rmiregistry[.]exe | Triage

Sharing

General

Target

rmiregistry.exe
Size

6KB
MD5

168ec43dac6604b92e67be99b9ac2540
SHA1

bfbff5d5f8499ef5d236b3aa84e1636cefd7a9d0
SHA256

785da35fe5ad3792d3cf285585b71db3a24485ef4ccfd1dfcac4f25f657965f5
SHA512

c7e5bf3d28b991e893087728ac3951129f4ee9bdc7d9bbd942d2e65069a3ffe52fdfb5ed3c96e2eeb8572dca427c9b1856d24c6c7bf7876b524f7f4568b416f3
SSDEEP

48:6a0lUZcVbdpvhzogLaZh/ebCHsEKEj2s8VuEwqELsEwqERWlWKVRl0036j4KSufk:YAcVpsX4s2Bto9oyRS036Cufl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rmiregistry.exe

Files

rmiregistry.exe
.exe windows:4 windows x86

9ed78190f4568f4c8a54048c5a232065

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

javai

java_main

msvcrt

malloc
__p__iob
exit
fprintf
getenv
strncmp
_exit
_XcptFilter
sprintf
strrchr
__getmainargs
__p___initenv
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
_initterm
__setusermatherr
_putenv
_stat

kernel32

Sleep
GetVersion
GetModuleFileNameA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