rhp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rhp.exe
Size

1.9MB
MD5

62ea8ff193019a3f0f6df6052291ded8
SHA1

846f872f8dab1fe715bbb3a340d15f5c98edc8b7
SHA256

399d9e53960498a5d90beedc349681fb588557d98a0cefbe57ab980378429235
SHA512

09969fdf13130cba639cf970fc21d5c1d48af38fead557134c4d9f7f9c7e06f68244f384ab116d6932b38515972784bdad8c407fa0de84ad5609e924229af850
SSDEEP

24576:nxjQ4ebzGQ09bHIqhy8xrvEUpJlI0xhm3hd76u7K4fMXCaSmoeeRaJO6kGZc1Y4G:n9nebzi9cErtToeeRIO6kh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rhp.exe

Files

rhp.exe
.exe windows:6 windows x64 arch:x64

ce7f6c71867111c61ad758381a7362ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rhp.pdb

Imports

ntdll

NtClose
NtCreateFile
NtCreateSection
NtDeviceIoControlFile
NtFsControlFile
NtLockFile
NtMapViewOfSection
NtQueryInformationFile
NtQueryObject
NtQueryVolumeInformationFile
NtSetInformationFile
NtUnmapViewOfSection
RtlCaptureContext
RtlEqualUnicodeString
RtlExitUserProcess
RtlGetFullPathName_U
RtlLookupFunctionEntry
RtlUpcaseUnicodeChar
RtlVirtualUnwind
RtlWaitOnAddress

kernel32

AcquireSRWLockExclusive
CreateToolhelp32Snapshot
ExitProcess
GetConsoleMode
GetConsoleScreenBufferInfo
GetFileSizeEx
GetSystemTimeAsFileTime
K32GetModuleFileNameExW
Module32First
Module32Next
ReadFile
ReleaseSRWLockExclusive
SetConsoleMode
SetConsoleTextAttribute
SetFilePointerEx
Sleep
VirtualAlloc
VirtualFree
WriteFile

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW

ws2_32

WSAGetLastError
WSASocketW
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo

advapi32

SystemFunction036

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce7f6c71867111c61ad758381a7362ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

crypt32

ws2_32

advapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 636KB - Virtual size: 635KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 16B

.tls Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 728B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 636KB - Virtual size: 635KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 16B

.tls
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 728B