9d5a9bcc7e2b6a6b2306cb4a8c531a66706c225abce4fa6ee153fe3e5c5f1f83

Sharing

Copy URL

Twitter E-mail

General

Target

9d5a9bcc7e2b6a6b2306cb4a8c531a66706c225abce4fa6ee153fe3e5c5f1f83
Size

4.4MB
MD5

4793c04ee0c788ff482efae02faf95ef
SHA1

691fad12a467c8cd5af71a9c8dbcd1ef3d1ddeba
SHA256

9d5a9bcc7e2b6a6b2306cb4a8c531a66706c225abce4fa6ee153fe3e5c5f1f83
SHA512

d0efa6cc744237f8565b63dedb48cf08380ecf1699873fb7c4061d957ff5146ae13a96b129a036db6b322d1959fb2fc629cb745e1e7675ed0112d5349fc75023
SSDEEP

49152:eq0b+MfDP7iwutsV18Twpn0NXWZxWAaThnPgnTJKtl30:v0b6wgsV6Ts0NXYWAaThn4o0

Score

1^/10

Malware Config

Signatures

Files

9d5a9bcc7e2b6a6b2306cb4a8c531a66706c225abce4fa6ee153fe3e5c5f1f83
.exe windows:4 windows x86 arch:x86

c9d0c8c3d4498f62e77a2a9c257fee9f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:76:f9:b1:3c:0a:9a:6a:53:9d:3c:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/03/2024, 20:07

Not After

30/04/2027, 12:35

Subject

SERIALNUMBER=1461834,CN=R-Tools Technology Inc,O=R-Tools Technology Inc,STREET=10520 Yonge St Suite 232,L=Richmond Hill,ST=Ontario,C=CA,1.2.840.113549.1.9.1=#0c0f6f666669636540722d74742e636f6d,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:b7:b1:99:f2:26:a8:2e:57:eb:ca:ec:50:ea:7f:77:2f:eb:8d:86
Signer

Actual PE Digest

8c:b7:b1:99:f2:26:a8:2e:57:eb:ca:ec:50:ea:7f:77:2f:eb:8d:86

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\GIT\DataRecovery\rapps\Batch\RSAgent.pdb

Imports

kernel32

OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
CreateMutexA
GetLastError
SetConsoleCtrlHandler
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorPosition
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
CreateFileA
WriteFile
FindResourceA
LoadResource
SizeofResource
LockResource
CreateEventA
CloseHandle
WaitForMultipleObjects
ResetEvent
SetEvent
WideCharToMultiByte
lstrlenW
lstrlenA
GetModuleHandleA
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetDiskFreeSpaceA
BackupSeek
OpenThread
CallNamedPipeA
CreateEventW
BackupRead
GetWindowsDirectoryW
LoadLibraryExW
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
RtlUnwind
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
ExitProcess
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
Sleep
SetHandleCount
GetFileType
GetConsoleCP
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSection
InterlockedExchange
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SystemTimeToFileTime
GetSystemTime
GetLocalTime
SetSystemTime
LocalFileTimeToFileTime
QueryPerformanceFrequency
GetVersion
DisconnectNamedPipe
GetOverlappedResult
ReadFile
CreateNamedPipeA
CreateNamedPipeW
WaitNamedPipeA
WaitNamedPipeW
CreateFileW
ConnectNamedPipe
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
Process32NextW
Process32FirstW
GetSystemDirectoryA
GetSystemInfo
FormatMessageA
FormatMessageW
DuplicateHandle
GetExitCodeThread
TerminateThread
SuspendThread
GetThreadPriority
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
PulseEvent
SetConsoleTitleA
AllocConsole
GlobalMemoryStatus
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
GetFileTime
DeviceIoControl
DeleteFileA
MoveFileA
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
FindClose
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileTime
FindNextFileA
FindFirstFileA
FindFirstFileW
FindNextFileW
DeleteFileW
MoveFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
CreateThread
GetLogicalDrives
VirtualProtect
GetDriveTypeA
GetModuleHandleW
GetProcessId
GetExitCodeProcess
PeekNamedPipe
CreateProcessW
CreateProcessA
CreatePipe
ReadProcessMemory
GetThreadSelectorEntry
ResumeThread
GetThreadContext
GetEnvironmentVariableA
GetFileInformationByHandle
GetTempPathA
GetTempPathW
GetEnvironmentVariableW
BackupWrite
GetVolumeInformationA
GetFullPathNameA
GetVolumeInformationW
GetDriveTypeW
GetFullPathNameW
VirtualQuery
WriteProcessMemory
lstrcmpiA
LoadLibraryW
LoadLibraryExA
ExitThread

user32

GetWindowDC
GetActiveWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SystemParametersInfoW
IsWindow
DrawTextA
DialogBoxIndirectParamW
DrawTextW
EnumDisplaySettingsW
EnumDisplayDevicesW
GetDesktopWindow
ScreenToClient
SetClassLongA
GetSystemMenu
DeleteMenu
SetTimer
KillTimer
LoadImageA
DestroyIcon
GetWindowTextW
SetActiveWindow
LoadIconA
SetWindowTextW
LoadStringW
LoadStringA
GetCursorPos
SendMessageW
GetSubMenu
EnableMenuItem
SetForegroundWindow
TrackPopupMenuEx
DestroyMenu
GetWindowTextA
ReleaseDC
EnumChildWindows
MoveWindow
GetParent
GetWindow
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowTextA
EnableWindow
SetWindowLongA
OffsetRect
GetWindowLongA
SendMessageA
DestroyWindow
CreateWindowExA
SetWindowPos
ClientToScreen
GetWindowRect
DialogBoxParamW
DialogBoxParamA
EndDialog
GetDlgItemTextA
GetDlgItemTextW
MessageBeep
GetDlgItem
SetFocus
SetDlgItemTextA
SetDlgItemTextW
MessageBoxW
MessageBoxA
MapDialogRect
MsgWaitForMultipleObjects
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
PostMessageA
GetWindowLongW
ShowWindow
LoadIconW
LoadMenuA

gdi32

SelectObject
CreateFontIndirectA
GetObjectA
GetStockObject
SetBkColor
SetBkMode
SetTextColor
DeleteObject

shell32

Shell_NotifyIconA
ShellExecuteA

wsock32

WSASetLastError
WSAStartup
WSACleanup
__WSAFDIsSet
accept
getsockname
ioctlsocket
inet_addr
gethostbyname
gethostname
closesocket
shutdown
WSAGetLastError
select
setsockopt
send
recv
listen
bind
htons
socket
connect

advapi32

RegEnumValueA
RegConnectRegistryA
RegSetValueExW
RegQueryValueExW
RegConnectRegistryW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExA
RegEnumKeyExW
DuplicateToken
GetTokenInformation
GetUserNameA
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
PrivilegeCheck
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegDeleteValueA
RegSetValueExA
EqualSid
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceStatus
ControlService
StartServiceW
OpenServiceW
CreateServiceW
DeleteService
OpenSCManagerA
OpenServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateNamedPipeClient
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
RegFlushKey
RegDeleteValueW
RegEnumValueW
RegCreateKeyExA

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitialize

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantClear
VariantChangeType
SysFreeString
SysAllocString
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 560KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9d0c8c3d4498f62e77a2a9c257fee9f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

5a:76:f9:b1:3c:0a:9a:6a:53:9d:3c:5dCertificate

Extended Key Usages

Key Usages

8c:b7:b1:99:f2:26:a8:2e:57:eb:ca:ec:50:ea:7f:77:2f:eb:8d:86Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

wsock32

advapi32

ole32

oleaut32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 372KB - Virtual size: 371KB

.data Size: 104KB - Virtual size: 192KB

.rsrc Size: 560KB - Virtual size: 557KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

5a:76:f9:b1:3c:0a:9a:6a:53:9d:3c:5d
Certificate

8c:b7:b1:99:f2:26:a8:2e:57:eb:ca:ec:50:ea:7f:77:2f:eb:8d:86
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 372KB - Virtual size: 371KB

.data
Size: 104KB - Virtual size: 192KB

.rsrc
Size: 560KB - Virtual size: 557KB