rtc[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rtc.rar
Size

150KB
MD5

da243118454103d15a558dd2b65a1c8b
SHA1

1401b290e3bb7c3291b7f277f23dc54a5d0fe7df
SHA256

ee7562b167301dff639bde0abc1aa0fb1b8864c0e0a070e8e11c9e1506cde786
SHA512

3fe23e0cffbc3d8e4409ec21fafc343a6ddbc2096dd544eae95fc0107c60281fc982f1a1da12833f885567d96c2bae4415ce05ea9bdfde616e9d00206b914972
SSDEEP

3072:pc66jwhqBnfLqdo2KQGd0SLtxgyl56K3VyFsYKB+Z3aNk:pc66rz2ydNpCrViNBsUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lua54.dll
unpack001/luatoexe.exe

Files

rtc.rar
.rar
lua54.dll
.dll windows:6 windows x64 arch:x64

a84f66fc37648f4aa83e95028b0b3c0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsRelativeW
PathFindFileNameA
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryEmptyW

advapi32

RegOpenKeyExW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegGetValueW
RegDeleteTreeW
RegSetKeyValueW
RegDeleteKeyValueW
OpenProcessToken
RegCloseKey

gdi32

AddFontResourceExW
GetDeviceCaps
RemoveFontResourceW
EnumFontFamiliesExW

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
DisableThreadLibraryCalls
RtlCaptureContext
GetLastError
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryExA
FormatMessageA
SetCurrentDirectoryW
CreateDirectoryA
DeleteFileW
GetFileAttributesW
GetTempFileNameW
GetTempPathW
Beep
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetTickCount64
AssignProcessToJobObject
SetInformationJobObject
GetModuleHandleA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalFree
CreateJobObjectA
MultiByteToWideChar
SetConsoleOutputCP
GetStdHandle
SetStdHandle
CreateFileA
ReadFile
Sleep
MulDiv
AllocConsole
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
ReadConsoleInputW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
GetConsoleTitleW
SetConsoleTitleW
GetCurrentConsoleFontEx
SetCurrentConsoleFontEx
GetConsoleWindow
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
CompareFileTime
GetLocalTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
CreateFileW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
CopyFileW
MoveFileW
FileTimeToSystemTime
ReadConsoleW
WriteFile
SetHandleInformation
CreatePipe
PeekNamedPipe
TerminateProcess
SetCurrentDirectoryA
GetCurrentDirectoryW
SetLastError
lstrcmpiW
VirtualProtect
LoadResource
LockResource
SizeofResource
LoadLibraryW
FindResourceA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
InitializeSListHead

user32

SetClipboardData
CharUpperBuffW
CharLowerBuffW
EmptyClipboard
GetDesktopWindow
GetWindowRect
ShowScrollBar
CloseClipboard
keybd_event
GetSystemMenu
DeleteMenu
GetDC
ExitWindowsEx
OpenClipboard
ReleaseDC
GetClipboardData

oleaut32

VariantChangeType
GetActiveObject
VarDateFromStr
VariantClear
VariantInit
SysFreeString
VariantTimeToSystemTime
SysAllocString

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__intrinsic_setjmp
__C_specific_handler
__std_type_info_destroy_list
strrchr
strstr
memset
memcmp
memcpy
longjmp
strchr
memmove
wcschr
memchr

api-ms-win-crt-math-l1-1-0

ldexp
log
floor
pow
acos
asin
atan2
ceil
cos
cosh
exp
fmod
log10
sin
sinh
sqrt
tan
tanh
frexp

api-ms-win-crt-string-l1-1-0

strpbrk
strspn
wcsncpy
_wcsdup
strcoll
tolower
iscntrl
isgraph
ispunct
isspace
isxdigit
islower
isupper
strcmp
iswctype
toupper
strncpy
isalnum
isdigit
strncmp
isalpha

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_errno
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
abort
_register_onexit_function
system
exit
strerror
_initialize_onexit_table

