» ramnitkiller.exe
Overview
Analysis
File Details
Downloads (27)

ramnitkiller.exe

PC Media Express for Ramnit

PC Media

File name:

ramnitkiller.exe

Publisher:

PC Media

Product:

PC Media Express for Ramnit

Description:

Special Cleaner for Ramnit

Version:

0.1.0.558

MD5:

718d5fa757dce4e666535bde620774d1

SHA-1:

7c8204fb17ff320dbd82bdebba2880b4053411f7

SHA-256:

e75a3f988f63d84abf4e087e8ddcd2e544cd03a0e3b7c575513e069b82b654ce

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 8:18:31 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Laneul

1.3.0.4959

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

File size:

842.5 KB (862,720 bytes)

Product version:

0.1.0.0

Trademarks:

PC Media

Original file name:

PCMAVExpress.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\ramnitkiller.exe

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:wTfGcdO1NnSbSJmp3USU7oDnSp1eyzc2rJ8UKN2KuhXM+1hP1NGui4q2sNO0cc:w3dOmJlU7oDc1Fg+J8UK+1hP1NGL2

Entry address:

0xAF918

Entry point:

55, 8B, EC, 83, C4, F0, B8, 58, F6, 4A, 00, E8, D0, 79, F5, FF, E8, 77, FC, FF, FF, 84, C0, 74, 18, 68, 30, 10, 00, 00, 68, A0, F9, 4A, 00, 68, A8, F9, 4A, 00, 6A, 00, E8, 35, 87, F5, FF, EB, 51, E8, 5E, FB, FF, FF, 84, C0, 75, 18, 68, 10, 10, 00, 00, 68, C8, F9, 4A, 00, 68, D0, F9, 4A, 00, 6A, 00, E8, 14, 87, F5, FF, EB, 30, A1, 74, 30, 4B, 00, 8B, 00, E8, E6, E6, FA, FF, 8B, 0D, 80, 2E, 4B, 00, A1, 74, 30, 4B, 00, 8B, 00, 8B, 15, 74, 71, 4A, 00, E8, E6, E6, FA, FF, A1, 74, 30, 4B, 00, 8B, 00, E8, 5A, E7... 
[+]

Entropy:

6.6837

Developed / compiled with:

Microsoft Visual C++

Code size:

698.5 KB (715,264 bytes)

The file ramnitkiller.exe has been seen being distributed by the following 27 URLs.

https://fs08n1.sendspace.com/dl/1bca7da1c04a216d9364396b8a1f0e80/583686ea2ea587b3/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/6b5d84ac4a8c90c257cbd13b37786bfc/580d67d05052e318/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/791b5e11eaa0a36321e4458c380fb86e/5847b04d2c0d68a9/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/17f190569313c519cff1d8d387ee4a2a/58328d1352b25290/.../RamnitKiller.exe

https://fs08n5.sendspace.com/dl/906c334f2cec7302f808fa260ddaf965/576d4c62433ab279/.../RamnitKiller.exe

https://fs08n1.sendspace.com/dl/4f22f1d2756ad72cf4ff2675871fdc7e/583ae1810e9350b7/.../RamnitKiller.exe

https://fs08n5.sendspace.com/dl/5ee3728dbf21a64d787d7149f2f913ee/5818a2102558be31/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/d98692961d44303d52ea22f5d6824a93/57b8234922d6e843/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/38c699d6846b89b0b9a96162ed52ac0b/5833a4004688bca1/.../RamnitKiller.exe

https://fs08n2.sendspace.com/dl/dbf8b18fba1c47d0727f6d5bf46dc6f6/58145d851bf80bfd/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/ac3eb09e19d70ac451af66a41c8d9cf6/567d1319747d3693/.../RamnitKiller.exe

https://fs08n2.sendspace.com/dl/54c41036894552e32f03f18279632b62/5834c9ed2515c259/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/371266b44744b83195388b801fee6db3/57d6216f356d86f9/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/85425bf923d2e31b2cf14573c703ccd8/5748fce15de3176e/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/6a94160f98c3b17c751c4e50fcfe8db7/56c432005ba7383c/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/db65fed0829b47df804d9f89ec6b4be9/5711cbf3674a7381/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/3aa31b582ad316c740943d065515cd9e/5654329441f1692f/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/da3025ddfa154a305344a397bb56ea7f/56d6a4c423263274/.../RamnitKiller.exe

https://fs08n5.sendspace.com/dl/ab442592e0180c721f5dcc06861d565c/57088aaf6779694d/.../RamnitKiller.exe

https://fs08n1.sendspace.com/dl/4f74c608470ddb8f33aa9995134ef46f/56761c204ba502ce/.../RamnitKiller.exe

https://fs08n2.sendspace.com/dl/281f79b09d9fad2e0ab5924e69170a8d/5676b0b54fd22787/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/8e847f6b3352b4b981b0552e5049de10/566795d044cd2d50/.../RamnitKiller.exe

https://fs08n3.sendspace.com/dl/0ce6d1da6d4ed3557fc863868986733e/5699bf9b4b98ae3e/.../RamnitKiller.exe

https://fs08n4.sendspace.com/dl/2a941bcaead79327a7b4bafaa5946066/566ed30341033894/.../RamnitKiller.exe

https://fs08n2.sendspace.com/dl/62550695878459799565e0e037f7ec92/56a03b0575c4016e/.../RamnitKiller.exe

https://fs08n1.sendspace.com/dl/0ea625e26ff3d931e0d89aab77f01cba/54b296ad152be9a3/.../RamnitKiller.exe

https://fs08n1.sendspace.com/dl/cfa9e02f0f33503b5a6f64cdaf36adbf/54be47064b750362/.../RamnitKiller.exe

Scan ramnitkiller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.