rookie_2[.]21_portable[.]zip | Triage

Resubmissions

20/07/2023, 19:57

230720-ypdg9aad64 8

20/07/2023, 19:53

230720-yl1tdaad39 8

Sharing

Copy URL Twitter E-mail

General

Target

rookie_2.21_portable.zip
Size

1.0MB
MD5

d042ec75124f845f2bfa660273c5bd26
SHA1

884789a1a87527d2d9abc4e2295be3ff4a8e17b1
SHA256

a77d8145fba17d62a30541ee4adb2a210bd2b8450d9f93eb93648d160224195f
SHA512

de3403cf2f559a95c9646ad132f286e17f5e9455317147b5bd7576fbd939a3d55f0abd16f957ee5a1585022396db257f11b78ec1bf86caebe81567e426049d6d
SSDEEP

24576:LUvBXWyM5ySLIM7SNZI3OtLEETr9rXu7oQvpRnbZ:aWyM8YCZIqLdTrpX1ULV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AndroidSideloader v2.21.exe

Files

rookie_2.21_portable.zip
.zip
AndroidSideloader v2.21.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rookie Offline.cmd
vrp-public.json