

bcrypt

shell32

gdi32

dwmapi

ole32

crypt32

secur32

psapi

pdh

powrprof

uxtheme

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.rdata Size: 8.7MB - Virtual size: 8.7MB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 363KB - Virtual size: 363KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 8.1MB - Virtual size: 8.1MB

.rdata
Size: 8.7MB - Virtual size: 8.7MB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 363KB - Virtual size: 363KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 44KB - Virtual size: 43KB