General

Malware Config

Signatures

Files

• Ro-Multiply.exe

  .exe windows x86

  
  

  Code Sign

  e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  11-09-2018 09:26

  Not After

  11-09-2023 09:26

  Subject

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  3a:43:94:f1:bb:a9:ea:0f:43:b2:e2:5a:78:be:57:bd

  Certificate

  Issuer

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  10-06-2022 21:30

  Not After

  09-06-2023 21:30

  Subject

  CN=Southland Softworks,O=Southland Softworks,L=Grants Pass,ST=Oregon,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  64:33:51:d3:c7:38:9f:08

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  24-06-2016 20:44

  Not After

  24-06-2031 20:44

  Subject

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  66:43:b3:a9:89:b0:17:03:0b:b1:7d:e0:17:d4:48:ca:94:e0:4b:4b:80:ed:44:d8:b8:fd:6f:f8:5d:88:ab:4c

  Signer

  Actual PE Digest

  66:43:b3:a9:89:b0:17:03:0b:b1:7d:e0:17:d4:48:ca:94:e0:4b:4b:80:ed:44:d8:b8:fd:6f:f8:5d:88:ab:4c

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Southland Softworks,O=Southland Softworks,L=Grants Pass,ST=Oregon,C=US

  23-06-2022 17:32

  Valid: true

  Chain 1

  CN=Southland Softworks,O=Southland Softworks,L=Grants Pass,ST=Oregon,C=US

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Chain 2

  CN=Southland Softworks,O=Southland Softworks,L=Grants Pass,ST=Oregon,C=US

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 8KB - Virtual size: 10KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 1KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 512B - Virtual size: 752B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 1024B - Virtual size: 800B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .idata

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 4.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 2.6MB - Virtual size: 2.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