File Information hashes and primary classification
File name
2
File size
18.8 MiB
Architecture
MSI
MD5
be44732e9470613588c5d3d77ce0750e
SHA1
8eea56a36ddc52a8e2a58f14b7b419f0ff04b488
SHA256
ee0f0f2f089ee0594da5750bb4e342c34d703ea045ed80c3b73c81d2f3de8bd4
TLSH
T17e17337139c1c532d3da43ba8e52a25127967c740b30e58fb35c7d29e9319e3b87932a
Imphash
-
Rich header
-
Metadata parser-extracted fields
General:
Type:
MSI Installer
SummaryInformation-0:
CODEPAGE:
1252
TITLE:
RVtools System 4.7.0.2
KEYWORDS:
Installer
TEMPLATE:
Intel;1033
REVNUMBER:
{AB8628F6-DA13-4049-9597-26D91707CDD7}
CREATED:
2025-07-19 13:02:12
LASTSAVED:
2025-07-19 13:02:12
PAGECOUNT:
200
WORDCOUNT:
2
SECURITY:
2
AUTHOR:
RVtools System
SUBJECT:
RVtools System
APPNAME:
MSI Wrapper (25.0.54.0)
COMMENTS:
Provides system services for Windows processes.
DocumentSummaryInformation-0:
CODEPAGE:
1252
Unknown:
1033
COMPANY:
RVtools System
YARA Signatures 4 matching rules

Type.SUSPICIOUS

destruction
ValuableFileExtensions

Type.UNCOMMON

fingerprint
FingerprintSoftware
lateral movement
ElevatePrivileges
RunShell
Kesakode similarity verdict
No Kesakode verdict available.
Anomalies signals worth reviewing
embedding: EmbeddedProgram
Constants identified constants and patterns
guid: IPersistFile 1 IShellLinkW 1
runtime: msvc_date 1 msvc_locale 1 msvc_r6002 1 msvc_r6008 1 msvc_r6009 1 msvc_r6016 1 msvc_r6019 1 msvc_r6024 1 msvc_r6025 1 msvc_r6026 1 msvc_r6031 1 msvc_r6033 1 msvc_r6034 1 msvc_runtime 1
Strings highest-value extracted strings
Kesakode
260027
Malware 0 Library 0 Unknown 259901 Clean 126
AddressStringRefsEncodingScore
0x32E00 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall 0 UTF16 195
0x32320 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ 0 UTF16 178
0x2DF2C cmd.exe 0 UTF16 158
0x32C0C DisplayName 0 UTF16 140
0x4852C AdjustTokenPrivileges 0 ASCII 136
0x30F00 Unable to get valid exit codes from ini file: 1 UTF16 134
0x7E0E6D :.7z 0 ASCII 134
0x5000 NameTableTypeColumn_ValidationValueNPropertyId_SummaryInformationDescriptionSetCategoryKeyColumnMaxValueNullableKeyTa... 12 ASCII 130
0x305D0 Unable to get wrapped setup file name from ini file 2 UTF16 130
0x31D58 - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 0 UTF16 126
0x618246 @-doc 0 ASCII 125
0xD91330 8-cad 0 ASCII 125
0x30E78 RunAfterInstallParameters 1 UTF16 124
0x1953C8 \ndoc 0 ASCII 124
0x49112 Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninst... 0 UTF16 122
0x309D8 Unable to create session directory. 2 UTF16 122
