home

r9_karakter_hack.exe.exe

Remote Service Application

Microsoft Corp.

The executable r9_karakter_hack.exe.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from s2.dosya.tc.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
62d423a9868b21bc3145e1a0c5eba368

SHA-1:
99935ebf3c0c0726325313a66ed9109cde2d122d

SHA-256:
f891e361cbbf64662eadca3ccc58725d106d2cff0ffc652ad3539eba6bc0893a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/28/2024 7:29:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Backdoor (M)
16.7.22.0

File size:
1.2 MB (1,238,528 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\r9_karakter_hack.exe.exe

File PE Metadata
Compilation timestamp:
6/7/2012 6:59:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:CZ1xuVVjfFoynPaVBUR8f+kN10EB3WN20zWmsF20zWmP0:CQDgok309LzJaLzJs

Entry address:
0x8F888

Entry point:
55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
573 KB (586,752 bytes)

The file r9_karakter_hack.exe.exe has been seen being distributed by the following URL.

http://s2.dosya.tc/en2.php?a=server2/.../R9_Karakter_Hack.exe.exe&b=d849535475c1e36004e672a08cfa656d

Remove r9_karakter_hack.exe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.