rokrat[.]bin[.]exe

Resubmissions

20/05/2023, 19:58

230520-ypys7aed89 7

12/05/2023, 08:15

230512-j5jxmsee8s 7

Sharing

Copy URL Twitter E-mail

General

Target

rokrat.bin.exe
Size

877KB
MD5

278184b974d5232934ebf3f9ca9be5c8
SHA1

1430981f7ff93304e9e6df85ebc34effa7bf2cf2
SHA256

aa76b4db29cf929b4b22457ccb8cd77308191f091cde2f69e578ade9708d7949
SHA512

aa1dbeb0b1f7b1569acc5e28705080cc3f20324d0fce943d218d1c6b5db0dce1aaeddfcc1a54b9f96f7337907f022a371bab41b51fd7267418e993e7ffd065e0
SSDEEP

24576:UzSOG3EfWcu4SpyCGNMO7+VQOX6pZ0lH/WW+ziTdURduw0htO:kq3Ef64zv0giTCRduw0htO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rokrat.bin.exe

Files

rokrat.bin.exe
.exe windows x86

4c8c37cac5c358c1fd9d3026baf68d14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
FindClose
WaitForSingleObject
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
GetTempPathA
GetLastError
Process32NextW
FileTimeToSystemTime
DeleteFileW
CloseHandle
RaiseException
CreateThread
DecodePointer
GetWindowsDirectoryW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
GetTickCount
HeapFree
VirtualAlloc
GetDriveTypeA
GetModuleFileNameW
GetEnvironmentVariableW
GetModuleHandleA
HeapAlloc
GetLogicalDriveStringsA
ExitProcess
GetComputerNameW
GetProcessHeap
lstrcmpiA
IsDebuggerPresent
ResetEvent
SetEvent
WriteFile
GetCurrentProcess
QueryPerformanceFrequency
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
InitializeCriticalSectionAndSpinCount
TerminateProcess
FindNextFileW
SetLastError
FindFirstFileW
ReadFile
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetACP
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
InterlockedPushEntrySList
RtlUnwind
HeapReAlloc
GlobalFree
HeapSize
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
OutputDebugStringW
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
EncodePointer
LeaveCriticalSection
EnterCriticalSection

user32

GetDC
wsprintfA
wsprintfW
SetProcessDPIAware
GetSystemMetrics

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExA
ShellExecuteA

oleaut32

VariantClear

psapi

EnumProcessModules
GetModuleFileNameExW

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

gdiplus

GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipGetImageEncoders

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winhttp

WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4c8c37cac5c358c1fd9d3026baf68d14

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

psapi

wininet

gdiplus

version

winhttp

Sections

.text Size: 652KB - Virtual size: 651KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 18KB - Virtual size: 43KB

.gfids Size: 1024B - Virtual size: 672B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 652KB - Virtual size: 651KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 18KB - Virtual size: 43KB

.gfids
Size: 1024B - Virtual size: 672B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 49KB - Virtual size: 48KB