Roshade[.]Setup[.]3[.]3[.]1[.]exe[.]zip

Resubmissions

25-08-2023 13:21

230825-ql5hkaca48 10

25-08-2023 13:18

230825-qj2znadg5w 10

Sharing

Copy URL

Twitter E-mail

General

Target

Roshade.Setup.3.3.1.exe.zip
Size

10.2MB
MD5

d63cbed68cb5e63ebc02297d7e71354c
SHA1

a10e38025b75f5e00c06683f3771fb6f587e303c
SHA256

648be5b6927f631ab9c87bb2fb04893dc259c1f7f727c3e8ca0576995635ac71
SHA512

650270237c74f55509725e46d872c7cc4a1da24faf732f7dc630ddda8607795e456831e068e91ab152869823e1bbe17418c7abe44cf277c59378ba587e38f761
SSDEEP

196608:za+pujlzUPaaq7v1ruroaZ0I+IMp4vT+EgwM9rew3VG8hEE6N/qDwf3S4HUS:zaMmlGaaKYZrbMGr+nw6e65hEE6N/nfD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Roshade.Setup.3.3.1.exe - Archive.exe

Files

Roshade.Setup.3.3.1.exe.zip
.zip

Password: possiblyinfected
Roshade.Setup.3.3.1.exe - Archive.exe
.exe windows x64

Password: possiblyinfected

2c703405fb0537fcd8815cd35526211e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcmpW
lstrcmpiW
lstrlenW

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_atoi64
_cexit
_errno
_exit
_findfirst64
_fmode
_fstat64
_ftime64
_hypot
_i64toa
_i64tow
_initterm
_localtime64
_mkdir
_onexit
_stat64
_strdup
_stricmp
_strnicmp
_ui64toa
_ui64tow
_vsnprintf
_wasctime
_wcsicmp
_wctime64
_wtoi64
abort
atoi
calloc
cosh
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
ftell
fwrite
getenv
isalnum
isprint
isspace
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putchar
realloc
signal
sinh
sscanf
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tanh
tolower
vfprintf
wcschr
wcscpy
wcslen
wcsrchr
_findnext64
_getcwd

user32

CharUpperW
MessageBoxA

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changelog/img/wEeX0rJ2d4BmbnsGFriBreEzhkMLsTj8.png
.png

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: possiblyinfected

Password: possiblyinfected

2c703405fb0537fcd8815cd35526211e

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 194KB - Virtual size: 193KB

.data Size: 1024B - Virtual size: 560B

.rdata Size: 13KB - Virtual size: 12KB

.pdata Size: 6KB - Virtual size: 5KB

.xdata Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 5KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 912B

/4 Size: 2KB - Virtual size: 2KB

/19 Size: 327KB - Virtual size: 326KB

/31 Size: 20KB - Virtual size: 19KB

/45 Size: 36KB - Virtual size: 35KB

/57 Size: 6KB - Virtual size: 6KB

/70 Size: 3KB - Virtual size: 2KB

/81 Size: 78KB - Virtual size: 78KB

/92 Size: 3KB - Virtual size: 3KB

.text
Size: 194KB - Virtual size: 193KB

.data
Size: 1024B - Virtual size: 560B

.rdata
Size: 13KB - Virtual size: 12KB

.pdata
Size: 6KB - Virtual size: 5KB

.xdata
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 912B

/4
Size: 2KB - Virtual size: 2KB

/19
Size: 327KB - Virtual size: 326KB

/31
Size: 20KB - Virtual size: 19KB

/45
Size: 36KB - Virtual size: 35KB

/57
Size: 6KB - Virtual size: 6KB

/70
Size: 3KB - Virtual size: 2KB

/81
Size: 78KB - Virtual size: 78KB

/92
Size: 3KB - Virtual size: 3KB