Static task
static1
General
-
Target
RemotePlayDetached.exe
-
Size
10.3MB
-
MD5
bd6608cba39b37b2d8d4f1f4d37284ee
-
SHA1
5829e08a56a764590bafedf30b831b97bff29ccc
-
SHA256
5d37a823d207bf37a98243deaaeab581a175bd303e3361d9130d5cef23c777aa
-
SHA512
90aeb04ceaf900d701b9e43b03f1e192ff416aa07764984306504e10edc67c6eba52a284e8e6d17864b79700cd6c9f03bef5ed76d13ef4bc7766c0f2dc444357
-
SSDEEP
196608:6tyW2IdWQoCfCHDmr0ehpRYFPfMbN9aNgw:9NIvocr0yayE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RemotePlayDetached.exe
Files
-
RemotePlayDetached.exe.exe windows:4 windows x64 arch:x64
731b12cb55397d77bc63e9f517d9e414
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
gdi32
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers
kernel32
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler
msvcrt
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_exit
_fmode
_initterm
_onexit
_snwprintf
_vsnprintf
abort
calloc
exit
fprintf
free
fwprintf
fwrite
malloc
memcpy
qsort
raise
realloc
signal
sscanf
strcmp
strlen
strncmp
strstr
vfprintf
wcscmp
wcscpy
wcslen
_strdup
opengl32
wglGetProcAddress
shell32
DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
user32
AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CopyIcon
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
GetActiveWindow
GetAsyncKeyState
GetClassLongPtrW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyNameTextW
GetKeyState
GetMessageTime
GetPropW
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetWindowLongW
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadImageW
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterDeviceNotificationW
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetPropW
SetRect
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TranslateMessage
UnregisterClassW
WaitMessage
WindowFromPoint
Sections
.text Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 169KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE