WebRCS_2[.]dll

Resubmissions

29/08/2024, 09:52

240829-lwkhxsvfma 8

29/08/2024, 09:18

240829-k93e8atfjh 3

Sharing

Copy URL Twitter E-mail

General

Target

WebRCS_2.dll
Size

895KB
MD5

67f5b1094c3e38c0d27965bbc5f32d52
SHA1

7cb443c0848d48f80403a3bce5e6fd6380ee4b29
SHA256

14143e8d8b9e2537db4ee57d86dfd9150641f3c470c66f6d9811743ca0a50441
SHA512

fec50a41b5bc0fb4d7af260daa9812d9aad1b6f37a710f4f686cbbb9938882363d4d1370ad3cc40e9bfe33ba9a9902c79aa1a4ba16a2a47242ef1569574d0169
SSDEEP

24576:rnRc2aLkpEp+A479PKdmi0pkO4tMFMFhYxCG:DRXAIK4pstKuhYxCG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WebRCS_2.dll

Files

WebRCS_2.dll
.dll windows:6 windows x86 arch:x86

c05a22c68bac144d3281df52a944b7c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\boringssl_x86\build\Release\WebRCS.pdb

Imports

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
GetProcAddress
LoadLibraryW
InitOnceExecuteOnce
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
SetLastError
GetModuleHandleA
GetModuleFileNameA
VirtualProtect
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateThread
CloseHandle
GetFileSize
CreateFileA
GetCommandLineA
WideCharToMultiByte
CreateProcessW
MultiByteToWideChar
GetSystemDirectoryW
PeekNamedPipe
DecodePointer
SetEndOfFile
HeapSize
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCPInfo
GetOEMCP
GetACP
CreatePipe
WriteFile
ReadFile
GetStartupInfoW
GetTickCount
OutputDebugStringW
GetLastError
Sleep
CreateEventW
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameW
ExpandEnvironmentStringsW
GetStdHandle
CreateFileW
GetCurrentProcess
GetTimeZoneInformation
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDriveTypeW
GetFileInformationByHandle
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage

user32

GetMessageA

shlwapi

StrStrW

iphlpapi

GetAdaptersInfo

ws2_32

setsockopt
WSAGetLastError
send
recv
WSACleanup
WSAStartup
closesocket
WSAConnectByNameW
socket

crypt32

CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA

Exports

Exports

_rloader@4
rloader
start

Sections

.text
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c05a22c68bac144d3281df52a944b7c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

iphlpapi

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 686KB - Virtual size: 686KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 686KB - Virtual size: 686KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 24KB - Virtual size: 24KB