Retrac Launcher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Retrac Launcher.exe
Size

12.7MB
MD5

8a411f7637a57f78d46eeb31847a5d18
SHA1

e177907ad513d2e2ccbc56d46cf2ad9bacd263f4
SHA256

3a4e19039b443e73f9247b42f7780552af52dd647bbf6a9010a2e58fde4c33b1
SHA512

3e6339652efd8b41671fcc29e9fd36696d17b3a9fce8795bfd1790b0a1c95fa4f3e41af86ed54e5387d437c2471837694e4188ea3ed56dea3d863b320daa3cb5
SSDEEP

196608:s1Otlna32A+VphIgByZB9ibOCDX+UeIE:s1OtIIjygByZWpDuUeI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Retrac Launcher.exe

Files

Retrac Launcher.exe
.exe windows:6 windows x64 arch:x64

5d2fbd2002b0c18911ae25eb5aa311c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

retraclauncher.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

comctl32

RemoveWindowSubclass
TaskDialogIndirect
DefSubclassProc
SetWindowSubclass

user32

MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
DestroyAcceleratorTable
DestroyIcon
GetWindowRect
SetForegroundWindow
GetWindowLongPtrW
SetWindowDisplayAffinity
PeekMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetRawInputData
MonitorFromPoint
EnumDisplayMonitors
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
EnumChildWindows
GetMenu
GetUpdateRect
RegisterClipboardFormatW
GetWindowLongW
GetClientRect
VkKeyScanW
AdjustWindowRectEx
ClientToScreen
IsProcessDPIAware
LoadCursorW
CreateIcon
SendMessageW
SetCursor
ShowCursor
GetClipCursor
MonitorFromRect
CloseClipboard
RedrawWindow
SetClipboardData
CreateAcceleratorTableW
PostMessageW
TrackMouseEvent
ShowWindow
GetSystemMenu
DestroyWindow
EnableMenuItem
GetTouchInputInfo
SetWindowLongW
RegisterHotKey
EmptyClipboard
GetDC
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
ClipCursor
UnregisterHotKey
IsWindowVisible
PostThreadMessageW
SetMenuItemInfoW
CheckMenuItem
ValidateRect
ScreenToClient
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
SetMenu
GetActiveWindow
IsIconic
CreateMenu
AppendMenuW
PostQuitMessage
GetKeyboardLayout
ToUnicodeEx
MapVirtualKeyW
GetMessageA
DispatchMessageA
SystemParametersInfoA
GetMessageW
GetAncestor
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefWindowProcW
FlashWindowEx
ReleaseCapture
ChangeDisplaySettingsExW
SetWindowPlacement
SendInput
AllowSetForegroundWindow
GetWindowPlacement
InvalidateRgn
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetForegroundWindow
SetCursorPos

ole32

RevokeDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
RegisterDragDrop
CreateStreamOnHGlobal
OleInitialize

shell32

SHGetKnownFolderPath
SHCreateItemFromParsingName
DragQueryFileW
ShellExecuteW
CommandLineToArgvW
SHAppBarMessage
DragFinish

advapi32

OpenProcessToken
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegCloseKey
IsValidSid
GetLengthSid
CopySid
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

kernel32

GetCurrentProcessId
GetModuleHandleW
GetNamedPipeServerProcessId
VirtualQueryEx
UnhandledExceptionFilter
GetCurrentThreadId
CloseHandle
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateToolhelp32Snapshot
GlobalMemoryStatusEx
K32GetPerformanceInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
LoadLibraryExA
InitializeSListHead
GetModuleHandleA
IsDebuggerPresent
lstrlenW
GetUserDefaultLocaleName
GetExitCodeProcess
RtlUnwindEx
RtlPcToFileHeader
Sleep
RaiseException
GlobalSize
GlobalUnlock
Thread32First
EncodePointer
GlobalAlloc
GetSystemInfo
GetSystemTimes
GlobalFree
MultiByteToWideChar
ReadFile
Thread32Next
OpenThread
SuspendThread
LocalFree
WriteFile
GetUserDefaultUILanguage
LCIDToLocaleName
CreateMutexA
LoadLibraryW
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
ExitProcess
GetNamedPipeClientProcessId
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
GetProcessId
GlobalLock
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
LoadLibraryExW
TlsGetValue
GetEnvironmentVariableW
FormatMessageW
DuplicateHandle
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetConsoleMode
FlushFileBuffers
GetFileInformationByHandle
ConnectNamedPipe
DisconnectNamedPipe
WaitForSingleObject
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
CreateNamedPipeW
CreateFileW
GetCurrentProcess
WaitNamedPipeW
CreatePipe
GetProcessIoCounters
GetLastError
ReadProcessMemory
SetFileCompletionNotificationModes
Process32First
GetProcessTimes
TlsSetValue
Process32Next
OpenProcess
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetHandleInformation
TlsFree

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

ntdll

NtCreateFile
NtCancelIoFileEx
NtQuerySystemInformation
NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQueryInformationProcess
RtlGetVersion
RtlGetNtVersionNumbers
NtWriteFile

oleaut32

SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo

pdh

PdhAddEnglishCounterW
PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCollectQueryData

powrprof

CallNtPowerInformation

secur32

ApplyControlToken
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
EncryptMessage

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

ws2_32

getsockname
getsockopt
shutdown
recv
closesocket
send
ioctlsocket
setsockopt
WSAIoctl
bind
WSAGetLastError
WSASocketW
connect
freeaddrinfo
WSASend
WSAStartup
getpeername
WSACleanup
getaddrinfo

crypt32

CertOpenStore
CertCloseStore
CertDuplicateStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

api-ms-win-crt-math-l1-1-0

round
floor
trunc
__setusermatherr
pow

api-ms-win-crt-string-l1-1-0

wcslen
strlen
_wcsicmp
wcsncmp
strcpy_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
_initialize_onexit_table
_cexit
terminate
_seh_filter_exe
_set_app_type
abort
__p___argv
__p___argc
_exit
exit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d2fbd2002b0c18911ae25eb5aa311c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

comctl32

user32

ole32

shell32

advapi32

dwmapi

kernel32

gdi32

ntdll

oleaut32

pdh

powrprof

secur32

uxtheme

bcrypt

ws2_32

crypt32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 5.2MB - Virtual size: 5.2MB

.data Size: 17KB - Virtual size: 28KB

.pdata Size: 377KB - Virtual size: 377KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 377KB - Virtual size: 377KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 56KB - Virtual size: 56KB