Rimecud malware | Joachim De Zutter
Filename: shared.exe
Filesize: 134144
MD5: f0418bd911e063fe7c8c4cf0e79615d5
SHA1: c2e44322b56a5912f3acbc15deb66692b07ce06e
SHA256: 53a9261f7088091ea27103cad0735cf6071db403ef4afd891af409f102d24e60
SSDeep: 3072:yqbQIv2f+rQ55KwjdbLx3/RzIeId3f7gh8R8TIN4y4bi:y8+aOKwf9Ieqka+u4y
https://www.virustotal.com/#/file/53a9261f7088091ea27103cad0735cf6071db403ef4afd891af409f102d24e60
Performs DNS queries for slade.safehousenumber.com, murik.portal-protection.net.ru, world.rickstudio.ru, banana.cocolands.su, portal.roomshowerbord.com.
portal.roomshowerbord.com resolved to 146.185.244.237

http://www.utrace.de/?query=146.185.244.237
Provider: Petersburg Internet Network ltd., Region: Saint Petersburg (Russia)

PeID detected Armadillo v1.71
Listens for UDP packets on port 1040 and 1045.
Sent UDP packets to port 33111 of 146.185.244.237
Received UDP packets on port 1040 and 1045 from 146.185.244.237