ROTMGInjector[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ROTMGInjector.exe
Size

59KB
MD5

5e7ea5880c8eb5996e458611b8a0a87d
SHA1

0910ca585acda9791d8ead880284f87bbfde81ea
SHA256

8f29bd31326b758f18678a5510cffda5cfeffd6f1d3bb7d4f75423e1d8c9b7d5
SHA512

35bb0fe0c7088f60a7cc144f2d1afa9df6352a6a118bb3ca7582f8e156ac4dc2ca9d5e10e6aa01f661dbf7db5bff9a3d6fa6a272befc1264e68c53ac25a5bf17
SSDEEP

768:hnu2hZ4sR2tTvJeS+yuvkuxuAKd0J+4rx304+0zs4snt99HTYGcDwma5HfXYDkef:9ugZ4hTv3UIn4VNz5m9HTYGcDwPFoDk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ROTMGInjector.exe

Files

ROTMGInjector.exe
.exe windows:6 windows x64 arch:x64

adf5e3623bc1c4fc38576323e876ba98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32First
WriteProcessMemory
WaitForSingleObject
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetFileAttributesA
Process32Next
CloseHandle
GetProcAddress
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocaleInfoEx
FormatMessageA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
MoveFileExW
GetModuleHandleW
GetLastError
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetCurrentDirectoryW
InitializeSListHead

user32

GetWindowTextA
SendMessageA
FindWindowExA
FindWindowA

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memset
memmove
memcpy
memchr
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_initterm_e
exit
_exit
terminate
__p___argc
_invalid_parameter_noinfo_noreturn
__p___argv
_errno
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-string-l1-1-0

strcmp

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adf5e3623bc1c4fc38576323e876ba98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 176B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 176B