rmrp[.]exe | Triage

Sharing

General

Target

rmrp.exe
Size

538KB
MD5

43cc1e506fcc9b31500c2548993d9ec1
SHA1

aaab70060eae13d5946de7861b7181f1ca481a50
SHA256

84385ba3214aa9f73418781ae24d06404371288fe26b7fbb11ddbc0cd4369b9e
SHA512

a3713e86b571f0b158bc0aa81636ef315bdbf887d8a2121cabe96025357adee738e77e749f9dc24f97da28d041c7a7e0c93c1e82630db61360473ad99a396653
SSDEEP

6144:AYqdc0NkzDVJnLiTIlA41jNcN3p0NIb88WsNMPaKFP3b2V122J0sL:A9J8PL7VcN3CNIb88WsNMP5F1k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rmrp.exe

Files

rmrp.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