remouse[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

remouse.exe
Size

442KB
MD5

a3adb8155324f5a1de97c42e4cddbb56
SHA1

0d78cb71f0e2bbd8c458cfc4686a02e01e811017
SHA256

e859d0c546cbcc56cd63c3f54a78b022507d7c3d6ad39ed3720334cb22be2f98
SHA512

ad7c13781d5353d61be6d7ab863ff0ff5e60d9a5ac8d0469586affb8beff66042fbf3495479c1543d4628e19d68933eed5fca53ffd81eafdfdfd62a9d83d79d4
SSDEEP

6144:8rtL+1BQmIVa5UANWEYSZfVv0viFaMoHkXyORvIxfgt:otL+16VafNWElZtFFjV5Ix4t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
remouse.exe

Files

remouse.exe
.exe windows:6 windows x64 arch:x64

9041f1781e2d8bde797977b4b8fe0831

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Rust\Remouse\target\release\deps\remouse.pdb

Imports

user32

MapVirtualKeyW
VkKeyScanW
SendInput
SetCursor
CloseWindow
ReleaseDC
SetWindowLongPtrW
ScreenToClient
GetCursorPos
DispatchMessageW
TranslateMessage
SetWindowPos
TranslateAcceleratorW
PeekMessageW
LoadCursorW
GetDC
ShowWindow
AdjustWindowRect
RegisterClassW
GetSystemMetrics
ValidateRect
GetWindowLongPtrW
DefWindowProcW
RegisterClassExW
CreateWindowExW
RegisterRawInputDevices
GetRawInputBuffer
GetRawInputDeviceList
GetRawInputDeviceInfoW

gdi32

StretchDIBits

kernel32

InitializeSListHead
RtlVirtualUnwind
GetCurrentThreadId
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW
GetConsoleMode
CreateThread
ExitProcess
GetModuleFileNameW
FormatMessageW
SetHandleInformation
IsProcessorFeaturePresent
GetStdHandle
CreateMutexA
GetModuleHandleW
CreateFileW
GetModuleHandleA
GetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CloseHandle
ReleaseMutex
DeleteCriticalSection
SwitchToThread
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
WriteFile
EnterCriticalSection
WaitForSingleObject
GetCurrentProcessId
GetProcessHeap
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
AddVectoredExceptionHandler
WaitForSingleObjectEx
LoadLibraryA

advapi32

SystemFunction036

hid

HidP_GetButtonCaps
HidP_GetUsageValue
HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetValueCaps
HidP_GetUsages

ws2_32

WSASocketW
sendto
recvfrom
WSACleanup
bind
connect
getaddrinfo
send
recv
WSAStartup
closesocket
freeaddrinfo
WSAGetLastError

vcruntime140

__C_specific_handler
_CxxThrowException
__current_exception
memset
memcmp
memcpy
__CxxFrameHandler3
memmove
__current_exception_context

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_initialize_onexit_table
__p___argv
_crt_atexit
terminate
_initterm
_cexit
_seh_filter_exe
_set_app_type
_register_onexit_function
__p___argc
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9041f1781e2d8bde797977b4b8fe0831

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

advapi32

hid

ws2_32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 328KB - Virtual size: 328KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 872B

.pdata Size: 17KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 328KB - Virtual size: 328KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 872B

.pdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 1KB