Red Giant Service[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Red Giant Service.exe
Size

8.5MB
MD5

c41f0c9edd42533a2e9df4bb5936ff48
SHA1

14bd70019253b56eaff0db84e282634155e238c2
SHA256

87bda1eab6783e941387b646d5bba0f0428e38a8eb73ae7bcd3ab2b60aab128c
SHA512

6ec5f82a981f69b425a5ece67866d8398856414aa3a59e5eee70b3c47e4984016f2deb4f45c546adad7ea048a0c1b397fe571171f77e3f60b831fd992df9f2a7
SSDEEP

98304:CB+7gmSkMBt6EyZQdqCwxxYHW5tOdMYgB:28mdeW9qxY2HeMYgB

Score

1^/10

Malware Config

Signatures

Files

Red Giant Service.exe
.exe windows:6 windows x64 arch:x64

46ae5e5a2ab06451b46621a5a93dd45c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/06/2021, 00:00

Not After

13/08/2024, 23:59

Subject

CN=Maxon Computer GmbH,OU=SOFTWARE DEVELOPMENT,O=Maxon Computer GmbH,L=Friedrichsdorf,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:bf:80:ed:b3:d1:a4:a3:e7:7a:73:5c:f7:e9:e1:10:65:78:67:ea
Signer

Actual PE Digest

64:bf:80:ed:b3:d1:a4:a3:e7:7a:73:5c:f7:e9:e1:10:65:78:67:ea

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW

kernel32

SetWaitableTimer
TlsSetValue
TlsGetValue
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
QueueUserAPC
TerminateThread
WaitForMultipleObjects
RaiseException
InitializeCriticalSectionEx
DecodePointer
GetCurrentThreadId
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeviceIoControl
GetDriveTypeW
GetFileTime
GetCurrentProcess
GetDiskFreeSpaceW
LocalFree
FormatMessageA
GetThreadId
GetCurrentThread
SleepEx
CreateWaitableTimerW
GetVolumeInformationW
GetComputerNameW
GetModuleFileNameW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
WideCharToMultiByte
CreateProcessW
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
ResetEvent
GetOverlappedResult
LoadLibraryW
HeapDestroy
HeapReAlloc
HeapSize
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreW
lstrlenW
ReadDirectoryChangesW
GetLongPathNameW
CancelIo
SetThreadErrorMode
GetVersionExA
CreateDirectoryA
GetFileInformationByHandle
GetVolumeInformationA
GlobalFree
GetStdHandle
GetFileType
GetVersion
ExitThread
FindFirstFileW
FindNextFileW
GetCurrentProcessId
GetVersionExW
GlobalMemoryStatus
lstrcpyA
lstrcatA
lstrlenA
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapCompact
DeleteFileW
DeleteFileA
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
GetEnvironmentVariableW
GetModuleHandleExW
RtlVirtualUnwind
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetQueuedCompletionStatus
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
GetTimeZoneInformation
ExitProcess
DuplicateHandle
FreeLibraryAndExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
RtlPcToFileHeader
RtlUnwindEx
CopyFileW
CreateDirectoryExW
SetFilePointerEx
RemoveDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CreateWaitableTimerA
ResumeThread
OpenEventA
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetModuleFileNameA
CreateThread
CreateEventW
OutputDebugStringA
SetLastError
SetConsoleCtrlHandler
SetConsoleTitleW
AllocConsole
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
GetProcAddress
K32EnumProcesses
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SleepConditionVariableCS
GetExitCodeProcess
QueryPerformanceCounter
CreateProcessA
QueryPerformanceFrequency
GetEnvironmentVariableA
CreatePipe
SetHandleInformation
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
RemoveDirectoryA
MultiByteToWideChar
DeleteCriticalSection
InitializeConditionVariable
InitializeCriticalSection
WakeAllConditionVariable
GetProcessHeap
HeapAlloc
CreateFileA
Sleep
WriteFile
HeapFree
WaitNamedPipeA
SetNamedPipeHandleState
ReadFile
WaitForSingleObject
CreateEventA
TlsFree
CloseHandle
TlsAlloc
SetEvent
GetLastError
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetStringTypeW
GetExitCodeThread
GetLocaleInfoEx
RtlUnwind

user32

SendNotifyMessageW
RegisterWindowMessageW
PostMessageW
SendMessageTimeoutA
LoadStringA
GetSystemMetrics
GetAsyncKeyState
SetWindowsHookExW
UnhookWindowsHookEx
ClipCursor
CallNextHookEx
GetDC
ReleaseDC
GetDesktopWindow
SetCursorPos
GetCursorInfo
ShowCursor
GetCursorPos
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

gdi32

GetPixel

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptGenRandom
OpenSCManagerW
CloseServiceHandle
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptAcquireContextW
CryptDestroyKey
GetUserNameA
CryptSignHashW
CryptImportKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegSetValueExA
ReportEventA
RegisterEventSourceA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
CreateWellKnownSid
AddAccessAllowedAceEx
RegSetKeyValueA
RegEnumKeyExA
RegGetValueA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
OpenServiceA

shell32

SHFileOperationW
SHGetFolderPathA
ord190
SHGetSpecialFolderPathA
ord155
SHOpenFolderAndSelectItems
ShellExecuteW
SHGetFolderPathW
SHCreateItemFromParsingName

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ws2_32

WSACleanup
WSAStringToAddressA
WSAGetLastError
WSASetLastError
closesocket
ioctlsocket
setsockopt
WSASend
ntohs
htons
ntohl
htonl
listen
getsockname
bind
WSASocketW
shutdown
WSARecv
getpeername
getsockopt
WSAAddressToStringA
gethostname
recv
gethostbyaddr
inet_addr
gethostbyname
freeaddrinfo
getaddrinfo
socket
sendto
send
select
recvfrom
connect
accept
WSAStartup
__WSAFDIsSet

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptDestroyHash
BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptGenRandom

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

rpcrt4

UuidToStringA
UuidCreate
UuidCreateSequential
UuidToStringW
RpcStringFreeW
RpcStringFreeA

shlwapi

UrlUnescapeA
UrlEscapeW
UrlEscapeA
PathBuildRootW
PathFindFileNameW
PathGetDriveNumberW

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpCrackUrl
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

netapi32

NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 348KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46ae5e5a2ab06451b46621a5a93dd45c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1cCertificate

Extended Key Usages

Key Usages

64:bf:80:ed:b3:d1:a4:a3:e7:7a:73:5c:f7:e9:e1:10:65:78:67:eaSigner

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

mswsock

bcrypt

crypt32

rpcrt4

shlwapi

winhttp

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

netapi32

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 348KB - Virtual size: 384KB

.pdata Size: 262KB - Virtual size: 262KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 63KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

64:bf:80:ed:b3:d1:a4:a3:e7:7a:73:5c:f7:e9:e1:10:65:78:67:ea
Signer

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 348KB - Virtual size: 384KB

.pdata
Size: 262KB - Virtual size: 262KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 63KB