rvm-installer-df19-844e-4e94-cd18[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rvm-installer-df19-844e-4e94-cd18.exe
Size

4.6MB
MD5

584a7fb67dfc184a735f2942b3ec3e11
SHA1

33445eb29fa81470353746b6c4ea532873ea6d50
SHA256

b82dfa78a208cc393770fd02b09511b4dd3d7a4d550d7b9115064a3133ac4144
SHA512

a6b4311d681f4af5f44bf633f1cc24d27ff8e68c87712351d3f3b6f130a7ecc3f45ac5cfe6e368a6782f3c9ba0e058625c97da43df5a3f35c3a586e6a15e4870
SSDEEP

98304:tHtFwG0Pzxi1yU+0Yx4mn8G1hQN3P8D/5:inpsG1WN36

Score

1^/10

Malware Config

Signatures

Files

rvm-installer-df19-844e-4e94-cd18.exe
.exe windows:6 windows x86

849be5f1aea77cce1b7f42ca6b1d23e8

Code Sign

32:40:42:fd:d1:83:23:34:fb:47:90:fd:92:1a:33:80
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/05/2020, 00:00

Not After

05/05/2022, 23:59

Subject

CN=OpenFin Inc.,O=OpenFin Inc.,POSTALCODE=10004,STREET=80 Broad Street,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

32:40:42:fd:d1:83:23:34:fb:47:90:fd:92:1a:33:80
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/05/2020, 00:00

Not After

05/05/2022, 23:59

Subject

CN=OpenFin Inc.,O=OpenFin Inc.,POSTALCODE=10004,STREET=80 Broad Street,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:49:26:43:99:fb:76:5d:86:ca:20:e2:aa:46:3c:03:e9:49:f7:ae:41:f4:44:51:29:ce:26:16:ba:4c:a5:b9
Signer

Actual PE Digest

03:49:26:43:99:fb:76:5d:86:ca:20:e2:aa:46:3c:03:e9:49:f7:ae:41:f4:44:51:29:ce:26:16:ba:4c:a5:b9

Digest Algorithm

sha256

PE Digest Matches

true

55:70:c4:cf:ea:d0:01:c9:62:eb:95:b5:71:02:45:45:d6:27:00:e0
Signer

Actual PE Digest

55:70:c4:cf:ea:d0:01:c9:62:eb:95:b5:71:02:45:45:d6:27:00:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DuplicateHandle
CreateProcessW
QueryPerformanceCounter
GetProcAddress
CreateMutexW
ReleaseMutex
WaitForSingleObject
TerminateProcess
K32EnumProcesses
OpenProcess
GetProcessId
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateEventW
WaitForMultipleObjects
FindResourceW
LoadResource
SizeofResource
LockResource
FormatMessageW
CreatePipe
SetHandleInformation
GetExitCodeProcess
GetFileSize
ReadFile
MulDiv
GetStringTypeW
GetCurrentThread
EncodePointer
DecodePointer
GetModuleHandleA
GetTickCount
ReleaseSemaphore
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SystemTimeToFileTime
FormatMessageA
RaiseException
RtlUnwind
GetCommandLineW
IsProcessorFeaturePresent
GetCPInfo
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
HeapReAlloc
ExitThread
LoadLibraryExW
GetLastError
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
IsDebuggerPresent
GetStdHandle
GetFileType
GetModuleFileNameW
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
InitializeSListHead
UnregisterWaitEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
RemoveDirectoryW
SetFileAttributesW
SetFileTime
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
LoadLibraryA
GetStringTypeExW
LoadLibraryW
QueryPerformanceFrequency
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetFileAttributesW
LocalFree
SetEnvironmentVariableW
UnmapViewOfFile
LocalFileTimeToFileTime
SetFilePointer
ConnectNamedPipe
CreateNamedPipeW
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
ReadProcessMemory
K32GetModuleFileNameExW
GetShortPathNameW
ExpandEnvironmentStringsW
LocalAlloc
GetLongPathNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLocalTime
GetTempPathW
CreateFileW
CreateDirectoryW
GetCurrentProcess
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
ResetEvent
SetEvent
GetCurrentProcessId
WaitForSingleObjectEx
CloseHandle
OpenEventA
CreateEventA

