Rip9[.]0[.]3[.]rar

Resubmissions

02/10/2024, 08:07

241002-j1glqawann 7

Sharing

Copy URL

Twitter E-mail

General

Target

Rip9.0.3.rar
Size

31.8MB
MD5

bf1ab153fb04e6ca216ddf7acd11b7ac
SHA1

89ea1a4f428b9e988e774446f3edc2e384a620c2
SHA256

1d9b8caff06f4c036900a51023774cb0f5a22fce3700fe25ba7750cab70ba568
SHA512

36dfd3b3d0eddec57dfff72494877b9c211fc21b36caac9b53dec37985f4559c7d685106a3a0a576fbc96e341c35e483a24688802d1fe1097bb4538a8a890453
SSDEEP

786432:zN8rPBDrW4r8cc58raEqHXT+ZfJVbAFaTMU:B8rBPW4rRiEq2AgTMU

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Rip9.0.3/hid.dll	vmprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rip9.0.3/AcroRip9.03.EXE
unpack001/Rip9.0.3/LangKor.dll
unpack001/Rip9.0.3/LangWKor.dll
unpack001/Rip9.0.3/hid.dll

Files

Rip9.0.3.rar
.rar

Password: 903
Rip9.0.3/AcroRip9.03.EXE
.exe windows:4 windows x86 arch:x86

Password: 903

e41c25ab7824b3df73334188c40518ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

lstrcpyA
GetCommandLineA
SetErrorMode
lstrlenA
MulDiv
GetTempFileNameA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
lstrcatA
GetLastError
_lwrite
_llseek
GlobalUnlock
_lopen
GlobalAlloc
GlobalFree
_lclose
_lcreat
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFile
GetVersionExA
GetCurrentProcess
WinExec
ExitProcess
_lread
LocalFree
GetTempPathA
GlobalLock

user32

GetDC
BeginPaint
EndPaint
InvalidateRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetClientRect
CreateWindowExA
DrawTextA
ReleaseDC
ShowWindow
SetWindowPos
UpdateWindow
SetTimer
LoadIconA
wsprintfA
MessageBoxA
ExitWindowsEx
RegisterClassA
LoadCursorA

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
PatBlt
CreateSolidBrush
TextOutA
SetTextColor
SetBkMode
SelectObject
StretchDIBits
CreateFontA
RealizePalette
SelectPalette
CreatePalette

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rip9.0.3/LangKor.dll
.dll windows:4 windows x86 arch:x86

Password: 903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rip9.0.3/LangWKor.dll
.dll windows:4 windows x86 arch:x86

Password: 903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rip9.0.3/hid.dll
.dll windows:4 windows x86 arch:x86

Password: 903

eec2f1b2dcff60ac430528afed81c8fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualProtectEx
GetModuleHandleA
LoadLibraryA
ReadProcessMemory
FreeLibrary
lstrcatA
GetSystemDirectoryA
DisableThreadLibraryCalls
GetProcAddress
GetCurrentProcess
CloseHandle
GetLastError
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
ExitProcess

user32

MessageBoxA
wsprintfA

Exports

Exports

HidD_FlushQueue
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetConfiguration
HidD_GetFeature
HidD_GetHidGuid
HidD_GetIndexedString
HidD_GetInputReport
HidD_GetManufacturerString
HidD_GetMsGenreDescriptor
HidD_GetNumInputBuffers
HidD_GetPhysicalDescriptor
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_Hello
HidD_SetConfiguration
HidD_SetFeature
HidD_SetNumInputBuffers
HidD_SetOutputReport
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetData
HidP_GetExtendedAttributes
HidP_GetLinkCollectionNodes
HidP_GetScaledUsageValue
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidP_GetUsageValueArray
HidP_GetUsages
HidP_GetUsagesEx
HidP_GetValueCaps
HidP_InitializeReportForID
HidP_MaxDataListLength
HidP_MaxUsageListLength
HidP_SetData
HidP_SetScaledUsageValue
HidP_SetUsageValue
HidP_SetUsageValueArray
HidP_SetUsages
HidP_TranslateUsagesToI8042ScanCodes
HidP_UnsetUsages
HidP_UsageListDifference
HidservInstaller
checkdog
checkdog2
checkdog3

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 903

Password: 903

e41c25ab7824b3df73334188c40518ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

Password: 903

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 72KB - Virtual size: 68KB

.reloc Size: 4KB - Virtual size: 8B

Password: 903

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 4KB - Virtual size: 8B

Password: 903

eec2f1b2dcff60ac430528afed81c8fe

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.vmp0 Size: 8KB - Virtual size: 4KB

.vmp1 Size: 16KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 72KB - Virtual size: 68KB

.reloc
Size: 4KB - Virtual size: 8B

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB

.vmp0
Size: 8KB - Virtual size: 4KB

.vmp1
Size: 16KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 1KB