» rocket bot.exe
Overview
Analysis
File Details

rocket bot.exe

Salung International Corporation

The executable rocket bot.exe has been detected as malware by 9 anti-virus scanners.

File name:

rocket bot.exe

Publisher:

Salung International Corporation (signed and verified)

Version:

0.0.0.0

MD5:

0b2b1ddd91cfe516f2e910271cda86d9

SHA-1:

3859f422319f5bdd1d13831c56fe5eebd939062a

SHA-256:

c2e33af29b043b304fed88850e8062aedfb986b2269d8b1fb0844c7b9e5e20c9

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

11/24/2024 7:51:20 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.MSIL.aint

8.3.3.4

avast!

Win32:Dropper-gen [Drp]

2014.9-160720

AVG

Atros3

2017.0.2676

ESET NOD32

MSIL/Kryptik.GMF (variant)

10.13720

Fortinet FortiGate

MSIL/Kryptik.GMF!tr

7/20/2016

G Data

Win32.Trojan.Agent.5SMC96

16.7.25

Malwarebytes

Trojan.Crypt.MSIL

v2016.07.20.03

McAfee

Artemis!0B2B1DDD91CF

5600.6332

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

File size:

1.4 MB (1,426,984 bytes)

Product version:

0.0.0.0

Original file name:

ysgviVSjWC2fKMgFwEAvE8TvnOr9nseySu2uIXl9u6b1dywSB.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\rocket bot.exe

Digital Signature

Signed by:

Salung International Corporation

Authority:

Salung International Corporation

Valid from:

6/25/2016 6:45:36 AM

Valid to:

6/26/2026 6:45:36 AM

Subject:

E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Issuer:

E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Serial number:

00866E0A24F3686932

File PE Metadata

Compilation timestamp:

6/27/2016 8:09:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:H/Psoft2d2HcH67SqZd6IFPol9UD5hqcQ6EUKCL+OIw3sDLzwuW/7Bn:HMof02P7SqZdZo/65hsNQI/wuW/1n

Entry address:

0x12B3CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.2 MB (1,220,608 bytes)

Remove rocket bot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.