home

rocketsilent.exe

The executable rocketsilent.exe has been detected as malware by 15 anti-virus scanners.
MD5:
c3f1d7dcd377d34e71377d2d56faec27

SHA-1:
6c06ccc5eb0628ab54771c158f2e43a50578004e

SHA-256:
2ed52ff8ed37a350ee5a94be88fe0c7941898f9b1c5c0162433a66b01b689ea5

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
4/25/2024 9:13:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11685002
711

Bitdefender
Trojan.Generic.11685002
1.0.20.275

Emsisoft Anti-Malware
Trojan.Generic.11685002
8.15.02.24.05

F-Secure
Trojan.Generic.11685002
11.2015-24-02_3

G Data
Trojan.Generic.11685002
15.2.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

McAfee
Artemis!C3F1D7DCD377
5600.6845

MicroWorld eScan
Trojan.Generic.11685002
16.0.0.165

nProtect
Trojan.Generic.11685002
15.02.13.01

Panda Antivirus
Trj/CI.A
15.02.24.05

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Agent
10035

Trend Micro House Call
TROJ_GEN.R047H05G914
7.2.278

Trend Micro
TROJ_SPNR.25JS14
10.465.24

VIPRE Antivirus
Trojan.Win32.Generic
37530

File size:
215 KB (220,160 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\rocketsilent.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:z1LHPpPp2BMJYw0eUGB2JEOPtc6WEvjbsE0AEkvwJKr5GAM/GZsCkpOWExi7Xagr:V15mveUGB2JZ8qZjr6bBpOWV7Xag

Entry address:
0x304A0

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, A0, 03, 43, 00, E8, A9, 67, FD, FF, 33, C0, 55, 68, E4, 04, 43, 00, 64, FF, 30, 64, 89, 20, E8, 22, 25, FD, FF, 83, F8, 02, 7D, 0A, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 19, E8, 3E, FB, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, B7, 37, FD, FF, E8, 1A, 3B, FD, FF, 5F, 5E, 5B, E8, 46, 3F, FD, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5736

Developed / compiled with:
Microsoft Visual C++

Code size:
189.5 KB (194,048 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.2.169:80)

Remove rocketsilent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.