rocketdock.exe

The application rocketdock.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RocketDock’. While running, it connects to the Internet address srv2.ampyazilim.com.tr on port 80 using the HTTP protocol.
MD5:
007f2222e39789229de1e6614bd07b4a

SHA-1:
9a04f8dd04ba778dd3cca777da500f748f62f111

SHA-256:
9c36d74b884f77f987ae5a94f98919234a9f94014ff50c7f60a65033832c6985

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 5:45:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RocketDock (M)
17.2.9.22

File size:
588 KB (602,112 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\rocketdock\rocketdock.exe

File PE Metadata
Compilation timestamp:
8/29/2003 10:01:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x81624

Entry point:
8D, 05, 93, 0B, 86, 3F, F3, C6, C3, A1, 0F, BE, FC, 0F, AF, CA, 1A, E6, C7, C3, 98, B0, CD, 8A, C7, C5, 82, 39, E2, 17, FF, CF, C6, C3, C6, FE, C4, 8B, FA, 81, C2, A0, C2, F0, FF, 88, CB, 87, E8, 81, C2, 18, CE, 0F, 00, 69, FB, 32, 10, BE, 36, 8B, F1, 19, C2, 88, DE, 24, 7D, 69, C9, 5A, 14, 81, 48, 84, FA, 85, EE, 47, E8, 47, 00, 00, 00, 8A, C3, 8B, FE, B4, 92, FF, C6, 8D, 3D, C2, 8B, D1, FB, 86, C4, 84, C2, FF, CF, 68, C4, 70, FA, FF, 8D, 15, AE, 7C, 69, CE, 0F, BF, EF, 31, FB, 5E, 86, C2, 81, C6, 26, 89...
 
[+]

Entropy:
6.5793

Code size:
280 KB (286,720 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RocketDock

Command:
"C:\Program Files\rocketdock\rocketdock.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to srv2.ampyazilim.com.tr  (37.230.104.89:80)

TCP (HTTP):
Connects to 93-89-226-17.fbs.com.tr  (93.89.226.17:80)

TCP (HTTP SSL):
Connects to www41078u.sakura.ne.jp  (49.212.108.116:443)

TCP (HTTP):

Remove rocketdock.exe - Powered by Reason Core Security