rottrv1010270+5tr-iNvIcTUs[.]oRCuS[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rottrv1010270+5tr-iNvIcTUs.oRCuS.rar
Size

3.0MB
MD5

d15dc69e50cd1d626539662877de861e
SHA1

b583bf96e501da4bb64fb9514fc960500351b32b
SHA256

a30bb5a058a01e0e48317c0c67cae55120481cc9f5626392406dcbdea757e9ab
SHA512

6ae9fe86fa56bbc6a7e291c2f6fda656c7d3b0774a425c61ca432e64489fce31ae8680b089734999d9900e7017bd89739a6c28268dd2fa4ab1ad95a2957c94fb
SSDEEP

49152:uvgX9KK2qa0vzqrSDU+40cxVh/Wz+WZGaximd5hSoOjaPkAYDg6:dXx2qTrASDiVzh/W7Xi0Cjac9c6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rottrv1010270+5tr.exe

Files

rottrv1010270+5tr-iNvIcTUs.oRCuS.rar
.rar
rottrv1010270+5tr.exe
.exe windows:6 windows x64 arch:x64

1734ea0a584c9857d44f3001af4838d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

PlaySoundW

winspool.drv

ClosePrinter

comdlg32

FindTextW

comctl32

ImageList_Add

shell32

ShellExecuteW

user32

GetDC

version

VerQueryValueW

oleaut32

VariantInit

advapi32

RegLoadKeyW

msvcrt

memcpy

ole32

IsEqualGUID

gdi32

Pie

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 2.7MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE