Spooky_Rootkit[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Spooky_Rootkit.exe
Size

122KB
MD5

b88a1f01e8f7e81860522e862420098a
SHA1

2cf742ca2a9fecc02c3bbf064ca54a272ddd9a52
SHA256

cfa91c00e0d1aed576f9a7d5b341a0b3d6d166320bb65446c608d652935c2ce2
SHA512

9db109eaeba2b9a9162043bd1f7faf04673aabc920f3ba5a30cd980e48d1575114e9c66025d48eef3868582768bb48e21b2bdae84b528af2fa02778db0484be8
SSDEEP

3072:Jhrrt8JDJLC/YMjDdsM/vKDXda+ETzuHeWmk0kXbtjD0j:N8JDJUsEyxaVTzuHeWmk0kXbtjw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Spooky_Rootkit.exe

Files

Spooky_Rootkit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

?Qm'
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