rustdesk[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rustdesk.exe
Size

15.5MB
MD5

784ecc1bd6567e226f0735e357a16002
SHA1

bf364e6ba8797994d544bd37ba0f3de1985f54bb
SHA256

65fb39ae705179d66348630c16e749293fd572b4960d986d90e6cf1e92caadee
SHA512

762850d64cb7b942177b5ecbe1e042eb6095424cd17a18a39f6f4dbe8cdc93e248427c0fb7951f098e71a72b2ab5a43a8062d37721a8a2c65d487833ad31f849
SSDEEP

393216:o/YW+vcBLSydEm3o+Vjo72De12QNCpjzweb3++DzDBnuQSX34LvY/qz0z63VC6fV:Ehw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rustdesk.exe

Files

rustdesk.exe
.exe windows:6 windows x64 arch:x64

76df1125afd8f543b98b4ecab79b06ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rustdesk.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

bcryptprimitives

ProcessPrng

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData

kernel32

GlobalUnlock
ReleaseSemaphore
lstrlenW
CloseHandle
GetCurrentProcessId
CreateEventA
WaitForSingleObject
RemoveDirectoryW
GetLogicalDrives
FindFirstFileW
FindNextFileW
FindClose
SetFileTime
SwitchToThread
SetThreadExecutionState
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
LocalAlloc
CreateFileW
FormatMessageW
GetLogicalProcessorInformation
SetLastError
FlushFileBuffers
Sleep
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetCurrentProcess
CreateProcessA
SetHandleInformation
CreateSemaphoreA
SetConsoleCtrlHandler
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ConnectNamedPipe
ReadFile
WriteFile
CancelIoEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetSystemInfo
CreateNamedPipeW
LocalFree
GetModuleHandleA
GetProcAddress
GetTickCount64
GlobalMemoryStatusEx
GetVersionExA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GetStdHandle
GetConsoleMode
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetTempPathW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GlobalLock
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
DeleteFileW
MoveFileExW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetComputerNameExW
GetCurrentThreadId
GetFileSize
GetFileTime
SetFilePointer
SetEvent
ResetEvent
GlobalSize
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
EnterCriticalSection
LeaveCriticalSection
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadPriority
TryEnterCriticalSection
CreateSemaphoreW
GetNativeSystemInfo
InitializeCriticalSection
GetLastError
HeapReAlloc
HeapFree
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetStdHandle
GetStringTypeW
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
GetSystemDirectoryW
SetEndOfFile
SetEnvironmentVariableW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
ReadConsoleW
GetFileSizeEx
GetConsoleOutputCP
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineW
GetCommandLineA
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
EncodePointer
UnhandledExceptionFilter

advapi32

LookupAccountSidW
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
FreeSid
SetEntriesInAclW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
GetUserNameW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
SystemFunction036

ntdll

NtReadFile
NtWriteFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQuerySystemInformation
RtlGetVersion
NtCancelIoFileEx
NtCreateFile

bcrypt

BCryptGenRandom

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

user32

GetMessageA
OpenClipboard
GetClassNameA
GetWindowRect
PtInRect
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
ScreenToClient
GetCursorPos
ChangeClipboardChain
GetClipboardData
RegisterClipboardFormatA
RegisterClipboardFormatW
CountClipboardFormats
GetClipboardFormatNameA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
CreateDesktopA
CloseDesktop
SetWindowLongA
ExitWindowsEx
PrintWindow
LockWorkStation
PostMessageA
FindWindowA
IsWindowVisible
GetWindow
CloseClipboard
SendMessageA
MapVirtualKeyExW
SetClipboardViewer
GetTopWindow
ChangeDisplaySettingsExW
GetClipboardOwner
RealGetWindowClassA
BlockInput
SetThreadDesktop
GetDC
OpenDesktopA
ReleaseDC
GetIconInfo
GetCursorInfo
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
MenuItemFromPoint
GetSystemMetrics
ToAscii
GetKeyboardState
MapVirtualKeyA
SendInput
WindowFromPoint
GetKeyState
VkKeyScanExW
GetKeyboardLayout
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongPtrA
GetWindowLongA
GetWindowPlacement
ChildWindowFromPoint

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoUninitialize
CoTaskMemAlloc
CoInitializeEx
ReleaseStgMedium
OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
OleUninitialize
OleInitialize
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetIfTable2

pdh

PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCollectQueryDataEx
PdhCloseQuery

ws2_32

accept
recvfrom
sendto
shutdown
WSASend
send
recv
getpeername
getsockname
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
getsockopt
socket
WSAIoctl
listen
bind
ioctlsocket
WSASocketW
connect
WSAGetLastError
closesocket

gdi32

CreateCompatibleDC
DeleteObject
GetObjectA
DeleteDC
BitBlt
SelectObject
GetBitmapBits
GetDIBits
CreateCompatibleBitmap

psapi

GetModuleFileNameExW
GetPerformanceInfo

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo

powrprof

CallNtPowerInformation

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76df1125afd8f543b98b4ecab79b06ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

secur32

kernel32

advapi32

ntdll

bcrypt

api-ms-win-shcore-scaling-l1-1-1

user32

shell32

ole32

iphlpapi

pdh

ws2_32

gdi32

psapi

netapi32

powrprof

oleaut32

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 33KB - Virtual size: 354KB

.pdata Size: 218KB - Virtual size: 217KB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 33KB - Virtual size: 354KB

.pdata
Size: 218KB - Virtual size: 217KB

.reloc
Size: 53KB - Virtual size: 53KB