Suspicious
Suspect

21c7d66c0b06a29f264b0ad804d25af6

PE Executable
|
MD5: 21c7d66c0b06a29f264b0ad804d25af6
|
Size: 24.48 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
21c7d66c0b06a29f264b0ad804d25af6
Sha1
14eba693deff0889550dd061d6340ef318b6ccc5
Sha256
e0ca1796fcdcc56c30c4ecfb79fbabe4767ce5d2ccc7c6148510d86237f07bd0
Sha384
15f0a4917789473ce1fb087b13577cb42b8f247b04337a4aac0f2af74efa1e7effa028eb64ed7fba6be603a7608fb3f9
Sha512
589657f3a922c755e09248cdc9354b55f0b99217e3463e08d89649928bb250f8ac84f709afda0dbb1af7f41b65b3f71a4274268ef2e9e77884bd4a1a4f87c16d
SSDeep
393216:HchTd2JfbpEMIXXQEft9EDd8gEgSPjeh+DA9eyOhHy1ibWMxXsU1+RB0KzY:2TkyRXX5Cd8cThp2y1ibDszRB0h
TLSH
423733313156C031D54202F2AD69AFBAD3ADAD35477A44CB73E86F2AC7314C27A31A5B

PeID

Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
21c7d66c0b06a29f264b0ad804d25af6
[Authenticode]_1b0425e7.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
CPADinfo
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
RT_RCDATA
ID:7D00
ID:1033
RT_GROUP_CURSOR4
ID:0065
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x1752000 size 26136 bytes
Info

PDB Path: C:\a\rescue-native-rescueassist\rescue-native-rescueassist\build\RelWithDebInfo\GoToResolveUnattendedUpdater.pdb
Artefacts
Name
 Value
URLs in VB Code - #1

https://dumpster.console.gotoresolve.com
URLs in VB Code - #2

https://dumpster.dev01-console.gotoresolve.com
URLs in VB Code - #3

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URLs in VB Code - #4

http://ocsp.digicert.com0A
URLs in VB Code - #5

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #6

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #7

http://www.digicert.com/CPS0
URLs in VB Code - #8

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
URLs in VB Code - #9

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
URLs in VB Code - #10

http://ocsp.digicert.com0
URLs in VB Code - #11

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
URLs in VB Code - #12

https://secure.logmein.com0
URLs in VB Code - #13

https://devices-iot.console.gotoresolve.com/
URLs in VB Code - #14

https://devices.console.gotoresolve.com/health
URLs in VB Code - #15

https://sessions.console.gotoresolve.com
URLs in VB Code - #16

https://applet.console.gotoresolve.com
URLs in VB Code - #17

https://custombranding.console.gotoresolve.com
URLs in VB Code - #18

http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_
URLs in VB Code - #19

http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0
URLs in VB Code - #20

http://ocsp.digicert.com0C
URLs in VB Code - #21

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #22

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
21c7d66c0b06a29f264b0ad804d25af6 (24.48 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