RPS420 RAT[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

RPS420 RAT.zip
Size

40.9MB
MD5

1ee3f44fc2c7d2e9205537db0b46c74a
SHA1

ef57f4e7378e5a917673063e3cde6471416864fe
SHA256

015396108fcce59aec2dc2cd3f1b8f633d9d57ec9a1c293985def5582f47e8fa
SHA512

74945ebde32b818633f8d5900d8618a7ac90ca7604ff0113d63297b6f7670c7cc7819271bfef33d001a2545a92ca1ba40199d11cb7655a3af3083def457baa42
SSDEEP

786432:KGo1q7G6pVGv+EcWY0vWIjKXiwFf4KIn7DszN+BlESTjuOJ4DvSSmMOgj:01q7XrfEciv+tIn7Q+lEuae3vfY

Score

1^/10

Malware Config

Signatures

Files

RPS420 RAT.zip
.7z

Password: cracked
RPS420 RAT/AdvancedOptions.ini
RPS420 RAT/Bunifu_UI_v1.52.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Flags/--.png
.png
RPS420 RAT/Flags/_ASEAN.png
.png
RPS420 RAT/Flags/_African Union(OAS).png
.png
RPS420 RAT/Flags/_Arab League.png
.png
RPS420 RAT/Flags/_CARICOM.png
.png
RPS420 RAT/Flags/_CIS.png
.png
RPS420 RAT/Flags/_Commonwealth.png
.png
RPS420 RAT/Flags/_England.png
.png
RPS420 RAT/Flags/_European Union.png
.png
RPS420 RAT/Flags/_Islamic Conference.png
.png
RPS420 RAT/Flags/_Kosovo.png
.png
RPS420 RAT/Flags/_NATO.png
.png
RPS420 RAT/Flags/_Northern Cyprus.png
.png
RPS420 RAT/Flags/_Northern Ireland.png
.png
RPS420 RAT/Flags/_OPEC.png
.png
RPS420 RAT/Flags/_Olimpic Movement.png
.png
RPS420 RAT/Flags/_Red Cross.png
.png
RPS420 RAT/Flags/_Scotland.png
.png
RPS420 RAT/Flags/_Somaliland.png
.png
RPS420 RAT/Flags/_United Nations.png
.png
RPS420 RAT/Flags/_Wales.png
.png
RPS420 RAT/Flags/ad.png
.png
RPS420 RAT/Flags/ae.png
.png
RPS420 RAT/Flags/af.png
.png
RPS420 RAT/Flags/ag.png
.png
RPS420 RAT/Flags/ai.png
.png
RPS420 RAT/Flags/al.png
.png
RPS420 RAT/Flags/am.png
.png
RPS420 RAT/Flags/an.png
.png
RPS420 RAT/Flags/ao.png
.png
RPS420 RAT/Flags/aq.png
.png
RPS420 RAT/Flags/ar.png
.png
RPS420 RAT/Flags/as.png
.png
RPS420 RAT/Flags/at.png
.png
RPS420 RAT/Flags/au.png
.png
RPS420 RAT/Flags/aw.png
.png
RPS420 RAT/Flags/az.png
.png
RPS420 RAT/Flags/ba.png
.png
RPS420 RAT/Flags/bb.png
.png
RPS420 RAT/Flags/bd.png
.png
RPS420 RAT/Flags/be.png
.png
RPS420 RAT/Flags/bf.png
.png
RPS420 RAT/Flags/bg.png
.png
RPS420 RAT/Flags/bh.png
.png
RPS420 RAT/Flags/bi.png
.png
RPS420 RAT/Flags/bj.png
.png
RPS420 RAT/Flags/bm.png
.png
RPS420 RAT/Flags/bn.png
.png
RPS420 RAT/Flags/bo.png
.png
RPS420 RAT/Flags/br.png
.png
RPS420 RAT/Flags/bs.png
.png
RPS420 RAT/Flags/bt.png
.png
RPS420 RAT/Flags/bw.png
.png
RPS420 RAT/Flags/by.png
.png
RPS420 RAT/Flags/bz.png
.png
RPS420 RAT/Flags/ca.png
.png
RPS420 RAT/Flags/cd.png
.png
RPS420 RAT/Flags/cf.png
.png
RPS420 RAT/Flags/cg.png
.png
RPS420 RAT/Flags/ch.png
.png
RPS420 RAT/Flags/ci.png
.png
RPS420 RAT/Flags/ck.png
.png
RPS420 RAT/Flags/cl.png
.png
RPS420 RAT/Flags/cm.png