0x30E38 BZ.RUN_AFTER_INSTALL_PARAMETERS 2 UTF16 121
0x30FD0 Setup parameters are 1 UTF16 120
0xAB67DA 7z.R9i3 0 ASCII 120
0x48092 Software\Microsoft\Windows\CurrentVersion 0 UTF16 119
0x88D00E ^7z/\r9 0 ASCII 119
0x4B0DA <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVer... 0 ASCII 118
0x30940 InstallPrepareInternal. 2 UTF16 118
0x10233D7 ;,mp4 0 ASCII 117
0x5A6F4F 3ds+: 0 ASCII 117
0x12C7D40 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r\n<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifes... 0 ASCII 116
0x3081C BZ.UINONE_INSTALL_ARGUMENTS 2 UTF16 116
0x3117C Unpacked files directory: 1 UTF16 116
0x4BA55D 8=v_W 7z 0 ASCII 116
0x4100 {AB8628F6-DA13-4049-9597-26D91707CDD7} 1 ASCII 115
0x11EEA4B VWr$\7z 0 ASCII 115
0x12AFBF0 7z]J 0 ASCII 115
0x1DAEF8 7z<G 0 ASCII 115
0xFD58B5 O]7z 0 ASCII 115
0x480EA \Microsoft\Internet Explorer\Quick Launch 0 UTF16 113
0xC13F22 Wr:!7z 0 ASCII 113
0x12F338 }z:ps1 0 ASCII 113
0x1F5700 _\n" 7z 0 ASCII 113
0x4AF92 2026 Obsidian Vector Labs. Proprietary. Unauthorized use prohibited. 0 UTF16 111
0x32EA8 ModifyRegistry: Error getting UninstallString value from registry. 0 UTF16 111
0x338D0 C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb 0 ASCII 110
0x29DE9 SSSSW 1 ASCII 110
0xB67B2A Q&7z= 0 ASCII 110
0x8DC917 7z`'e 0 ASCII 110
0x31518 Integrity of cabinet file may be compromised. Too risky to continue. 0 UTF16 109
0x492AA Error writing temporary file. Make sure your temp folder is valid. 0 UTF16 109
0x30480 Unable to get ini file name from BZ.INIFILE or CustomActionData 0 UTF16 108
0x30A64 WrappedApplicationId 2 UTF16 108
0x30A40 BZ.WRAPPED_APPID 2 UTF16 107
0x32AB0 <UILEVEL> 1 UTF16 107
0x31608 Stop because the action run before the installer exited with an exit code. 0 UTF16 106
0x319D8 Stop because the action run after the installer exited with an exit code. 0 UTF16 106
0x31390 Session directory is not empty. Someone may try to hack the installation. 0 UTF16 106
0x32A58 SOFTWARE\EXEMSI.COM\MSI Wrapper 0 UTF16 106
0x3929F 1Q1Y1j1v1 1 ASCII 106
0x2A5BF3 [&7z 0 ASCII 106
0xECD651 ~>7z 0 ASCII 106
0x9BADF4 B%7z 0 ASCII 106
0x432005 e#7z 0 ASCII 106
0x9FA57A U*7z 0 ASCII 106
0x310D67 7z" 0 ASCII 106
0x111A3EE +7z= 0 ASCII 106
0xB35E21 7z'] 0 ASCII 106
0xA695D4 "~7z 0 ASCII 106
0x7551E9 %7z\ 0 ASCII 106
0xB6D881 !_7z 0 ASCII 106
0x111933B 7z&r 0 ASCII 106
0x4254 \n\n""")))***++//////555=====MMMMMMMM\\aaaaaaaaoorrrsssttwwwwww 0 UTF16 105
0x3043C CustomActionData 2 UTF16 104
