home

RAMSMASH.EXE

RamSmash

PGWARE LLC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RamSmash’.
Publisher:
SWIFTDOG  (signed by PGWARE LLC)

Product:
RamSmash

Version:
1.0.0.1

MD5:
d046805c5150ae6f37846f646140912f

SHA-1:
1f1a139d8946540c5bbe733b64d96f842938720a

SHA-256:
31a1979fd1bf5c531b944b68b96177fcd0b0cb4435495d346e0e2c212869443e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 4:11:54 PM UTC  (today)

File size:
2.4 MB (2,566,832 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2004-2010 SWIFTDOG

Original file name:
RAMSMASH.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ramsmash\ramsmash.exe

Digital Signature
Signed by:
PGWARE LLC

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/16/2008 3:00:00 AM

Valid to:
8/15/2010 2:59:59 AM

Subject:
CN=PGWARE LLC, OU=SECURE APPLICATION DEVELOPMENT, O=PGWARE LLC, L=Norman, S=Oklahoma, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
154769D6AC36E9E67991AAB61B629FA4

File PE Metadata
Compilation timestamp:
4/4/2010 9:06:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1423D4

Entry point:
55, 8B, EC, B9, 16, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, A8, A0, 53, 00, E8, FC, 7D, EC, FF, 33, C0, 55, 68, 92, 30, 54, 00, 64, FF, 30, 64, 89, 20, A1, B8, 89, 54, 00, 66, C7, 00, 2E, 00, 8D, 55, D4, B8, 01, 00, 00, 00, E8, 47, 21, EC, FF, 8B, 45, D4, BA, B0, 30, 54, 00, E8, B6, 4C, EC, FF, 0F, 85, 8C, 08, 00, 00, 33, D2, 55, 68, A5, 2C, 54, 00, 64, FF, 32, 64, 89, 22, 33, D2, 33, C0, E8, 51, 51, FF, FF, 3C, 01, 0F, 85, 51, 08, 00, 00, 33, C0, 55, 68, D4, 24, 54, 00, 64, FF, 30, 64, 89...
 
[+]

Entropy:
5.8191

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,320,960 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RamSmash

Command:
"C:\Program Files\ramsmash\ramsmash.exe" \start


Scan RAMSMASH.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.