RunAsTI[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

RunAsTI.exe
Size

26KB
MD5

80454e70784f1ddb0c91d41469e2498d
SHA1

2f3f04ef670895de12cdfbae17c9d427e7caa97a
SHA256

a3e0ba70ba908de8a75825c3a1ff36147e02c686280993c2caa8a9a6968764b0
SHA512

709ed0fc9e2520a5beb57379e90be12cac680060b4c72ff50e9d9897f3a4d7a57f84b9be04b78974e6f6b73cda7202bfc617835cee3011eed7f0ee6f5e82edf7
SSDEEP

384:8ZKqqO+5wZY//IfBbSh2u3JZEV065fC7iwUUukfR3lacMWkNgWwCy2nYPLN:+tqN5YYUBmcu5C6HrNJUbgWwCZC

Score

1^/10

Malware Config

Signatures

Files

RunAsTI.exe
.exe windows:4 windows x64 arch:x64

9b7a77472b758f560894cabfc7ab4b3d

Code Sign

17:dd:f1:7b:6c:1d:1a:59:b5:e0:e9:7a:39:f7:4c:af
Certificate

Issuer

CN=Nikzzzz Soft,C=RU

Not Before

31-12-2016 21:00

Not After

31-12-2026 21:00

Subject

CN=Nikzzzz Soft,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12
Signer

Actual PE Digest

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsstr
memcpy
wcscmp
wcslen

kernel32

GetModuleHandleW
HeapCreate
WTSGetActiveConsoleSessionId
GetModuleFileNameW
HeapDestroy
ExitProcess
GetCurrentProcess
CloseHandle
OpenProcess
GetLastError
RtlZeroMemory
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
InitializeCriticalSection
GetCommandLineW
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
GetCurrentDirectoryW
HeapReAlloc

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetLengthSid
OpenSCManagerW
OpenServiceW
StartServiceA
CloseServiceHandle
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority

user32

CharLowerW

Sections

.code
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b7a77472b758f560894cabfc7ab4b3d

Code Sign

17:dd:f1:7b:6c:1d:1a:59:b5:e0:e9:7a:39:f7:4c:afCertificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

Sections

.code Size: 6KB - Virtual size: 5KB

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1024B - Virtual size: 540B

.pdata Size: 512B - Virtual size: 504B

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

17:dd:f1:7b:6c:1d:1a:59:b5:e0:e9:7a:39:f7:4c:af
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12
Signer

.code
Size: 6KB - Virtual size: 5KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1024B - Virtual size: 540B

.pdata
Size: 512B - Virtual size: 504B

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB