rorukal.exe

First submission 2024-09-01 22:56:01

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 3369.5 KB (3450368 bytes)
Compile time: 2024-08-10 17:08:21
MD5: 77ecafee1b0ba32bd4e3b90b6d92a81f
SHA1: 59d3e7bd118a34918e3a39d5a680ff75568482bb
SHA256: 14d8c36fbab22c95764169e90e4985f90a171b201bb206bd6ea8883b492083e3
Import Hash : 0189345388451634260fa99de205c9c8
Sections 3 .rsrc
Directories 3 import resource tls

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 56/78 VT report date: 2024-08-20 18:01:09
Malware Type 2 trojan dropper
Threat Type 3 strab drop inject5

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jkfinancialpartners.com/inc/rorukal.exe VirusTotal Report jkfinancialpartners.com VirusTotal Report 2024-09-01 22:56:01

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x40e000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
0x40f000 0x331000 3345408 4671479c2c4244b753ef442982a9fb52205967bb 34ad8d584f53281c5daba2a258da6c3d
.rsrc 0x740000 0x1a000 104448 cb240d4caecf68db1fd7488b0a082b7c18e8ecba 0de3c97a86cf1bc2e6303fdd99a53b5b

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x1c4c38 4136
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x1e2460 1128
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x1e4458 212
RT_RCDATA LANG_ENGLISH SUBLANG_ENGLISH_US 0x73b860 512
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x73bbe8 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x7590ec 796
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x75940c 407

Meta infos 10

LegalCopyright: Copyright \xa9 NoStopMedia. All rights reserved.
InternalName: trenininmiba
FileVersion: 1.0.0.0
CompanyName: NoStopMedia
ProductVersion: 1.0.0.0
FileDescription: Launcher
LegalTrademarks:
Translation: 0x0809 0x04e4
OriginalFilename: trenininmiba.exe
ProductName: Launcher

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Database
oB.db
Library
urlmon.dll
SHELL32.dll
KERNEL32.dll
MSVCRT.dll
ADVAPI32.dll
USER32.dll

Import functions

Name Latest seen MD5
do0ntworryx1.exe 2024-07-19 01:44:04 177dba5455e57afe9da6cfa0dda3d61d