rguninstaller[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rguninstaller.exe
Size

693KB
MD5

000d2076bede69538532c63ae41e3616
SHA1

c7e1f9a049b6c60d45bb173a2f1e481cae1af9ad
SHA256

3c04037c9c1afbf39b07c4c37c6776f3abee523d5f809ea38b7897b161922c4a
SHA512

0cd3924b68cea6ed731471614a579dca13c2f5dc9d9074ba34f76324ab1b30a764759817515267b4518ff0e38cde29c1c080f78c6c5ab3ab153d081b8388b93d
SSDEEP

12288:mn8Mh7IjdWMoIrYA/F3ywT04XvkKgdm5egpXI0PtbmDQv6zHCovAn+rgCa:Y8MpIjcCFdvpIutbmMvyi5+q

Score

N/A

Malware Config

Signatures

Files

rguninstaller.exe
.exe windows x64

b30a5e6dc77d3749dd7857a4c12843d5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54
Certificate

Issuer

CN=SecureTrust CA,O=SecureTrust Corporation,C=US

Not Before

01/09/2016, 14:35

Not After

29/09/2024, 14:35

Subject

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:2d:b9:66:93:39:d6:bc:c1:4e:5a:d3:1c:86:3e:7f:83:63:35
Certificate

Issuer

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

Not Before

23/09/2020, 11:52

Not After

26/09/2022, 17:52

Subject

CN=Red Giant LLC,O=Red Giant LLC,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:76:d4:4d:f1:58:78:84:99:ab:a2:52:ba:fe:72:9c:88:43:ca:d6
Signer

Actual PE Digest

90:76:d4:4d:f1:58:78:84:99:ab:a2:52:ba:fe:72:9c:88:43:ca:d6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Red Giant LLC,O=Red Giant LLC,L=Beaverton,ST=Oregon,C=US

09/12/2020, 23:57
Valid: true

Chain 1

CN=Red Giant LLC,O=Red Giant LLC,L=Beaverton,ST=Oregon,C=US

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

CN=SecureTrust CA,O=SecureTrust Corporation,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
WriteFile
Sleep
GetLastError
CreateFileA
CloseHandle
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileAttributesA
GetCurrentDirectoryW
GetProcAddress
DeleteCriticalSection
GetEnvironmentVariableA
QueryPerformanceFrequency
QueryPerformanceCounter
TlsAlloc
WaitNamedPipeA
TlsSetValue
TlsFree
GetCurrentThreadId
FindClose
SetNamedPipeHandleState
ReadFile
RemoveDirectoryA
MultiByteToWideChar
GetThreadTimes
WriteConsoleW
HeapSize
HeapReAlloc
FreeEnvironmentStringsW
TlsGetValue
InitializeSListHead
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
FormatMessageA
WideCharToMultiByte
EncodePointer
DecodePointer
SetLastError
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
GetModuleHandleA
AreFileApisANSI
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentThread
GetFileSizeEx
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
ReadConsoleW
SetEnvironmentVariableW
FindFirstFileExW

advapi32

GetUserNameA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b30a5e6dc77d3749dd7857a4c12843d5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54Certificate

Extended Key Usages

Key Usages

07:2d:b9:66:93:39:d6:bc:c1:4e:5a:d3:1c:86:3e:7f:83:63:35Certificate

Extended Key Usages

Key Usages

90:76:d4:4d:f1:58:78:84:99:ab:a2:52:ba:fe:72:9c:88:43:ca:d6Signer

Signature Validations

Verification

09/12/2020, 23:57 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

rpcrt4

Sections

.text Size: 512KB - Virtual size: 511KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 13KB - Virtual size: 21KB

.pdata Size: 22KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54
Certificate

07:2d:b9:66:93:39:d6:bc:c1:4e:5a:d3:1c:86:3e:7f:83:63:35
Certificate

90:76:d4:4d:f1:58:78:84:99:ab:a2:52:ba:fe:72:9c:88:43:ca:d6
Signer

09/12/2020, 23:57
Valid: true

.text
Size: 512KB - Virtual size: 511KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 13KB - Virtual size: 21KB

.pdata
Size: 22KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 4KB