.png
RPS420 RAT/Flags/cn.png
.png
RPS420 RAT/Flags/co.png
.png
RPS420 RAT/Flags/cr.png
.png
RPS420 RAT/Flags/cu.png
.png
RPS420 RAT/Flags/cv.png
.png
RPS420 RAT/Flags/cy.png
.png
RPS420 RAT/Flags/cz.png
.png
RPS420 RAT/Flags/de.png
.png
RPS420 RAT/Flags/dj.png
.png
RPS420 RAT/Flags/dk.png
.png
RPS420 RAT/Flags/dm.png
.png
RPS420 RAT/Flags/do.png
.png
RPS420 RAT/Flags/dz.png
.png
RPS420 RAT/Flags/ec.png
.png
RPS420 RAT/Flags/ee.png
.png
RPS420 RAT/Flags/eg.png
.png
RPS420 RAT/Flags/eh.png
.png
RPS420 RAT/Flags/er.png
.png
RPS420 RAT/Flags/es.png
.png
RPS420 RAT/Flags/et.png
.png
RPS420 RAT/Flags/fi.png
.png
RPS420 RAT/Flags/fj.png
.png
RPS420 RAT/Flags/fm.png
.png
RPS420 RAT/Flags/fo.png
.png
RPS420 RAT/Flags/fr.png
.png
RPS420 RAT/Flags/ga.png
.png
RPS420 RAT/Flags/gb.png
.png
RPS420 RAT/Flags/gd.png
.png
RPS420 RAT/Flags/ge.png
.png
RPS420 RAT/Flags/gg.png
.png
RPS420 RAT/Flags/gh.png
.png
RPS420 RAT/Flags/gi.png
.png
RPS420 RAT/Flags/gl.png
.png
RPS420 RAT/Flags/gm.png
.png
RPS420 RAT/Flags/gn.png
.png
RPS420 RAT/Flags/gp.png
.png
RPS420 RAT/Flags/gq.png
.png
RPS420 RAT/Flags/gr.png
.png
RPS420 RAT/Flags/gt.png
.png
RPS420 RAT/Flags/gu.png
.png
RPS420 RAT/Flags/gw.png
.png
RPS420 RAT/Flags/gy.png
.png
RPS420 RAT/Flags/hk.png
.png
RPS420 RAT/Flags/hn.png
.png
RPS420 RAT/Flags/hr.png
.png
RPS420 RAT/Flags/ht.png
.png
RPS420 RAT/Flags/hu.png
.png
RPS420 RAT/Flags/id.png
.png
RPS420 RAT/Flags/ie.png
.png
RPS420 RAT/Flags/il.png
.png
RPS420 RAT/Flags/im.png
.png
RPS420 RAT/Flags/in.png
.png
RPS420 RAT/Flags/iq.png
.png
RPS420 RAT/Flags/ir.png
.png
RPS420 RAT/Flags/is.png
.png
RPS420 RAT/Flags/it.png
.png
RPS420 RAT/Flags/je.png
.png
RPS420 RAT/Flags/jm.png
.png
RPS420 RAT/Flags/jo.png
.png
RPS420 RAT/Flags/jp.png
.png
RPS420 RAT/Flags/ke.png
.png
RPS420 RAT/Flags/kg.png
.png
RPS420 RAT/Flags/kh.png
.png
RPS420 RAT/Flags/ki.png
.png
RPS420 RAT/Flags/km.png
.png
RPS420 RAT/Flags/kn.png
.png
RPS420 RAT/Flags/kp.png
.png
RPS420 RAT/Flags/kr.png
.png
RPS420 RAT/Flags/kw.png
.png
RPS420 RAT/Flags/ky.png
.png
RPS420 RAT/Flags/kz.png
.png
RPS420 RAT/Flags/la.png
.png
RPS420 RAT/Flags/lb.png
.png
RPS420 RAT/Flags/lc.png
.png
RPS420 RAT/Flags/li.png
.png
RPS420 RAT/Flags/lk.png
.png
RPS420 RAT/Flags/lr.png
.png
RPS420 RAT/Flags/ls.png
.png
RPS420 RAT/Flags/lt.png
.png
RPS420 RAT/Flags/lu.png
.png
RPS420 RAT/Flags/lv.png
.png
RPS420 RAT/Flags/ly.png
.png
RPS420 RAT/Flags/ma.png
.png
RPS420 RAT/Flags/mc.png
.png
RPS420 RAT/Flags/md.png
.png
RPS420 RAT/Flags/me.png
.png
RPS420 RAT/Flags/mg.png
.png
RPS420 RAT/Flags/mh.png
.png
RPS420 RAT/Flags/mk.png
.png
RPS420 RAT/Flags/ml.png
.png
RPS420 RAT/Flags/mm.png
.png
RPS420 RAT/Flags/mn.png
.png
RPS420 RAT/Flags/mo.png
.png
RPS420 RAT/Flags/mq.png
.png
RPS420 RAT/Flags/mr.png
.png
RPS420 RAT/Flags/ms.png
.png
RPS420 RAT/Flags/mt.png
.png
RPS420 RAT/Flags/mu.png
.png
RPS420 RAT/Flags/mv.png
.png
RPS420 RAT/Flags/mw.png
.png
RPS420 RAT/Flags/mx.png
.png
RPS420 RAT/Flags/my.png
.png
RPS420 RAT/Flags/mz.png
.png
RPS420 RAT/Flags/na.png
.png
RPS420 RAT/Flags/nc.png
.png
RPS420 RAT/Flags/ne.png
.png
RPS420 RAT/Flags/ng.png
.png
RPS420 RAT/Flags/ni.png
.png
RPS420 RAT/Flags/nl.png
.png
RPS420 RAT/Flags/no.png
.png
RPS420 RAT/Flags/np.png
.png
RPS420 RAT/Flags/nr.png
.png
RPS420 RAT/Flags/nz.png
.png
RPS420 RAT/Flags/om.png
.png
RPS420 RAT/Flags/pa.png
.png
RPS420 RAT/Flags/pe.png
.png
RPS420 RAT/Flags/pf.png
.png
RPS420 RAT/Flags/pg.png
.png
RPS420 RAT/Flags/ph.png
.png
RPS420 RAT/Flags/pk.png
.png
RPS420 RAT/Flags/pl.png
.png
RPS420 RAT/Flags/pr.png
.png
RPS420 RAT/Flags/ps.png
.png
RPS420 RAT/Flags/pt.png
.png
RPS420 RAT/Flags/pw.png
.png
RPS420 RAT/Flags/py.png
.png
RPS420 RAT/Flags/qa.png
.png
RPS420 RAT/Flags/re.png
.png
RPS420 RAT/Flags/ro.png
.png
RPS420 RAT/Flags/rs.png
.png
RPS420 RAT/Flags/ru.png
.png
RPS420 RAT/Flags/rw.png
.png
RPS420 RAT/Flags/sa.png
.png
RPS420 RAT/Flags/sb.png
.png
RPS420 RAT/Flags/sc.png
.png
RPS420 RAT/Flags/sd.png
.png
RPS420 RAT/Flags/se.png
.png
RPS420 RAT/Flags/sg.png
.png
RPS420 RAT/Flags/si.png
.png
RPS420 RAT/Flags/sk.png
.png
RPS420 RAT/Flags/sl.png
.png
RPS420 RAT/Flags/sm.png
.png
RPS420 RAT/Flags/sn.png
.png
RPS420 RAT/Flags/so.png
.png
RPS420 RAT/Flags/sr.png
.png
RPS420 RAT/Flags/st.png
.png
RPS420 RAT/Flags/sv.png
.png
RPS420 RAT/Flags/sy.png
.png
RPS420 RAT/Flags/sz.png
.png
RPS420 RAT/Flags/tc.png
.png
RPS420 RAT/Flags/td.png
.png
RPS420 RAT/Flags/tg.png
.png
RPS420 RAT/Flags/th.png
.png
RPS420 RAT/Flags/tj.png
.png
RPS420 RAT/Flags/tl.png
.png
RPS420 RAT/Flags/tm.png
.png
RPS420 RAT/Flags/tn.png
.png
RPS420 RAT/Flags/to.png
.png
RPS420 RAT/Flags/tr.png
.png
RPS420 RAT/Flags/tt.png
.png
RPS420 RAT/Flags/tv.png
.png
RPS420 RAT/Flags/tw.png
.png
RPS420 RAT/Flags/tz.png
.png
RPS420 RAT/Flags/ua.png
.png
RPS420 RAT/Flags/ug.png
.png
RPS420 RAT/Flags/us.png
.png
RPS420 RAT/Flags/uy.png
.png
RPS420 RAT/Flags/uz.png
.png
RPS420 RAT/Flags/va.png
.png
RPS420 RAT/Flags/vc.png
.png
RPS420 RAT/Flags/ve.png
.png
RPS420 RAT/Flags/vg.png
.png
RPS420 RAT/Flags/vi.png
.png
RPS420 RAT/Flags/vn.png
.png
RPS420 RAT/Flags/vu.png
.png
RPS420 RAT/Flags/ws.png
.png
RPS420 RAT/Flags/ye.png
.png
RPS420 RAT/Flags/za.png
.png
RPS420 RAT/Flags/zm.png
.png
RPS420 RAT/Flags/zw.png
.png
RPS420 RAT/FoxLearn.License.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/GeoIP.dat
RPS420 RAT/Guna.UI2.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23/10/2019, 05:22

