rhadamanthys | 9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa

Sharing

Copy URL

Twitter E-mail

General

Target

9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
Size

185KB
MD5

3ceadae46152fa702b5e58f76ac5fd8a
SHA1

0f47e011ba3cea3e6c11d3460124f3d607d4252d
SHA256

9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
SHA512

1caabcee2b2c882b74b28f2b6faa3733fd603e67859463f5f67f46a228a8681efdb5fa76a38cd725b9e758c0a410428def7f43590304fb52dbaabad40123f582
SSDEEP

3072:6rtHTIN7WXsrbiUSAY4pf7JCIaxIJlShDGbm/5uDGWqB2l7:6ZzXcrjztp7JliNum/5

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

http://127.0.0.1/blob/blob.mp4

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa

Files

9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
.exe windows:4 windows x86 arch:x86

5231d45d27faab064697cd89d612e981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aRqeNtlE.pdb

Imports

kernel32

GetCommandLineA
InterlockedDecrement
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetEnvironmentVariableA
GetOEMCP
GetVersionExA
LeaveCriticalSection
FlushFileBuffers
LCMapStringA
GetLastError
GetQueuedCompletionStatus
GetVersion
GetEnvironmentStringsW
MultiByteToWideChar
HeapFree
SetHandleCount
GetStringTypeW
LoadLibraryA
SetUnhandledExceptionFilter
SetFilePointer
VirtualQuery
DeleteCriticalSection
VirtualFree
GetSystemInfo
LCMapStringW
SetLastError
GetStringTypeA
GetCurrentProcess
SetStdHandle
UnhandledExceptionFilter
HeapCreate
WriteFile
HeapDestroy
IsBadStringPtrA
GetEnvironmentStrings
TlsSetValue
GetCurrentThreadId
InitializeCriticalSection
WideCharToMultiByte
VirtualAlloc
GetACP
FreeEnvironmentStringsA
GetProcAddress
GetModuleHandleA
TlsGetValue
RtlUnwind
ExitProcess
GetStdHandle
lstrlenA
InterlockedIncrement
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
EnterCriticalSection
TerminateProcess
GetTickCount
CreateIoCompletionPort
IsBadCodePtr
TlsAlloc
GetCPInfo
CloseHandle
IsBadReadPtr

user32

TranslateMessage
DispatchMessageW
ShowWindow
CreateDialogParamW
PeekMessageW
IsDialogMessageW

imm32

ImmEnumInputContext
ImmReleaseContext
ImmGetContext

msimg32

AlphaBlend
GradientFill

ole32

CoInitialize
DoDragDrop
CoUninitialize

shell32

DragAcceptFiles
DragQueryFileW
DragFinish

winmm

PlaySoundW
timeGetTime

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

5231d45d27faab064697cd89d612e981

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

imm32

msimg32

ole32

shell32

winmm

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 11KB - Virtual size: 15KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 11KB - Virtual size: 15KB