rotatelogs[.]exe

General

Target

rotatelogs.exe
Size

44KB
MD5

91c8e34a16babb397a68dc409fee0100
SHA1

c5c09530916238e8ed82e69d34a0454e3fb31dd2
SHA256

e6ff047d0804c03efc47443726d315baca6e5c8f73470291b1bd6d650484acff
SHA512

fd503003f61cd7b0a8306d937c1b9db3c5e15ab42d3a65878422c3a37e084f8def3e85a3bf387a3e4a108211f94ff57e4c0091a5c314dacf393205a236dd98ef
SSDEEP

768:FhAmaxSfNEXn7TeMI4jI1ma1QFNR6MsvdaTNE8QsiUqGI9:vAQfOX7Ti4jI17QFf6ONE8QsNqGK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rotatelogs.exe

Files

rotatelogs.exe
.exe windows x86

e9742ccd5a94631faf43ba37a1802846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
_errno
realloc
__p__environ
__p__wenviron
wcsncmp
strftime
strerror
_ftol
modf
__mb_cur_max
_isctype
_pctype
strncmp
malloc
free
wcslen
wcscpy
strchr
atoi
_iob
fprintf
exit
sprintf

kernel32

GetExitCodeProcess
TerminateProcess
UnlockFileEx
UnlockFile
LockFileEx
LockFile
SetEvent
ReleaseMutex
DeleteCriticalSection
CreateMutexA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
GetVersionExA
TlsFree
CloseHandle
SetStdHandle
GetStdHandle
SetFilePointer
GetLastError
CreateFileA
CreateFileW
SetLastError
CreateEventA
GetOverlappedResult
WaitForSingleObject
ReadFile
PeekNamedPipe
WriteFile
SetEndOfFile
FormatMessageA
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
LocalFree
GetFileType
GetFileInformationByHandle
TlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW

advapi32

FreeSid
AllocateAndInitializeSid

wsock32

WSACleanup
ntohl
WSAStartup

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9742ccd5a94631faf43ba37a1802846

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

wsock32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB