runningrat | 2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279

General

Target

2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279
Size

28KB
MD5

bff837eee834869987e424efd6749f6e
SHA1

cb8a803fb58c0b426524f6fc434d7e12531a0d14
SHA256

2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279
SHA512

c580bdc217a83dc9081ac0b49564f5ef722d99ef20c80f5333d3855c4d027e4b2ee29f079c1b8f5bda9ef07cb30c657b42b70d057e3ffe6f20c16718c5d197c4
SSDEEP

768:iGl6hvnAAUfGKKDI/rQNb6tvTrhXAKemaNJUZz54REmC4hfEAqcLi:LOAAkYDIswTNeDNJCziRHC4hgcLi

Score

10^/10

runningrat

RunningRat payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974	family_runningrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974

2e16a2bc7674b473da78276b7f7617aa77552d87880df0b5e4017efda60cd279
.zip

Password: infected
fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974
.exe windows:4 windows x86 arch:x86

1b365823829e2ac9bfb0aa5d328240a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler

kernel32

HeapAlloc
SetUnhandledExceptionFilter
CreateThread
WaitForSingleObject
ExitProcess
CloseHandle
GetProcessHeap
GetProcAddress
LoadLibraryA
HeapReAlloc
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr

Exports

Exports

dd373_dll

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