rftxtriage[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rftxtriage.exe
Size

4.8MB
MD5

a4d3c91a26323d0a89aab215b7474e73
SHA1

816ca344532b9b93b7e066fb2adcdd447c7c828b
SHA256

f72103b28521fd64c4b00b6d699d82dfb7fc97421b0d3a0819b89546ff9126f9
SHA512

2899c6afc64b57c55b2f1b80c51d230b0b86c7ea9d31bc05d8e237b805525b6e8954309a447da68e91675c4b18ede4e06872a6f2f86dd355b5e9a78f162e21b0
SSDEEP

98304:zroSJ1qfx8dlqV4AOXPPQxuF9fWUCGzijJJZKwT29:zroSJ1aiqV4AOXPPQxuF9uUCnZKwy9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rftxtriage.exe

Files

rftxtriage.exe
.exe windows:4 windows x86 arch:x86

Password: Riftyxy

26ca8bfb8fa605a027fdf343592eca3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
SetFileAttributesA
CreateProcessA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetShortPathNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
GetDriveTypeA
LoadLibraryA
CopyFileA
FindFirstFileA
FindNextFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
FormatMessageA
GetVersionExW
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MoveFileA
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapCompact
HeapAlloc
HeapFree
DeleteFileA
CreateFileA
FormatMessageW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindNextFileW
FindFirstFileW
CopyFileW
LoadLibraryW
GetDriveTypeW
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetShortPathNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
CreateProcessW
SetFileAttributesW
GetFileAttributesW
MoveFileW
DeleteFileW
FlushFileBuffers
CreateFileW
GetVersion
GetVersionExA
GetCommandLineW
GetCurrentProcess
MoveFileExW
WideCharToMultiByte
GetUserDefaultLangID
SetFileTime
SetErrorMode
GetLocalTime
Sleep
GetExitCodeProcess
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
FindClose
GetProcAddress
FreeLibrary
GetDiskFreeSpaceW
GetDiskFreeSpaceA
IsBadCodePtr
GetLastError

user32

PostMessageA
SendDlgItemMessageA
PeekMessageA
GetMessageA
DispatchMessageA
CharToOemA
GetDlgItemTextA
SetDlgItemTextA
SetWindowTextA
DrawTextA
FindWindowA
CreateWindowExA
RegisterClassA
LoadCursorW
GetWindow
GetSysColor
ScreenToClient
GetWindowLongA
CharToOemW
DispatchMessageW
GetMessageW
PeekMessageW
SendDlgItemMessageW
PostMessageW
GetWindowLongW
SetWindowLongW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
SetWindowTextW
DrawTextW
IsDialogMessageW
DialogBoxParamW
CreateDialogParamW
CallWindowProcW
DefWindowProcW
SetWindowLongA
IsDialogMessageA
LoadIconA
DialogBoxParamA
CreateDialogParamA
CallWindowProcA
DefWindowProcA
LoadIconW
GetWindowRect
GetClassNameA
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
GetSystemMetrics
SetCursor
LoadCursorA
EnableWindow
TranslateMessage
SendMessageA
SendMessageW
FindWindowW
CreateWindowExW
GetClassNameW
RegisterClassW
GetLastActivePopup
BringWindowToTop
ExitWindowsEx
IsIconic
PostQuitMessage
AdjustWindowRectEx
EndDialog
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
RedrawWindow
SetWindowPos
ShowWindow
DestroyWindow
IsWindowEnabled
ValidateRect

gdi32

AddFontResourceW
RemoveFontResourceW
CreateFontIndirectA
GetObjectW
AddFontResourceA
RemoveFontResourceA
CreateFontIndirectW
GetStockObject
SetBkMode
SetTextColor
StretchDIBits
SetStretchBltMode
SetBrushOrgEx
CreateSolidBrush
CreateDIBPatternBrush
CreateHalftonePalette
SelectPalette
RealizePalette
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
ExtTextOutA
SetBkColor
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
GetObjectA
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA
GetOpenFileNameW

advapi32

RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileA

ole32

CoGetMalloc
OleInitialize
OleUninitialize
CoCreateInstance

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA
VerFindFileW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

ImageList_LoadImageW
ord17
ImageList_LoadImageA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Riftyxy

26ca8bfb8fa605a027fdf343592eca3b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 10KB