Not After

22/10/2025, 17:00

Subject

CN=Sobatdata Software

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:ae:28:3e:4f:d9:48:5e:14:cd:ec:ed:ab:f1:52:70:6e:07:9f:18
Signer

Actual PE Digest

8d:ae:28:3e:4f:d9:48:5e:14:cd:ec:ed:ab:f1:52:70:6e:07:9f:18

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sobatdata Software

24/03/2022, 01:20
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Mono.Cecil.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Napoleon.License.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Newtonsoft.Json.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:75:af:03:3f:84:ae:74:58:55:19:23:d2:62:50:a1:68:48:b3:d5:e2:45:27:31:1a:4d:97:5b:d2:fd:7f:2d
Signer

Actual PE Digest

61:75:af:03:3f:84:ae:74:58:55:19:23:d2:62:50:a1:68:48:b3:d5:e2:45:27:31:1a:4d:97:5b:d2:fd:7f:2d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

17/03/2021, 20:03
Valid: true

Chain 1

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/NoIP.dat
RPS420 RAT/Plugins/All/CH.dll
.gz
CH.dll
.dll windows x86

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/All/CM.dll
.gz
RPS420 RAT/Plugins/All/CP.dll
.gz
RPS420 RAT/Plugins/All/FM.dll
.gz
RPS420 RAT/Plugins/All/MC.dll
.gz
RPS420 RAT/Plugins/All/NF.dll
.gz
RPS420 RAT/Plugins/All/PS.dll
.gz
RPS420 RAT/Plugins/All/PT.dll
.gz
RPS420 RAT/Plugins/All/SM.dll
.gz
RPS420 RAT/Plugins/CH.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/CH.pdb
RPS420 RAT/Plugins/CH.xml
RPS420 RAT/Plugins/CM.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/CM.pdb
RPS420 RAT/Plugins/CM.xml
RPS420 RAT/Plugins/CP.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/CP.pdb
RPS420 RAT/Plugins/CP.xml
RPS420 RAT/Plugins/FM.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/FM.pdb
RPS420 RAT/Plugins/FM.vshost.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5
Signer

