The RunAsTI exe (Run As TrustedInstaller) Nikzzzz Soft File Malware Analysis

The RunAsTI.exe (Run As TrustedInstaller) File Analysis

Updated 2 days ago

Checked by Malaware Check

RunAsTI.exe

Hash Type	Value	Action
MD5	80454e70784f1ddb0c91d41469e2498d
SHA1	2f3f04ef670895de12cdfbae17c9d427e7caa97a
SHA256	a3e0ba70ba908de8a75825c3a1ff36147e02c686280993c2caa8a9a6968764b0
SHA512	709ed0fc9e2520a5beb57379e90be12cac680060b4c72ff50e9d9897f3a4d7a57f84b9be04b78974e6f6b73cda7202bfc617835cee3011eed7f0ee6f5e82edf7
ImpHash	9b7a77472b758f560894cabfc7ab4b3d

Hash Type

Value

Action

MD5

80454e70784f1ddb0c91d41469e2498d

SHA1

2f3f04ef670895de12cdfbae17c9d427e7caa97a

SHA256

a3e0ba70ba908de8a75825c3a1ff36147e02c686280993c2caa8a9a6968764b0

SHA512

709ed0fc9e2520a5beb57379e90be12cac680060b4c72ff50e9d9897f3a4d7a57f84b9be04b78974e6f6b73cda7202bfc617835cee3011eed7f0ee6f5e82edf7

ImpHash

9b7a77472b758f560894cabfc7ab4b3d

PE Analysis

Basic Information

▼

Icon	Hash: f350704f0c32ab7b6f319a4bf7068883 Fuzzy: e22f44c0f96112b9123fc8dd828b11ee dHash: 70f0b6e6dcd8f132
Image Base	`0x140000000`
Entry Point	`0x140001000`
Compilation Time	2020-04-15 16:13:12
Checksum	0x00015e20 (Actual: 0x00015e20)
OS Version	4.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
Digital Signature	Chain verification from CN=Nikzzzz Soft, C=RU (serial:-31724639348027295635647097834755804335, sha1:cc6375d8c0c735876f41f451e32fdee8727a5b5d) failed: The X.509 certificate provided is self-signed - "Common Name: Nikzzzz Soft, Country: RU"
Imports	4 libraries msvcrt, KERNEL32, ADVAPI32, USER32
Exports	0 functions
Resources	4 Resources
Sections	6 Sections

Version Information

▼

CompanyName	Nikzzzz Soft
ProductName	RunAsTI
ProductVersion	2020,4,15,1
FileVersion	2020,4,15,1
FileDescription	Run As TrustedInstaller
InternalName	RunAsTI.exe
OriginalFilename	RunAsTI.exe
LegalCopyright	(c)Nikzzzz
Translation	0x0000 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.code`	`0x00001000`	5,813 bytes	6,144 bytes	5.26 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`CCB53D9A8A44C5899ADF8C5C32EF5D4A`
`.text`	`0x00003000`	5,443 bytes	5,632 bytes	5.86 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`E92C204CFB11B919D51127066756A6E2`
`.rdata`	`0x00005000`	540 bytes	1,024 bytes	2.78 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`84D3F0A2DC9D637FC7CB6A843546C500`
`.pdata`	`0x00006000`	504 bytes	512 bytes	3.88 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`AA2D9C2393CA54D2AB90794C5CE17471`
`.data`	`0x00007000`	3,208 bytes	3,072 bytes	3.71 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`AF359B1901991E16BF0E408D7E8A4869`
`.rsrc`	`0x00008000`	5,876 bytes	6,144 bytes	4.07 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`27290D947C0745D12876B77C56975BCD`

Resource Analysis

▼

Total Resources: 4 (5,569 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	4,264 bytes	76.6%
RT_GROUP_ICON	1	20 bytes	0.4%
RT_VERSION	1	712 bytes	12.8%
RT_MANIFEST	1	573 bytes	10.3%

Certificate Chain Analysis

▼

Certificate Information

Product	RunAsTI
Description	Run As TrustedInstaller
File Version	2020,4,15,1
Original Name	RunAsTI.exe
Signing Date	04:14 PM 04/15/2020 (1872 days ago)
Verification Status	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers	Nikzzzz Soft
Internal Name	RunAsTI.exe
Copyright	(c)Nikzzzz

Certificate Chain Summary

Nikzzzz Soft #1 Primary

Validity Period: 2016-12-31 21:00:00 → 2026-12-31 21:00:00

Signature Algorithm: md5RSA

Serial Number: E8 22 0E 84 93 E2 E5 A6 4A 1F 16 85 C6 08 B3 51

Symantec Time Stamping Services CA - G2 #2 Chain

Validity Period: 2012-12-21 00:00:00 → 2020-12-30 23:59:59

Signature Algorithm: sha1RSA

Serial Number: 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B

Symantec Time Stamping Services Signer - G4 #3 Chain

Validity Period: 2012-10-18 00:00:00 → 2020-12-29 23:59:59

Signature Algorithm: sha1RSA

Serial Number: 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

Chain verification from CN=Nikzzzz Soft, C=RU (serial:-31724639348027295635647097834755804335, sha1:cc6375d8c0c735876f41f451e32fdee8727a5b5d) failed: The X.509 certificate provided is self-signed - "Common Name: Nikzzzz Soft, Country: RU"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	RunAsTI.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version	1.0.217.174
Database Version	2025-05-29 22:00:18 UTC

The RunAsTI.exe (Run As TrustedInstaller) File Analysis

Technical Analysis

Clean File

Scan Another File

File Identification