» rocket bot.exe
Overview
Analysis
File Details
Behaviors (1)

rocket bot.exe

MaliQ Incorporated

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.

File name:

rocket bot.exe

Publisher:

MaliQ Incorporated (signed and verified)

MD5:

16525eab02d87c26da8d408913b389e0

SHA-1:

9b7653c33801c394ef9026819c29e22aebaab607

SHA-256:

5a3facd40380a1a1c40723ab979fbd24cbd9f798e662451d90b937dcb95c24b8

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

2/26/2025 9:52:02 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Gen.mge4

2.1.4+

Baidu Antivirus

MSIL.Trojan.Kryptik

4.0.3.16625

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.2.1.6.0

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

File size:

1.4 MB (1,488,360 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\rocket bot.exe

Digital Signature

Signed by:

MaliQ Incorporated

Authority:

MaliQ Incorporated

Valid from:

6/24/2016 1:37:54 PM

Valid to:

6/25/2026 1:37:54 PM

Subject:

E=support@maliq.com, CN=*.maliq.com, OU=Support Dept., O=MaliQ Incorporated, L=Laval, S=Quebec, C=CA

Issuer:

E=support@maliq.com, CN=*.maliq.com, OU=Support Dept., O=MaliQ Incorporated, L=Laval, S=Quebec, C=CA

Serial number:

00ED8DD9775BFACA07

File PE Metadata

Compilation timestamp:

6/24/2016 3:28:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:K7T925SFQeWJGA2UKnrbkZGB8B+oncVLimusmrEuW/7B7:Kvs5OQfJpikZGBC+6ELI5EuW/17

Entry address:

0x13D76E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8497

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.2 MB (1,292,288 bytes)

Scheduled Task

Task name:

Windows Protector

Path:

\Update\Windows Protector

Trigger:

Logon (Runs on logon)

Scan rocket bot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.