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
_kbhit
freopen_s
_fileno
_get_osfhandle
clearerr
_fseeki64
_ftelli64
_pclose
_popen
setvbuf
tmpfile
ungetc
__acrt_iob_func
fgets
fwrite
__stdio_common_vfprintf
getc
__stdio_common_vsprintf
freopen
fread
tmpnam
_wfopen
fputc
fopen
fflush
ferror
_wfsopen
feof
_telli64
_chsize_s
__stdio_common_vsprintf_s
fputwc
fgetws
fputws
fputs
_setmode
fclose

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-time-l1-1-0

_gmtime64
_wutime64
_localtime64_s
strftime
_mktime64
_localtime64
clock
_difftime64
_time64

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
realloc
free

api-ms-win-crt-environment-l1-1-0

getenv
_wgetenv
_wputenv

api-ms-win-crt-filesystem-l1-1-0

_wstat64
_waccess
rename
remove

Exports

Exports

File_close
File_open
LoadFont
TBuffer
TCOM
TDatetime
TDirectory
TFile
TPipe
TWidget
TZip
WIDGET_METHODS
WM_LUAMAX
console_finalize
detectBOM
fontsize_fromheight
luaL_addgsub
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkFilename
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_embedclose
luaL_embedopen
luaL_error
luaL_execresult
luaL_fileresult
luaL_getlasterror
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_require
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_setrawfuncs
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_typeerror
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkcinstance
lua_checkinstance
lua_checkstack
lua_close
lua_closeslot
lua_closethread
lua_compare
lua_concat
lua_copy
lua_createcinstance
lua_createinstance
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getevent
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getiuservalue
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettask
lua_gettop
lua_getupvalue
lua_iscfunction
lua_iscinstance
lua_isinstance
lua_isinteger
lua_isnumber
lua_isobject
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdatauv
lua_next
lua_objectname
lua_optstring
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushlwstring
lua_pushnewinstance
lua_pushnewinstancebyname
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushtask
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_registerevent
lua_registermodule
lua_registerobject
lua_registerwidget
lua_resetthread
lua_resume
lua_rotate
lua_schedule
lua_setallocf
lua_setcstacklimit
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setiuservalue
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setwarnf
lua_sleep
lua_status
lua_stringtonumber
lua_super
lua_toBuffer
lua_toboolean
lua_tocfunction
lua_tocinstance
lua_toclose
lua_tointegerx
lua_tolstring
lua_tolwstring
lua_tonumberx
lua_topointer
lua_toself
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_warning
lua_widgetconstructor
lua_widgetdestructor
lua_widgetinitialize
lua_widgetproc
lua_xmove
lua_yieldk
luaopen_base
luaopen_compression
luaopen_console
luaopen_coroutine
luaopen_debug
luaopen_embed
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_sys
luaopen_table
luaopen_utf8
luart_tobuffer
search_task

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
luatoexe.exe
.exe windows:6 windows x64 arch:x64

cd1588eafbc399cb9f93ff2dc11e050d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

lua54

lua_settop
lua_tolstring
lua_pushstring
lua_getfield
lua_createtable
lua_setglobal
lua_rawseti
lua_pcallk
lua_gc
lua_concat
luaL_loadfilex
luaL_loadstring
luaL_newstate
luaL_requiref
luaL_openlibs
lua_pushnewinstance
lua_pushlwstring
luaL_embedopen
lua_schedule
luaopen_embed
lua_close

ole32

CoInitializeEx
CoUninitialize

comctl32

InitCommonControlsEx

kernel32

InitializeSListHead
GetModuleFileNameW
GetProcAddress
LoadLibraryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary

vcruntime140

strstr
__C_specific_handler
__current_exception
__current_exception_context
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
terminate
_configure_narrow_argv
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_exit
__p___argc
__p___argv
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
puts
fputs
__acrt_iob_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a84f66fc37648f4aa83e95028b0b3c0d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

gdi32

kernel32

user32

oleaut32

ole32

crypt32

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 13KB - Virtual size: 13KB

.reloc Size: 2KB - Virtual size: 2KB

cd1588eafbc399cb9f93ff2dc11e050d

Headers

DLL Characteristics

File Characteristics

Imports

lua54

ole32

comctl32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 752B

.pdata Size: 512B - Virtual size: 324B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 44B

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 13KB - Virtual size: 13KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 752B

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 44B