46166bd977eb933032547897da2918d91c1fd396b398dc1816a9b24e18fb5941

Sharing

Copy URL Twitter E-mail

General

Target

46166bd977eb933032547897da2918d91c1fd396b398dc1816a9b24e18fb5941
Size

1.1MB
MD5

b657bc226cd4636eb189bba7e5bf016b
SHA1

2094f0002dcc04466d4032deef5563f249e5831b
SHA256

46166bd977eb933032547897da2918d91c1fd396b398dc1816a9b24e18fb5941
SHA512

5649817e27788dcf00a9717ef04970fa3ca9cac0ea707ab50fe5ae4f8b80b3ebf0ad65373641a01cbd0ccc4b312079105ca422ac8ac9f19a1e9db384a2b6a611
SSDEEP

24576:Naotrl0OSp92N56oJRls8RkuWhlKvQ1QsXiUwTZ:8otiOSH2T6oPlsU4SQ1QsXHwTZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46166bd977eb933032547897da2918d91c1fd396b398dc1816a9b24e18fb5941

Files

46166bd977eb933032547897da2918d91c1fd396b398dc1816a9b24e18fb5941
.exe windows:6 windows x86 arch:x86

50ede095e0b273e7c44837919c487a70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\davidh\Desktop\RCS Native Automation\Debug\RCS Automation.pdb

Imports

kernel32

ReadProcessMemory
WriteProcessMemory
CloseHandle
GetLastError
GetLocaleInfoW
WideCharToMultiByte
TerminateProcess
CreateProcessW
GetSystemInfo
GetVersionExW
GetModuleHandleW
GetProcAddress
FreeLibrary
VirtualFreeEx
GetProcessHeap
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
MultiByteToWideChar
LoadLibraryExW
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetModuleFileNameW
VirtualAllocEx
OpenProcess
Sleep
GetConsoleWindow
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleScreenBufferSize
VirtualQuery
GetStdHandle

user32

GetSystemMetrics
MapVirtualKeyW
VkKeyScanExW
GetWindowDC
EnumWindows
WindowFromPoint
GetWindowTextW
ReleaseDC
LoadKeyboardLayoutW
GetCursorPos
GetAncestor
GetClassNameW
GetDesktopWindow
SetCursorPos
GetWindowTextLengthW
SendInput
GetWindowThreadProcessId
GetWindowLongW
SendMessageW
SystemParametersInfoW
GetWindowRect
SetWindowPos
ShowWindow
EnumChildWindows

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
GetObjectW
CreateCompatibleBitmap

ole32

CoInitialize
CoCreateInstance

oleacc

AccessibleObjectFromWindow

winhttp

WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse

msvcp120d

?_Incref@facet@locale@std@@UAEXXZ
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xinvalid_argument@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?swap@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXAAV12@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPAPA_W0PAH001@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?swap@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEXAAV12@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAPBDH@Z
_Mbrtowc
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??_U@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
??2facet@locale@std@@SAPAXIABU_DebugHeapTag_t@2@PADH@Z
??3facet@locale@std@@SAXPAXABU_DebugHeapTag_t@2@PADH@Z
??3facet@locale@std@@SAXPAX@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?widen@?$ctype@_W@std@@QBEPBDPBD0PA_W@Z
?setf@ios_base@std@@QAEHH@Z
?precision@ios_base@std@@QBE_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

msvcr120d

_unlock_file
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
__winitenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
_CrtSetCheckCount
__set_app_type
__wgetmainargs
_wsplitpath_s
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
__clean_type_info_names_internal
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
strlen
memmove
_CxxThrowException
__CxxFrameHandler3
memset
_invalid_parameter
wcslen
??_V@YAXPAX@Z
_CrtDbgReportW
free
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
wcscpy_s
_errno
wcstol
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memcpy_s
fgetwc
fputwc
ungetwc
swprintf_s
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
??1type_info@@UAE@XZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
getchar
_hypot
memcmp
strcspn
wcstod
fabs
sprintf_s
localeconv
__RTtypeid
fputc
strftime
_localtime64_s
_time64
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
_CRT_RTC_INITW
_wmakepath_s

Sections

.textbss
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 976KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ede095e0b273e7c44837919c487a70

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleacc

winhttp

msvcp120d

msvcr120d

Sections

.textbss Size: - Virtual size: 456KB

.text Size: 976KB - Virtual size: 976KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 13KB - Virtual size: 14KB

.idata Size: 16KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 33KB

.textbss
Size: - Virtual size: 456KB

.text
Size: 976KB - Virtual size: 976KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 13KB - Virtual size: 14KB

.idata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 33KB