rhadamanthys | Rhadamanthys[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

Rhadamanthys.bin
Size

185KB
MD5

89ec4405e9b2cab987f2e4f7e4b1666e
SHA1

ec48082347136444540c9b8ba4eabcfdc526868c
SHA256

af04ee03d69a7962fa5350d0df00fafc4ae85a07dff32f99f0d8d63900a47466
SHA512

6f95787d6eee37207a97dd5d0ed09d6d09409d7861630da9e932cee7bef31ae51c805d1b0a1d20e13293967a007bba4554def4e34fe4ac55d57b3d9e574f3cac
SSDEEP

3072:6rtHTIN7WXsrbiUSAY4pf7JCIaxIJlShDGbm/5uDGWqB2l7:6ZzXcrjztp7JliNum/5

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

http://185.209.160.99/blob/top.mp4

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rhadamanthys.bin

Files

Rhadamanthys.bin
.exe windows:4 windows x86 arch:x86

Password: infected

5231d45d27faab064697cd89d612e981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aRqeNtlE.pdb

Imports

kernel32

GetCommandLineA
InterlockedDecrement
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetEnvironmentVariableA
GetOEMCP
GetVersionExA
LeaveCriticalSection
FlushFileBuffers
LCMapStringA
GetLastError
GetQueuedCompletionStatus
GetVersion
GetEnvironmentStringsW
MultiByteToWideChar
HeapFree
SetHandleCount
GetStringTypeW
LoadLibraryA
SetUnhandledExceptionFilter
SetFilePointer
VirtualQuery
DeleteCriticalSection
VirtualFree
GetSystemInfo
LCMapStringW
SetLastError
GetStringTypeA
GetCurrentProcess
SetStdHandle
UnhandledExceptionFilter
HeapCreate
WriteFile
HeapDestroy
IsBadStringPtrA
GetEnvironmentStrings
TlsSetValue
GetCurrentThreadId
InitializeCriticalSection
WideCharToMultiByte
VirtualAlloc
GetACP
FreeEnvironmentStringsA
GetProcAddress
GetModuleHandleA
TlsGetValue
RtlUnwind
ExitProcess
GetStdHandle
lstrlenA
InterlockedIncrement
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
EnterCriticalSection
TerminateProcess
GetTickCount
CreateIoCompletionPort
IsBadCodePtr
TlsAlloc
GetCPInfo
CloseHandle
IsBadReadPtr

user32

TranslateMessage
DispatchMessageW
ShowWindow
CreateDialogParamW
PeekMessageW
IsDialogMessageW

imm32

ImmEnumInputContext
ImmReleaseContext
ImmGetContext

msimg32

AlphaBlend
GradientFill

ole32

CoInitialize
DoDragDrop
CoUninitialize

shell32

DragAcceptFiles
DragQueryFileW
DragFinish

winmm

PlaySoundW
timeGetTime

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

5231d45d27faab064697cd89d612e981

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

imm32

msimg32

ole32

shell32

winmm

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 11KB - Virtual size: 15KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 11KB - Virtual size: 15KB