0x3E2D4 """)))***++//////555=====MMMMMMMM\\aaaaaaaaoorrrsssttwwwwww 0 UTF16 103
0x31C98 The user is not a member of the Administrators group. 0 UTF16 103
0x30520 Cleanup is skipped because the debug mode is active. 0 UTF16 103
0x33280 DeleteRegValue: Unable to delete value in registry. 0 UTF16 103
0x336C0 params1= 0 UTF16 103
0x33710 params2= 0 UTF16 103
0x6CC80A :|7z 0 ASCII 103
0xF7B6F4 V(7z 0 ASCII 103
0x32BA0 Detect installation context (per user or per machine) 0 UTF16 102
0x314B0 Unable to get cabinet security attributes value. 0 UTF16 102
0x12C79E1 Provides system services for Windows processes. 0 UTF16 102
0x31FA8 InstallPrepareInternal returned successfully 0 UTF16 102
0x32038 InstallFinish1Internal returned successfully 0 UTF16 102
0x3B000 s SystemProductVersionWIX_DOWNGRADE_DETECTEDWIX_UPGRADE_DETECTEDSecureCustomPropertiesWIX_DOWNGRADE_DETECTED;WIX_UPGR... 0 ASCII 101
0x33210 SetDWordValue: Unable to open registry key. Error: %d 0 UTF16 101
0x31C30 The user is a member of the Administrators group. 0 UTF16 101
0x33430 DeleteRegKey: Unable to delete key in registry. 0 UTF16 100
0x36B33 _InstallPrepare@4 1 ASCII 100
0x30BCC BaseName 2 UTF16 100
0x38458 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">\r\n <trustInfo xmlns="urn:schemas-microsof... 0 ASCII 99
0x30C68 WorkingDir 2 UTF16 99
0x30CD0 SessionDir 2 UTF16 99
0x32D58 ModifyRegistry: Application id list is empty. 0 UTF16 98
0x12C7B8F Microsoft Corporation. All rights reserved. 0 UTF16 98
0x2ECF8 operator 1 ASCII 98
0x330C8 SetDWordValue: Unable to set DWORD in registry. 0 UTF16 97
0x333D0 DeleteRegValue: Unable to open registry key. 0 UTF16 97
0x31428 Unable to create session file directory. 0 UTF16 97
0x487C4 ShowWindow 1 ASCII 97
0x406FDF wd0w 1 ASCII 97
0x75CF8C jT;j 1 ASCII 97
0x7E308F FXTF 1 ASCII 97
0x11E70EB r8v8 1 ASCII 97
0x298C41 7OOk 1 ASCII 97
0xE69FB9 dWyd 1 ASCII 97
0x8D563F pgph 1 ASCII 97
0x5ECDA RL\nR 1 ASCII 97
0x59826B rRRg 1 ASCII 97
0x5BA1D0 7"7Q 1 ASCII 97
0x357F51 K.K: 1 ASCII 97
0x87283F 13m1 1 ASCII 97
0x79B349 .ddq 1 ASCII 97
0xD92227 -/\n- 1 ASCII 97
0x10F3E59 OOH\r 1 ASCII 97
0x522AFF <._. 1 ASCII 97
0xDD8EF5 mjm6 1 ASCII 97
0x10A8F36 oprp 1 ASCII 97
0xBFB3B [e[y 1 ASCII 97
0xAACDE1 L5aa 1 ASCII 97
0x2E680 \r\nThis application has requested the Runtime to terminate it in an unusual way.\nPlease contact the application's s... 0 ASCII 96
0x31958 Exit code %ld is mapped to %ld using the map '%s'. 0 UTF16 96
0x31828 Success running wrapped setup. Exit code %d 0 UTF16 96
0x300E4 GetUserObjectInformationA 2 ASCII 96
0x48D84 GetFileSize 1 ASCII 96
0x33560 DeleteRegKey: Unable to open registry key. 0 UTF16 95
0x320F8 Wrapped setup was installed Per Machine 0 UTF16 95
0x2000 Root Entry 71 UTF16 95
0xD64BCF 11MaW\r 1 ASCII 95
0x1135FCE pHUphc 1 ASCII 95
0xC5676F tD2.v. 1 ASCII 95
0xF7477D ;\OxO3 1 ASCII 95
0x7FCCDE yXTygG 1 ASCII 95
0x75DE4E hZKdLd 1 ASCII 95
0x2E36C6 kpRFR 1 ASCII 95
0xF8F889 :ufu6 1 ASCII 95
0x4E6453 g<00W 1 ASCII 95
0xC2613E Q]QNB 1 ASCII 95
0x275144 2P<PS 1 ASCII 95
0x5729F3 \aWua 1 ASCII 95
0x974F2A ft1f; 1 ASCII 95
0x10159E8 Pt464 1 ASCII 95
0x97FF40 HADJD 1 ASCII 95
0x30B78 Unable to get base name of wrapped setup. 0 UTF16 94
0x30F80 Unable to get base name from ini file: 0 UTF16 94
0x32800 Extract files from installer cabinet 0 UTF16 94
0x48002 Control Panel\Desktop\ResourceLocale 0 UTF16 94
0x30A20 msiwrapper.ini 0 UTF16 94
0x257B5D RciR7e> 1 ASCII 94
- dGuidA string GUID unique to this component, version, and language.Directory_DirectoryRequired key of a Directory tab... 0 ASCII 93
0x33030 ReadRegStr: Unable to query string value. 0 UTF16 93
0x32098 Wrapped setup was installed Per User 0 UTF16 93
0x12C7CB1 10.0.19041.1 (WinBuild.160101.0800) 0 UTF16 93
0x31780 Do not elevate executable installer 0 UTF16 93
0x31A70 Cleanup because an error occurred. 0 UTF16 93
0x323D8 Remove the system component entry. 0 UTF16 93
0x30D60 BZ.RUN_BEFORE_INSTALL_PARAMETERS 0 UTF16 93
0x32278 BZ.UIREDUCED_UNINSTALL_ARGUMENTS 0 UTF16 93
0x2EA84 `local vftable' 1 ASCII 93
0x36008 UuidToStringW 1 ASCII 93
0xDE0C2D Gxu\XY:R9R 1 ASCII 93
0x32CA8 Error setting security. Exit code %d. 0 UTF16 92
0x47FB2 .DEFAULT\Control Panel\International 0 UTF16 92
0x315A8 Unable to extract the cabinet file. 0 UTF16 92
0x32234 BZ.UIBASIC_UNINSTALL_ARGUMENTS 0 UTF16 92
0x2E094 KERNEL32.DLL 0 UTF16 92
0x32778 EXPAND.EXE 0 UTF16 92
0x324A0 SELECT `Data` FROM `Binary` WHERE `Name` = '%s' 0 UTF16 91
0x32510 Error in call to MsiDatabaseOpenView 0 UTF16 91
0x37C58 .?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ 0 ASCII 90
0x32B28 Success running action. Exit code %d 0 UTF16 90
0x37D08 .?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 0 ASCII 90
0x31328 Unable to check directory for files. 0 UTF16 90
0x32850 Error getting path of expand tool. 0 UTF16 90
0x32DB8 ModifyRegistry for application id 0 UTF16 90
0x12C7AB5 Host Process for Windows Services 0 UTF16 90
0x30898 BZ.UIREDUCED_INSTALL_ARGUMENTS 0 UTF16 90
