rmid[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rmid.exe
Size

16KB
MD5

63ae4a4d9f0b8d57655953d7299ced03
SHA1

508afb9d1f413c8aeb9a045279d9a8abfdfb1fb0
SHA256

4df217ef17730334dc1c90be534ba2a96e150eb7c638fa5e2b01511fa2e3d1cb
SHA512

240cf4f89d1045b52445c9cd79c2c6daca315ca4f462bbd8431bbb3e510f8888bc1c77261188a190947fd9700b65aab7ecbbbb90d1f0b094ba162720993659e7
SSDEEP

384:Gpsn5cn2JUPBmSHhV82q1eCi4Sz+j+LiPnhn:GpsSnaqUS/82nCiwj+LChn

Score

1^/10

Malware Config

Signatures

Files

rmid.exe
.exe windows x86

d3310ce6cbcacb3a9f0809bc33e38abe

Code Sign

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26/02/2018, 00:00

Not After

27/02/2020, 23:59

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:b2:74:35:54:ff:21:b0:e7:c3:fa:33:8a:8b:ae:5d:37:57:34:0c:9d:c3:9e:e5:40:65:4d:5f:7a:4d:47:f0
Signer

Actual PE Digest

65:b2:74:35:54:ff:21:b0:e7:c3:fa:33:8a:8b:ae:5d:37:57:34:0c:9d:c3:9e:e5:40:65:4d:5f:7a:4d:47:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

jli

JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc
JLI_GetStdArgs
JLI_Launch

msvcr100

_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_initterm
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
getenv
printf
__argc
__argv
__set_app_type

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCommandLineA
GetCurrentProcessId

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3310ce6cbcacb3a9f0809bc33e38abe

Code Sign

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

65:b2:74:35:54:ff:21:b0:e7:c3:fa:33:8a:8b:ae:5d:37:57:34:0c:9d:c3:9e:e5:40:65:4d:5f:7a:4d:47:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

jli

msvcr100

kernel32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 940B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 472B

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

65:b2:74:35:54:ff:21:b0:e7:c3:fa:33:8a:8b:ae:5d:37:57:34:0c:9d:c3:9e:e5:40:65:4d:5f:7a:4d:47:f0
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 940B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 472B