» kaspersky rakhnidecryptor 1.14.0.0 rakhnidecryptor.exe
Overview
Analysis
File Details
Downloads (4)

kaspersky rakhnidecryptor 1.14.0.0 rakhnidecryptor.exe

RakhniDecryptor

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from web.archive.org and multiple other hosts.

File name:

kaspersky rakhnidecryptor 1.14.0.0 rakhnidecryptor.exe

Publisher:

Kaspersky Lab ZAO (signed by Kaspersky Lab)

Product:

RakhniDecryptor

Description:

Trojan-Ransom.Win32.Rakhni decryption tool

Version:

1.14.0.0

MD5:

a6acb4d7071b09ee1f775595de3d6eaa

SHA-1:

8b2d4b9011a75b2eafdbed904cbd4c621a4c5899

SHA-256:

dc86553ea93bc5034b6c2f99ac83dc8c2c1becee4557b474235bf7a82ba9db0b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 10:16:46 PM UTC (today)

File size:

1.5 MB (1,612,360 bytes)

Product version:

1.14.0.0

Trademarks:

Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:

RakhniDecryptor.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\kaspersky rakhnidecryptor 1.14.0.0 rakhnidecryptor.exe

Digital Signature

Signed by:

Kaspersky Lab

Authority:

DigiCert Inc

Valid from:

10/27/2014 1:00:00 AM

Valid to:

11/3/2017 1:00:00 PM

Subject:

CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU, PostalCode=125212, STREET=39A/3 Leningradskoe shosse, SERIALNUMBER=1027739867473, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0D0C681CE3699DB3F3234F70A5CDD362

File PE Metadata

Compilation timestamp:

7/22/2015 7:16:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:xE8HgoE9xSh4QGOdqyK2sUNZFtVm+pqn4D06/UGLgg:xNA7xSCQHdq/+/tekybg

Entry address:

0x36037C

Entry point:

50, 9C, 60, E8, 0C, 01, 00, 00, 01, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 7C, 03, 36, 00, 21, FF, 0E, 00, B0, 02, 36, 00, C9, 00, 00, 00, E8, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 60, 4E, 0A, 00, 1C, 6E, 2D, 00, 00, B0, 33, 00, E0, 73, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 00, 00, 6D, 12, 05, 00, 00, F8, 0C, 00, 00, 10, 0D, 00, 21, FF, 0E, 00, 00, 78, 20, 00, 00, 90, 2D, 00, 50, 4E, 00, 00, 00, D6, 01, 00, 00, B0, 33, 00, 59, 68, 00, 00... 
[+]

Code size:

830 KB (849,920 bytes)

The file kaspersky rakhnidecryptor 1.14.0.0 rakhnidecryptor.exe has been seen being distributed by the following 4 URLs.

http://web.archive.org/web/20151116224700/http://media.kaspersky.com/utilities/VirusUtilities/.../rakhnidecryptor.exe

http://www.programosy.pl/.../pobierz,kaspersky-rakhnidecryptor,2.html

http://media.kaspersky.com/utilities/VirusUtilities/.../rakhnidecryptor.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.