rcon[.]exe | Triage

Sharing

General

Target

rcon.exe
Size

36KB
MD5

3f4821cda1de6d7d10654e5537b4df6e
SHA1

ac682119ac4dc51d8db82fd4a6a0e1f108b74a94
SHA256

19f0d6d844f6f14856e3ea88853202b6310edc4726eb0c803710b67f641e596f
SHA512

0f7f5da6d38a7ad920959363d6edcba3ec9b8645b7ccade0c4590817fbbd7a0415ba492a164c56845a57df643e4d58d83f6f537cc74d55161001704b017a9f7c
SSDEEP

384:ZYblkmoSCITDXSBkCmleSWLJETJBsE9yzd9LzSjvEgKEyokl7V:Obpo8DXv34JE9W0s9LejvRKRoe7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rcon.exe

Files

rcon.exe
.exe windows:4 windows x86 arch:x86

a33688df8c13c8e8dbfd5cbea749b165

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ReadConsoleA
GetStdHandle
CreateThread
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
ReadFile
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
GetLastError
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
CloseHandle

wsock32

WSAStartup
gethostbyname
inet_addr
ioctlsocket
htons
socket
bind
sendto
recvfrom

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE