DigitalSide Threat Intel

rockss.exe

First submission 2023-09-18 07:13:02

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 4751.0 KB (4865024 bytes)
Compile time: 1970-01-01 01:00:00
MD5: b32d5a382373d7df0c1fec9f15f0724a
SHA1: 472fc4c27859f39e8b9a0bf784949f72944dc52b
SHA256: 010fe481ba6275ebbf71e102e66d73f5d819252f2b4b1893d2acf53c04f4200f
Import Hash : a9c887a4f18a3fede2cc29ceea138ed3
Sections 4 .text .rdata .bss .rsrc
Directories 2 import resource
Virus Total: 45/71 VT report date: 2023-09-18 03:50:12

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.42.65.80/rockss.exe VirusTotal Report 5.42.65.80 VirusTotal Report 2023-09-18 07:13:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x640 2048 0092cb2737127c677306822385111e9f57a607c9 77d5b8c52a6946fab8f535d5b5f27670
.rdata 0x2000 0x4a2a33 4860928 939c13ed6d9f901caf5f9995639933e9150f34e9 2e47ef79792c069790fbff97fe0dea37
.bss 0x4a5000 0x4 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x4a6000 0x2f8 1024 74822d96565948145bbfa1fa8bcc00e17d52c8a4 9669d3aeada65ea241d8bc46993c4f42

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x4a6058 665

Strings analysis - File found

Library
MSVCRT.dll
KERNEL32.dll
SHELL32.dll

Strings analysis - Possible IPs found 1

7.2.7.1

Strings analysis - Possible URLs found 1

http://www.w3.org/2001/XMLSchema-instance

Import functions

Function Address Souspicious Anti Debug
ShellExecuteA 0x8a48c8
Function Address Souspicious Anti Debug
SetUnhandledExceptionFilter 0x8a48d0
Function Address Souspicious Anti Debug
malloc 0x8a4880
memset 0x8a4884
strcmp 0x8a4888
strcpy 0x8a488c
getenv 0x8a4890
sprintf 0x8a4894
fopen 0x8a4898
fwrite 0x8a489c
fclose 0x8a48a0
__argc 0x8a48a4
__argv 0x8a48a8
_environ 0x8a48ac
_XcptFilter 0x8a48b0
__set_app_type 0x8a48b4
_controlfp 0x8a48b8
__getmainargs 0x8a48bc
exit 0x8a48c0

Related files by ImpHash 8 a9c887a4f18a3fede2cc29ceea138ed3

Name Latest seen MD5
nigguy_1.exe 2023-05-27 03:55:02 25344f4f54ec2afff00c28ca9c2a1818
wowo2.exe 2023-08-28 00:41:04 61d0c8c6e860f92b549c3f0b0412be53
rock.exe 2023-08-28 00:46:02 1d4913e1a16b1f61d67eb7b8de501714
super.exe 2023-08-28 02:46:03 5bf6b19fd947c3fef6a8cc3555b2f18d
rockas.exe 2023-09-01 17:52:03 98628dba1be12d83b13f1b2bd25d85b6
ummaa.exe 2023-09-01 22:07:02 58bc43389c3e720c0af4ff563d5ed7ce
soso.exe 2023-09-02 07:39:03 6dc87042689e8ee4fcf2ad4978251c44
mar2.exe 2023-09-17 02:33:06 3bffffda1e470fede020d005d03929da