ritobin[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ritobin.zip
Size

8.9MB
MD5

3b6e129108db72bdb724fb2611861777
SHA1

631485829a01feab80c65ce9d304cf6f94e03645
SHA256

6c240ef54f4ca8ac038ca9d2bc3a86dc0ab39037c7c62adb8e7512ea9ea03af6
SHA512

9385cda02d265f21a8e931155ef24b9a1492b8a463303d87a0a67e81760020ded85552a831b9eedb77b335a4400aafd07287313292c3fdecac3dcea9a1b33e6c
SSDEEP

196608:Ur5YRa2xOEB6OU6IgYuleRhYDoRCgr+tUAIdqdNjN23W:E5WAEHShLkOAId023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ritobin/ritobin_cli.exe
unpack001/ritobin/ritobin_gui.exe

Files

ritobin.zip
.zip
ritobin/LICENSE
ritobin/hashes/hashes.binentries.txt
ritobin/hashes/hashes.binfields.txt
ritobin/hashes/hashes.binhashes.txt
ritobin/hashes/hashes.bintypes.txt
ritobin/hashes/hashes.game.txt
ritobin/hashes/hashes.lcu.txt
ritobin/ritobin_cli.exe
.exe windows:6 windows x64 arch:x64

2c2cb603914c707c0f0a7a1b7c9a4b23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
RtlUnwind

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ritobin/ritobin_gui.exe
.exe windows:6 windows x64 arch:x64

ae28321370b2756dea12d5de1ae0f512

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VerSetConditionMask
GetFileAttributesW
GetCurrentThreadId
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
CreateActCtxA
ActivateActCtx
DeactivateActCtx
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
QueryPerformanceCounter
QueryPerformanceFrequency
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetLastError
QueueUserWorkItem
GetModuleHandleExW
IsProcessorFeaturePresent
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CloseHandle
WaitForSingleObjectEx
Sleep
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx
ReadFile
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
HeapReAlloc
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
FindClose
FindFirstFileExW
FindNextFileW
RtlUnwind

user32

GetWindowThreadProcessId
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
GetActiveWindow
EnumWindows

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

Sections

.text
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c2cb603914c707c0f0a7a1b7c9a4b23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 472KB - Virtual size: 472KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

ae28321370b2756dea12d5de1ae0f512

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 606KB - Virtual size: 605KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 19KB - Virtual size: 26KB

.pdata Size: 30KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 472KB - Virtual size: 472KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 606KB - Virtual size: 605KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 19KB - Virtual size: 26KB

.pdata
Size: 30KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 5KB