Actual PE Digest

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

08/11/2007, 16:16
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/FM.xml
RPS420 RAT/Plugins/MC.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/MC.pdb
RPS420 RAT/Plugins/MC.xml
RPS420 RAT/Plugins/NF.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/NF.pdb
RPS420 RAT/Plugins/NF.xml
RPS420 RAT/Plugins/New folder/CH.dll
.gz
RPS420 RAT/Plugins/New folder/CM.dll
.gz
RPS420 RAT/Plugins/New folder/CP.dll
.gz
RPS420 RAT/Plugins/New folder/FM.dll
.gz
RPS420 RAT/Plugins/New folder/MC.dll
.gz
RPS420 RAT/Plugins/New folder/NF.dll
.gz
RPS420 RAT/Plugins/New folder/New folder.rar
.rar
RPS420 RAT/Plugins/New folder/PS.dll
.gz
RPS420 RAT/Plugins/New folder/PT.dll
.gz
RPS420 RAT/Plugins/New folder/SM.dll
.gz
RPS420 RAT/Plugins/PS.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/PS.pdb
RPS420 RAT/Plugins/PS.xml
RPS420 RAT/Plugins/PT.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/PT.pdb
RPS420 RAT/Plugins/PT.xml
RPS420 RAT/Plugins/SM.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Plugins/SM.pdb
RPS420 RAT/Plugins/SM.xml
RPS420 RAT/RPS-420 RAT.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41.8MB - Virtual size: 41.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Stub.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/Stub.pdb
RPS420 RAT/System.IO.Compression.FileSystem.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/07/2012, 20:50

Not After

26/10/2013, 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:8e:03:83:c2:41:2d:c0:92:79:bb:55:f3:44:6e:89:5b:f7:d1:b6:88:df:22:58:6c:53:78:f0:18:b6:c9:93
Signer

Actual PE Digest

fc:8e:03:83:c2:41:2d:c0:92:79:bb:55:f3:44:6e:89:5b:f7:d1:b6:88:df:22:58:6c:53:78:f0:18:b6:c9:93

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2023, 16:07
Valid: false

8c:69:bd:d5:cc:98:44:20:83:92:06:e9:c9:25:57:5d:46:6a:09:1d
Signer

Actual PE Digest

8c:69:bd:d5:cc:98:44:20:83:92:06:e9:c9:25:57:5d:46:6a:09:1d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26/09/2012, 10:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/System.IO.Compression.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/07/2012, 20:50

Not After

26/10/2013, 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:3f:7a:ca:f6:0d:5b:73:0b:a8:8c:c4:73:cd:b2:32:92:07:8a:69:84:30:ac:30:8d:40:58:ed:fc:26:03:56
Signer

Actual PE Digest

d1:3f:7a:ca:f6:0d:5b:73:0b:a8:8c:c4:73:cd:b2:32:92:07:8a:69:84:30:ac:30:8d:40:58:ed:fc:26:03:56

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2023, 16:07
Valid: false

4e:8a:b1:5c:b5:3d:15:a3:bf:b6:34:36:13:4b:7a:dd:40:d2:e2:a2
Signer

Actual PE Digest

4e:8a:b1:5c:b5:3d:15:a3:bf:b6:34:36:13:4b:7a:dd:40:d2:e2:a2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26/09/2012, 10:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPS420 RAT/VPNConnect.pbk

Sharing

General

Malware Config

Signatures

Files

Password: cracked

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 218KB - Virtual size: 217KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 12B

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

8d:ae:28:3e:4f:d9:48:5e:14:cd:ec:ed:ab:f1:52:70:6e:07:9f:18Signer

Signature Validations

Verification

24/03/2022, 01:20 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 303KB - Virtual size: 302KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 12B

Password: cracked

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate

Extended Key Usages

.text
Size: 218KB - Virtual size: 217KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8d:ae:28:3e:4f:d9:48:5e:14:cd:ec:ed:ab:f1:52:70:6e:07:9f:18
Signer

24/03/2022, 01:20
Valid: false

.text
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 303KB - Virtual size: 302KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:75:af:03:3f:84:ae:74:58:55:19:23:d2:62:50:a1:68:48:b3:d5:e2:45:27:31:1a:4d:97:5b:d2:fd:7f:2d
Signer

17/03/2021, 20:03
Valid: true

.text
Size: 552KB - Virtual size: 552KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 16KB

.sdata
Size: 512B - Virtual size: 103B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 16KB

.sdata
Size: 512B - Virtual size: 103B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 73KB - Virtual size: 73KB

.sdata
Size: 512B - Virtual size: 105B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 15KB

.sdata
Size: 512B - Virtual size: 116B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B