rlmtests[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rlmtests.exe
Size

1.2MB
MD5

9d40525d3da8263e12f679a7e9191834
SHA1

f729d9cc3cb9960b6035f76220747de7136ccb23
SHA256

1098a7e79608ec8993462e05dd921e396f398597c1707f0f79184529e3bfbbc3
SHA512

c72a5b3dfc9565b27dbd8529c428871e34b79bd07d201c86a6af8bef4cdab5c651d8a04a46baaa9fff33595e1f2ab1849b0d2b020a8fb8c044654389df2d2be2
SSDEEP

24576:vjvQYFsktkAW1u4ENIiDFyfTA5QbvLXHdQ4MXnq/ZYqy8Z31ppUP06eUpAvIFG:vFkAW1u4EN1yfT7bzdm3r07V0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rlmtests.exe

Files

rlmtests.exe
.exe windows:6 windows x64 arch:x64

Password: 123

1b468dac14b5612da460bd3811e35226

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

ws2_32

gethostname
WSAGetLastError
WSAStartup
WSACleanup
ntohl
gethostbyname
WSAStringToAddressA
socket
shutdown
setsockopt
sendto
send
select
recvfrom
listen
htons
getsockopt
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
freeaddrinfo
getaddrinfo

advapi32

GetUserNameW
CreateWellKnownSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
AddAccessAllowedAceEx

user32

GetDesktopWindow
GetSystemMetrics
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

kernel32

GetFileAttributesExW
GetFileSizeEx
GetExitCodeProcess
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
CreateDirectoryW
DeleteFileW
SetFileAttributesW
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
HeapFree
HeapReAlloc
HeapQueryInformation
ReadConsoleW
CreateProcessW
FlushFileBuffers
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
OpenEventA
Sleep
WaitForMultipleObjects
CreateProcessA
GetVersionExA
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
GetVolumeInformationA
DeviceIoControl
GetFileAttributesA
GetFileInformationByHandle
FindClose
FindFirstFileA
FindNextFileA
CreateDirectoryA
CreateThread
ExitThread
GlobalFree
GetStdHandle
GetFileType
GetCurrentThreadId
GetVersion
GetModuleFileNameA
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetVersionExW
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetSystemInfo
HeapValidate
HeapSize
WriteConsoleW
HeapAlloc
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
WriteFile
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
ReadFile
SetEndOfFile
LocalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetTimeZoneInformation
LockFileEx
UnlockFileEx

shell32

SHGetSpecialFolderPathA

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpOpen

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 914KB - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

1b468dac14b5612da460bd3811e35226

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

advapi32

user32

kernel32

shell32

winhttp

ole32

oleaut32

Sections

.text Size: 914KB - Virtual size: 913KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 116KB - Virtual size: 136KB

.pdata Size: 34KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 914KB - Virtual size: 913KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 116KB - Virtual size: 136KB

.pdata
Size: 34KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 12KB - Virtual size: 12KB