tidal-rpc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tidal-rpc.exe
Size

1017KB
MD5

e581efef84fd4e996c746dfee4d7cd79
SHA1

a48b830dbd655cbd39c66b345d26723effb2c301
SHA256

9399b0b308d2d33534fc7d5b11e298955e375cb33811b5abf45659be4527281a
SHA512

4e23ad52a31db76fcbb57050cac8c2ef0fc9bcbf8131b1015f8d62218d1bd1ab4663886c7b2945b8dcf3a97b1b7db43b7e2409a0afd68a2d61956b79663756c9
SSDEEP

12288:rG2u3K06nFWi38LOltQ2RxB+WWeWr73CMRIXwkLWbZt5EdxYxY/9j6i2FJGAPXey:f06w+pP2Q3Hrpn/GnyzL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tidal-rpc.exe

Files

tidal-rpc.exe
.exe windows:6 windows x64 arch:x64

85c00b73e400ff5b1d2d4a8ba3539e85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

qt6widgets

?addAction@QWidget@@QEAAXPEAVQAction@@@Z
??0QMenu@@QEAA@AEBVQString@@PEAVQWidget@@@Z
??1QMenu@@UEAA@XZ
??0QSystemTrayIcon@@QEAA@AEBVQIcon@@PEAVQObject@@@Z
??1QSystemTrayIcon@@UEAA@XZ
?setContextMenu@QSystemTrayIcon@@QEAAXPEAVQMenu@@@Z
??0QApplication@@QEAA@AEAHPEAPEADH@Z
?show@QSystemTrayIcon@@QEAAXXZ
??1QApplication@@UEAA@XZ
?showMessage@QSystemTrayIcon@@QEAAXAEBVQString@@0W4MessageIcon@1@H@Z
?messageClicked@QSystemTrayIcon@@QEAAXXZ
?staticMetaObject@QSystemTrayIcon@@2UQMetaObject@@B
?exec@QApplication@@SAHXZ

qt6network

?supportedSchemes@QNetworkAccessManager@@UEBA?AV?$QList@VQString@@@@XZ
?qt_metacast@QNetworkAccessManager@@UEAAPEAXPEBD@Z
?qt_metacall@QNetworkAccessManager@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QNetworkRequest@@QEAA@XZ
??1QNetworkRequest@@QEAA@XZ
?setUrl@QNetworkRequest@@QEAAXAEBVQUrl@@@Z
?setHeader@QNetworkRequest@@QEAAXW4KnownHeaders@1@AEBVQVariant@@@Z
?metaObject@QNetworkAccessManager@@UEBAPEBUQMetaObject@@XZ
?setSslConfiguration@QNetworkRequest@@QEAAXAEBVQSslConfiguration@@@Z
?createRequest@QNetworkAccessManager@@MEAAPEAVQNetworkReply@@W4Operation@1@AEBVQNetworkRequest@@PEAVQIODevice@@@Z
??1QSslConfiguration@@QEAA@XZ
?setProtocol@QSslConfiguration@@QEAAXW4SslProtocol@QSsl@@@Z
?defaultConfiguration@QSslConfiguration@@SA?AV1@XZ
??0QNetworkAccessManager@@QEAA@PEAVQObject@@@Z
??1QNetworkAccessManager@@UEAA@XZ
?get@QNetworkAccessManager@@QEAAPEAVQNetworkReply@@AEBVQNetworkRequest@@@Z

discord_game_sdk

DiscordCreate

qt6gui

?setDisabled@QAction@@QEAAX_N@Z
?triggered@QAction@@QEAAX_N@Z
?setWindowIcon@QGuiApplication@@SAXAEBVQIcon@@@Z
?openUrl@QDesktopServices@@SA_NAEBVQUrl@@@Z
?staticMetaObject@QAction@@2UQMetaObject@@B
?setCheckable@QAction@@QEAAX_N@Z
?setText@QAction@@QEAAXAEBVQString@@@Z
??1QAction@@UEAA@XZ
??0QAction@@QEAA@AEBVQIcon@@AEBVQString@@PEAVQObject@@@Z
??0QAction@@QEAA@AEBVQString@@PEAVQObject@@@Z
??1QIcon@@QEAA@XZ
??0QIcon@@QEAA@AEBVQString@@@Z
?setChecked@QAction@@QEAAX_N@Z

qt6core

??1QByteArray@@QEAA@XZ
?toStdString@QByteArray@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1QString@@QEAA@XZ
?castHelper@QByteArrayView@@CAPEBDPEBD@Z
??1Connection@QMetaObject@@QEAA@XZ
??0QString@@QEAA@$$QEAV0@@Z
??YQString@@QEAAAEAV0@AEBV0@@Z
?fromUtf8@QString@@SA?AV1@VQByteArrayView@@@Z
??0QString@@QEAA@PEBD@Z
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@PEBD@Z
??0QEventLoop@@QEAA@PEAVQObject@@@Z
??1QEventLoop@@UEAA@XZ
?exec@QEventLoop@@QEAAHV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
?quit@QEventLoop@@QEAAXXZ
?quit@QCoreApplication@@SAXXZ
?aboutToQuit@QCoreApplication@@QEAAXUQPrivateSignal@1@@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?readyRead@QIODevice@@QEAAXXZ
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??1QUrl@@QEAA@XZ
??0QTimer@@QEAA@PEAVQObject@@@Z
??1QTimer@@UEAA@XZ
?qResourceFeatureZlib@@YAEXZ
?qUnregisterResourceData@@YA_NHPEBE00@Z
?qRegisterResourceData@@YA_NHPEBE00@Z
?staticMetaObject@QTimer@@2UQMetaObject@@B
?staticMetaObject@QIODevice@@2UQMetaObject@@B
?staticMetaObject@QCoreApplication@@2UQMetaObject@@B
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?timeout@QTimer@@QEAAXUQPrivateSignal@1@@Z
?stop@QTimer@@QEAAXXZ
?start@QTimer@@QEAAXH@Z

ws2_32

getpeername
getsockopt
recv
select
send
ioctlsocket
connect
socket
WSAStartup
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
closesocket
__WSAFDIsSet
setsockopt

kernel32

GetProcAddress
CreateFileW
HeapSize
GetTimeZoneInformation
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
ExitProcess
WriteFile
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetLastError
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetGeoInfoA
GetUserGeoID
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeSRWLock
Sleep
QueryPerformanceFrequency
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess

user32

GetWindowTextW
EnumWindows
GetWindowThreadProcessId
GetWindowTextLengthW

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85c00b73e400ff5b1d2d4a8ba3539e85

Headers

DLL Characteristics

File Characteristics

Imports

qt6widgets

qt6network

discord_game_sdk

qt6gui

qt6core

ws2_32

kernel32

user32

Sections

.text Size: 688KB - Virtual size: 688KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 39KB - Virtual size: 38KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 114KB - Virtual size: 114KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 688KB - Virtual size: 688KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 39KB - Virtual size: 38KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 114KB - Virtual size: 114KB

.reloc
Size: 4KB - Virtual size: 3KB