user32

SetDlgItemTextW
SendDlgItemMessageW
EnableWindow
GetDlgItem
SetWindowTextW
GetClassLongW
EndDialog
DialogBoxParamW
WaitForInputIdle
PostThreadMessageW
GetWindowThreadProcessId
SendMessageTimeoutW
ReplyMessage
ScreenToClient
SetWindowPos
GetClientRect
LoadStringW
GetWindowTextLengthW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
RegisterWindowMessageW
CreateWindowExW
EnumWindows
UnregisterClassW
wsprintfW
LoadCursorW
SetCursor
TrackMouseEvent
GetCursorPos
GetDesktopWindow
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
DefWindowProcW
SetTimer
KillTimer
PostMessageW
SendMessageW
PostQuitMessage
FindWindowW
SetForegroundWindow
LoadIconW
MonitorFromPoint
GetMonitorInfoW
GetWindowPlacement
IsWindowVisible
ShowWindow
GetWindowTextW
RegisterClassExW
GetSysColorBrush
InSendMessage
ReleaseCapture
SetCapture
GetWindowRect
GetCapture
SetClassLongW
LoadImageW
UpdateLayeredWindow
DestroyWindow

dbghelp

MiniDumpWriteDump

wininet

InternetReadFile
InternetGetConnectedState
InternetGetLastResponseInfoW
InternetOpenW
InternetSetOptionW
InternetCloseHandle
InternetQueryOptionW
InternetQueryDataAvailable
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetErrorDlg
InternetCrackUrlW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

gdi32

GetDeviceCaps
CreateFontIndirectW
AddFontResourceW
RemoveFontResourceW
SetTextColor
SetBkMode
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

RegQueryInfoKeyW
LookupAccountNameW
GetUserNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
ConvertSidToStringSidW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHGetPropertyStoreForWindow
CommandLineToArgvW

gdiplus

GdipCreateBitmapFromFile
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipDrawString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteGraphics
GdipCreateSolidFill
GdipResetClip
GdipFillPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientCenterPointI
GdipCreatePathGradientFromPath
GdipSetClipRegion
GdipDeleteRegion
GdipCreateRegionPath
GdipAddPathPieI
GdipDeletePath
GdipCreatePath
GdipSetSmoothingMode
GdipFillRectangleI
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipMeasureString
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromScan0
GdipDrawCachedBitmap
GdiplusShutdown
GdiplusStartup
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipCreateBitmapFromStream

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptQueryObject
CryptMsgGetParam

shlwapi

PathFileExistsW
PathCreateFromUrlW
SHStrDupW
UrlCreateFromPathW

ole32

CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

urlmon

IsValidURL

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

849be5f1aea77cce1b7f42ca6b1d23e8

Code Sign

32:40:42:fd:d1:83:23:34:fb:47:90:fd:92:1a:33:80Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

32:40:42:fd:d1:83:23:34:fb:47:90:fd:92:1a:33:80Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

03:49:26:43:99:fb:76:5d:86:ca:20:e2:aa:46:3c:03:e9:49:f7:ae:41:f4:44:51:29:ce:26:16:ba:4c:a5:b9Signer

55:70:c4:cf:ea:d0:01:c9:62:eb:95:b5:71:02:45:45:d6:27:00:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

dbghelp

wininet

version

comctl32

gdi32

advapi32

shell32

gdiplus

crypt32

shlwapi

ole32

urlmon

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 669KB - Virtual size: 668KB

.data Size: 105KB - Virtual size: 132KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 147KB - Virtual size: 147KB

32:40:42:fd:d1:83:23:34:fb:47:90:fd:92:1a:33:80
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

32:40:42:fd:d1:83:23:34:fb:47:90:fd:92:1a:33:80
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

03:49:26:43:99:fb:76:5d:86:ca:20:e2:aa:46:3c:03:e9:49:f7:ae:41:f4:44:51:29:ce:26:16:ba:4c:a5:b9
Signer

55:70:c4:cf:ea:d0:01:c9:62:eb:95:b5:71:02:45:45:d6:27:00:e0
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 669KB - Virtual size: 668KB

.data
Size: 105KB - Virtual size: 132KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 147KB - Virtual size: 147KB