0x33744 Elevate executable uninstaller 0 UTF16 90
0x322BC BZ.UIFULL_UNINSTALL_ARGUMENTS 0 UTF16 90
0x321F8 BZ.UINONE_UNINSTALL_ARGUMENTS 0 UTF16 90
0x4AF26 4.7.1.5 0 UTF16 90
0x4B086 4.7.1.5 0 UTF16 90
0x37D60 .?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 0 ASCII 89
0x30858 BZ.UIBASIC_INSTALL_ARGUMENTS 0 UTF16 89
0x32F5C Advapi32.dll 0 UTF16 89
0x2E1B0 mscoree.dll 0 UTF16 89
0x32C90 ICACLS.EXE 0 UTF16 89
0x12C7B55 start.exe 0 UTF16 89
0x12C7C11 start.exe 0 UTF16 89
0x1021EC2 xU|\rOoDvx 1 ASCII 89
0x8AC89E nhQQ_;HN% 1 ASCII 89
0xE6DAAD 5R+pX]p> 1 ASCII 89
0xFDF417 >S;/+3Y; 1 ASCII 89
0x101DB5B 4EngZr\n 1 ASCII 89
0x575985 `A!m`3G 1 ASCII 89
0x334AD7 o5qAQg8 1 ASCII 89
0xE50583 B08in0 1 ASCII 89
0xC68E8 $}hhi9h 1 ASCII 89
0xB50DC7 d1]-c/a 1 ASCII 89
0xD6CA1A /bMBg3C 1 ASCII 89
0x2781 C1A5G~A 1 ASCII 89
0x76366E '6LMMDA 1 ASCII 89
0x12C7C45 Microsoft Windows Operating System 0 UTF16 88
0x3331C DeleteRegValue: Value name= 0 UTF16 88
0x2C82 DocumentSummaryInformation 0 UTF16 88
0x9E47CD U8G<m@ 1 ASCII 88
0x119374D ]UQR^P 1 ASCII 88
0x7402B3 P^p4T: 1 ASCII 88
0x82966 SKrXbo 1 ASCII 88
0x795DBB O/b81S 1 ASCII 88
0x6C576F Cu?Ve> 1 ASCII 88
0xBA00A9 ^R8wFk 1 ASCII 88
0x11D5936 PTqpnC 1 ASCII 88
0xF69EE0 yu./Jk 1 ASCII 88
0x3BEC10 ZpDte= 1 ASCII 88
0x3F348A BEkyvh 1 ASCII 88
0x10522AA dxLK.e 1 ASCII 88
0x39D730 #r==Hq 1 ASCII 88
0x122B43 O<mVew 1 ASCII 88
0x859FEB xh\rM^2 1 ASCII 88
0x1229DEA JhWaq` 1 ASCII 88
0x4F84CC YM_lE4 1 ASCII 88
0xC822EC PAA6Z# 1 ASCII 88
0xDAC230 _Ga[iA 1 ASCII 88
0x116947C CytpIA 1 ASCII 88
0x1058A1B f2cjZ 1 ASCII 88
0xDDFD32 vGqZE 1 ASCII 88
0xD37BF3 z@9Q@ 1 ASCII 88
0x32D5B5 n5\na: 1 ASCII 88
0xAC14F8 YHl/e 1 ASCII 88
0x139F41 MGZN; 1 ASCII 88
0x11E1A21 al\r67 1 ASCII 88
0xE7995E rPOkf 1 ASCII 88
0x65F195 JNDQp 1 ASCII 88
0x60478A wIjFy 1 ASCII 88
0x6B8D00 Qm@?N 1 ASCII 88
0x180018 cTuHu 22 ASCII 88
0x52BCC4 Wp]ix 1 ASCII 88
0x965012 6bY?U 1 ASCII 88
0x1620C1 yP@w4 1 ASCII 88
0xC37527 \nXiHt 1 ASCII 88
0xDC1C1 Jmgx7 1 ASCII 88
0x2D251C URqTV 1 ASCII 88
0xF80D39 [p^gX 1 ASCII 88
0x8E0AF2 g>lx< 1 ASCII 88
0x6521B8 qC:@[ 1 ASCII 88
0x427AE7 >1Pox 1 ASCII 88
0x857FE0 y-BH7 1 ASCII 88
0x1001F7 j\r5CI 1 ASCII 88
0xE3EE27 T.T}: 1 ASCII 88
0x5F7572 IK/nO 1 ASCII 88
0x10985A3 -ZetO 1 ASCII 88
0x126F601 u->.x 1 ASCII 88
0x107F820 pajNy 1 ASCII 88
0x7AC9DB [a>/c 1 ASCII 88
0x279A46 gl=B7 1 ASCII 88
0x9AB3A CBk\V 1 ASCII 88
0xA9018D Wa^b0 1 ASCII 88
Functions high-value functions
No functions discovered.