rokrat[.]bin[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rokrat.bin.exe
Size

536KB
MD5

02b64d97e3dc4f33b55b05b004bf981f
SHA1

b9fcba3d98b66f46dd0fcc93f44d5b368bf5f8fa
SHA256

3be58a7a7a25dbceee9e7ef06ef20aa86aef083be19db9e5ffb181d3f9f6615a
SHA512

c154c3cac558b81a90cd16bce8479c9acf11a31597d95b6faa5ff1516aaaad3e86e11b5e71a9d3c3f5927d2fcb6d5eb59bcc1605a9b9ef08a1857e4a325e9cfc
SSDEEP

12288:wcAS8+mDhrxVp7ql5TgfnUVKE1fSIq4k4o3ElsUDvTdxbZsTPyV3:tKrxVZquNIqyoUFTdlZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rokrat.bin.exe

Files

rokrat.bin.exe
.exe windows x86

45c03366cf266cc6e84a530102a59024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateThread
HeapAlloc
GetLogicalDriveStringsA
GetWindowsDirectoryW
GetProcAddress
ExitProcess
GetComputerNameW
GetProcessHeap
GetModuleHandleW
lstrcmpiA
K32EnumProcessModules
GetSystemTime
GetTickCount
IsDebuggerPresent
CreateEventW
ResetEvent
SetEvent
TerminateThread
CreateFileA
Process32NextW
GetTempPathA
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
WaitForSingleObject
FindClose
GetEnvironmentVariableW
K32GetModuleFileNameExW
GetModuleFileNameW
GetDriveTypeA
TerminateProcess
VirtualAlloc
WriteFile
GetCurrentProcess
FindNextFileW
SetLastError
HeapFree
FindFirstFileW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
Sleep
GetTempPathW
WideCharToMultiByte
DeleteFileW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetACP
GetStdHandle
GetModuleHandleExW
ReadFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateDirectoryW
CreateFileW
GetLastError
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
HeapSize
GlobalFree
HeapReAlloc
RaiseException
DecodePointer
DeleteCriticalSection
EncodePointer
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
TlsAlloc

user32

wsprintfA
wsprintfW
GetDC
GetSystemMetrics
SetProcessDPIAware

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
BitBlt

advapi32

RegQueryValueExA
CryptEncrypt
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
RegCloseKey
CryptDestroyKey
RegOpenKeyExA

shell32

ShellExecuteExA
ShellExecuteA
ShellExecuteW

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA

gdiplus

GdipSaveImageToFile
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipGetImageEncodersSize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

crypt32

CryptBinaryToStringA

winhttp

WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpOpen
WinHttpReceiveResponse

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c03366cf266cc6e84a530102a59024

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

gdiplus

version

crypt32

winhttp

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 7KB - Virtual size: 28KB

.gfids Size: 1024B - Virtual size: 560B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 7KB - Virtual size: 28KB

.gfids
Size: 1024B - Virtual size: 560B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 33KB - Virtual size: 33KB