RxvUgid[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

RxvUgid.exe
Size

165KB
MD5

5c4a0882e7c63fcd5b468de0ea4f26c9
SHA1

cf86bc53c1187c5a99fec6a8197a82b3b66d1a5e
SHA256

3617d444e42fa974e1d19b92734c61ee39cc4f9b87063c8a05285080675b0eb5
SHA512

290bef9454a66dd05826d695582b83fcc2ecb3dd2d631836082a09111d7a22ca7766b7332bdc03856aa8352dc3ab045fd5473252f3c1819b9970e08f6faca6f0
SSDEEP

3072:TM69jyljdHohqtw1TQisgado28E1IZ/OYZNpyd80uPsDfUTTag8AGvjVoe9ljzP:gZPHohqt5isgadE227M80ffYTBuowlPP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Users/cijythomas/AppData/Local/Temp/VGnVC/RxvUgid.exe

Files

RxvUgid.exe
.zip

Password: India@2023@@
Device/HarddiskVolume3/Users/cijythomas/AppData/Local/Temp/VGnVC/RxvUgid.exe
.exe windows:5 windows x86 arch:x86

Password: India@2023@@

1f6cdbebf6b8179d73543852b7f70d59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueA
RegCreateKeyA
GetUserNameA
RegDeleteKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey

dbghelp

FindExecutableImageEx
UnDecorateSymbolName
MapDebugInformation
SymFindFileInPath
EnumerateLoadedModules64
SymGetSymPrev
SymGetLineFromName

comctl32

ImageList_Create
ImageList_Destroy
CreateToolbarEx
InitCommonControlsEx
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor

kernel32

GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
CreateFileA
SetEnvironmentVariableA
WriteConsoleA
SetEvent
InitializeSListHead
SetProcessWorkingSetSize
DefineDosDeviceA
GetEnvironmentVariableA
FindNextVolumeA
GetSystemInfo
GetConsoleScreenBufferInfo
lstrcmpiW
GetSystemTimeAsFileTime
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize
GetProcAddress
GetModuleHandleW
GetModuleHandleA
WideCharToMultiByte
GetTimeZoneInformation
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
RaiseException
CloseHandle

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: India@2023@@

Password: India@2023@@

1f6cdbebf6b8179d73543852b7f70d59

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

advapi32

dbghelp

comctl32

kernel32

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 92KB - Virtual size: 91KB