RootGenius[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

RootGenius.zip
Size

3.1MB
MD5

e33dee2127f916266a941defd541de42
SHA1

bc539f6fc20d482ada6066e7ab1a108452109212
SHA256

46fc560b6d070337fadc86e2f1b29777f68b359ff85790da92aca908aff6be8d
SHA512

3ec8a3a28e585298557cd9f1d667c70f6700533608f35ee31bee2b0cc889b3214000bda204b5732baad2e04794e4bc219c71cb4314772afab323faba377df374
SSDEEP

98304:O4QoXG4dSFFBu7hBFuqiZOd7/aAORGgZpl9C6VoPM:XQoXl8bBqh/NOPLFoE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Root.exe

Files

RootGenius.zip
.zip
Root.exe
.exe windows:5 windows x86 arch:x86

0debe7c8a0a104ae3149120926f861bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetCurrentThreadId
Sleep
DeleteFileW
GetThreadLocale
TerminateThread
lstrlenW
GetLocalTime
SetEndOfFile
WriteFile
SetFilePointer
WaitForMultipleObjects
OutputDebugStringW
FlushInstructionCache
GetCurrentProcess
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
GetDiskFreeSpaceExW
GetSystemDefaultLangID
MapViewOfFileEx
CreateFileMappingW
CreateDirectoryW
GetTempPathW
LocalAlloc
SetHandleInformation
PeekNamedPipe
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
GetExitCodeProcess
Process32NextW
SetFileAttributesW
FindNextFileW
CreatePipe
GetSystemInfo
RemoveDirectoryW
FindClose
GetVersionExW
CreateProcessW
FindFirstFileW
ReleaseMutex
CreateMutexW
DeleteCriticalSection
CreateWaitableTimerW
MoveFileExW
GetPrivateProfileIntW
GetPrivateProfileStringW
CompareStringW
CompareStringA
CreateFileA
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
ExitProcess
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStartupInfoW
CreateThread
CreateFileW
GetFileSize
ReadFile
FreeResource
GetModuleHandleW
GetProcAddress
lstrlenA
MultiByteToWideChar
GetLastError
GetVersion
EnterCriticalSection
SetWaitableTimer
LeaveCriticalSection
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
CreateEventW
WaitForSingleObject
ResetEvent
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetEvent
GetTickCount

user32

InvalidateRect
InflateRect
GetDlgItem
ShowWindow
PtInRect
SetRect
SetCursor
LoadCursorW
ReleaseDC
GetDC
GetDesktopWindow
CopyRect
SetRectEmpty
UnionRect
DestroyIcon
DrawFrameControl
LoadImageW
LoadIconW
SendMessageW
GetParent
GetDlgCtrlID
OffsetRect
EqualRect
ScreenToClient
GetCursorPos
SetCapture
ReleaseCapture
IsWindowVisible
SetWindowPos
PostThreadMessageW
PostMessageW
SetWindowTextW
MoveWindow
GetWindowRect
GetClientRect
SetTimer
KillTimer
IsWindowEnabled
IsDialogMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CallWindowProcW
UpdateLayeredWindow
BeginPaint
EndPaint
CreatePopupMenu
DestroyMenu
AppendMenuW
MonitorFromPoint
ClientToScreen
TrackPopupMenu
wsprintfW
CreateWindowExW
MapWindowPoints
GetWindow
GetClassInfoExW
DestroyWindow
CharNextW
RegisterClassExW
LoadBitmapW
MessageBoxW
SetActiveWindow
EnableWindow
GetActiveWindow
SetFocus
SetForegroundWindow
IsIconic
IsRectEmpty
UnregisterClassA
GetSystemMetrics
IsWindow

gdi32

CreateDIBSection
SelectObject
GetRgnBox
GetStockObject
GetObjectW
CreateFontIndirectW
RectInRegion
CombineRgn
DeleteObject
CreateRectRgnIndirect
CreateCompatibleDC

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

StrToIntW
PathGetDriveNumberW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCloneBrush
GdipCreateRegion
GdipGetClip
GdipSetClipRectI
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipSetTextRenderingHint
GdipSetClipRegion
GdipDrawImageI
GdipCreateSolidFill
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCloneImage
GdipDeleteBrush
GdipDeleteRegion
GdipCloneStringFormat
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdiplusShutdown
GdipDrawImagePointRectI
GdipCreateBitmapFromHBITMAP
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipReleaseDC
GdipGetDC
GdipDrawLineI
GdipSetPenDashStyle
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipSetClipHrgn
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipCreateFromHDC
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat

wininet

InternetQueryOptionW
InternetSetOptionW
InternetCrackUrlW
InternetSetStatusCallbackW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoW
InternetReadFileExA
InternetOpenW
InternetConnectW

ws2_32

gethostbyname
closesocket
__WSAFDIsSet
socket
recv
WSACleanup
htons
select
inet_addr
WSAStartup
connect
send

netapi32

Netbios

setupapi

SetupDiGetClassDevsA
CM_Get_Parent
CM_Get_Device_IDW
SetupDiGetDeviceInstanceIdW
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode
CM_Get_DevNode_Status
CM_Locate_DevNodeW

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0debe7c8a0a104ae3149120926f861bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

ws2_32

netapi32

setupapi

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 17KB - Virtual size: 28KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 17KB - Virtual size: 28KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB