rvlkl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rvlkl.exe
Size

480KB
MD5

048816370922501629ee2bf97b484b1f
SHA1

7e11c9a20bdcd4f4f942bd438bf33ca040a1e4a6
SHA256

fb4540cb80b681de56d182cc2185a73c88adf7dcf699896d6fff42c97078391e
SHA512

8157155e633c32c683b7172957f6ab4c8422af0b1c15746f4d9b3eeb8fbccef2181cef380525c33458b3b06dd91ecbb64b189eca629968b9278a00e00d5c3e5d
SSDEEP

12288:xsp0uGgDNtqRh2LvImHVCwRASyto6i+0uJzFV5KyZRO:x2GwH1yJi+fzFd

Score

1^/10

Malware Config

Signatures

Files

rvlkl.exe
.exe windows:5 windows x64 arch:x64

debaf5cf9cd217b5d627d01946ff6ffa

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:18:b5:68:17:4d:c2:d6:47:ec:70:ed:13:cc:bb:8d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/04/2013, 00:00

Not After

10/04/2016, 23:59

Subject

CN=Logixoft,O=Logixoft,POSTALCODE=29000,STREET=14\, rue Marie-Rose le Bloch,L=QUIMPER,ST=Bretagne,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:a7:41:fd:53:e3:77:fe:84:2e:52:8b:ad:19:4d:e6:9e:45:91:e5
Signer

Actual PE Digest

f2:a7:41:fd:53:e3:77:fe:84:2e:52:8b:ad:19:4d:e6:9e:45:91:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetWindowsDirectoryW
GetCurrentProcessId
LocalFree
GetSystemTime
GetVolumeInformationW
lstrcpyA
LoadLibraryW
SetLastError
ExitProcess
FindFirstChangeNotificationW
FindCloseChangeNotification
GetComputerNameW
GetTimeFormatA
FormatMessageA
GetDateFormatA
ExitThread
MultiByteToWideChar
FindNextChangeNotification
OpenFileMappingW
GetCurrentThreadId
GetDiskFreeSpaceExW
CreateThread
WriteConsoleW
SetFilePointerEx
GetStringTypeW
LCMapStringW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetShortPathNameW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
GetFileType
RtlUnwindEx
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
GetModuleHandleExW
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
CreateToolhelp32Snapshot
lstrcmpiW
Process32NextW
GetSystemInfo
RemoveDirectoryW
LockResource
Process32FirstW
GetLocalTime
GlobalFree
GetProcAddress
GetLastError
GlobalUnlock
SetThreadPriority
lstrcatA
GetModuleFileNameW
ReadFile
TerminateProcess
GetTimeFormatW
GetExitCodeProcess
GetVersionExW
SizeofResource
CopyFileW
Sleep
GetLocaleInfoW
WideCharToMultiByte
GlobalAlloc
OpenProcess
SetProcessPriorityBoost
WriteFile
SetFileTime
GetCurrentThread
OutputDebugStringW
WaitForSingleObject
GlobalLock
CreateDirectoryW
GetCurrentProcess
SystemTimeToFileTime
LoadResource
FindResourceW
lstrlenA
SetFilePointer
SetPriorityClass
GetFileSize
GetDateFormatW
GetEnvironmentVariableW
GetCommandLineW
lstrcpyW
CloseHandle
FindNextFileW
lstrcatW
CreateFileMappingW
FindClose
GetFileSizeEx
lstrlenW
lstrcmpW
CreateFileW
GetProcessHeap
GetModuleHandleW
HeapFree
HeapAlloc
UnmapViewOfFile
MapViewOfFile
SetStdHandle
FindFirstFileW

user32

GetSubMenu
GetKeyState
TrackPopupMenu
SetForegroundWindow
MsgWaitForMultipleObjects
PostMessageW
CopyRect
SetWindowTextW
SendMessageW
SetWindowLongPtrW
CreateWindowExW
ShowWindow
SetWindowPos
UnregisterClassW
SetCapture
PostQuitMessage
GetMessageW
DestroyAcceleratorTable
GetDlgItemInt
ToUnicodeEx
GetWindowThreadProcessId
RegisterHotKey
SetDlgItemTextA
DestroyIcon
UnregisterHotKey
EnableWindow
UpdateWindow
CreateMenu
ReleaseCapture
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
GetMenuInfo
GetMenuItemCount
SetMenuInfo
GetActiveWindow
GetSysColor
GetDesktopWindow
EndDialog
EnableMenuItem
GetKeyboardLayout
GetGUIThreadInfo
LoadIconW
IsDialogMessageW
SetDlgItemInt
GetScrollBarInfo
CharLowerW
GetDlgItem
InvalidateRect
BeginPaint
GetClientRect
GetMenuItemInfoW
CreateAcceleratorTableW
IsWindowEnabled
GetWindowLongPtrW
TranslateMessage
GetSystemMetrics
IsWindowVisible
GetWindowRect
DestroyWindow
EndPaint
DestroyMenu
FindWindowExW
CreatePopupMenu
GetCursorPos
AppendMenuW
GetDlgItemTextW
SetDlgItemTextW
DispatchMessageW
CloseClipboard
MapVirtualKeyW
CharUpperBuffW
DialogBoxIndirectParamW
GetDC
CreateDialogIndirectParamW
SystemParametersInfoW
PeekMessageW
TranslateAcceleratorW
CallNextHookEx
TrackPopupMenuEx
CallWindowProcW
MapWindowPoints
ReleaseDC
GetWindowTextW
RegisterClassExW
DrawFocusRect
GetClassInfoExW
SetFocus
LoadCursorW
GetParent
GetFocus
DrawTextW
GetWindowDC
ScreenToClient
GetWindowTextLengthW
DefWindowProcW
KillTimer
SetTimer
SetCursor
SetMenuItemInfoW
SetClipboardData
OpenClipboard
PostThreadMessageW
GetKeyNameTextW
EnumChildWindows
EmptyClipboard
GetClassNameW

gdi32

GetTextMetricsW
TextOutW
Polygon
CreatePen
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
SetBkMode
CreateFontIndirectW
SetTextColor
ExtTextOutW
CreateCompatibleBitmap
SetBkColor
GetStockObject
GetTextExtentPoint32W

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
CryptCreateHash
AllocateAndInitializeSid
RegDeleteValueW
GetNamedSecurityInfoW
LookupAccountSidW
ImpersonateSelf
LookupPrivilegeValueW
SetNamedSecurityInfoW
CryptReleaseContext
GetTokenInformation
CryptHashData
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
CryptDestroyHash
CheckTokenMembership
RegOpenKeyExW
FreeSid
CryptGetHashParam
OpenProcessToken
CryptAcquireContextW
OpenThreadToken
GetUserNameW
SetEntriesInAclW

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
SHChangeNotify

ole32

OleUninitialize
OleInitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

StrChrW
StrStrIW
StrRStrIW
PathStripPathW
PathAppendW
PathRemoveFileSpecW
ord219
PathMatchSpecW
StrCmpNW
StrFormatKBSizeW
PathRenameExtensionW
StrToIntW
PathRemoveExtensionW
StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetModuleBaseNameW

userenv

GetProfilesDirectoryW

comctl32

ord413
ord410
ord412
ImageList_Duplicate
ImageList_Destroy
ImageList_DrawIndirect
ImageList_Replace
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIcon
ord411

netapi32

NetQueryDisplayInformation

uxtheme

DrawThemeBackground
GetThemePartSize
OpenThemeData
CloseThemeData
DrawThemeText

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Exports

Exports

LowLevelKeyboardProc
LowLevelMouseProc

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

debaf5cf9cd217b5d627d01946ff6ffa

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

5b:18:b5:68:17:4d:c2:d6:47:ec:70:ed:13:cc:bb:8dCertificate

Extended Key Usages

Key Usages

f2:a7:41:fd:53:e3:77:fe:84:2e:52:8b:ad:19:4d:e6:9e:45:91:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

userenv

comctl32

netapi32

uxtheme

wtsapi32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 6KB - Virtual size: 17KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 225KB - Virtual size: 224KB

.reloc Size: 2KB - Virtual size: 1KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

5b:18:b5:68:17:4d:c2:d6:47:ec:70:ed:13:cc:bb:8d
Certificate

f2:a7:41:fd:53:e3:77:fe:84:2e:52:8b:ad:19:4d:e6:9e:45:91:e5
Signer

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 6KB - Virtual size: 17KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 225KB - Virtual size: 224KB

.reloc
Size: 2KB - Virtual size: 1KB