home

RAMSMASH.EXE

RamSmash

PGWARE LLC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RamSmash’.
Publisher:
SWIFTDOG  (signed by PGWARE LLC)

Product:
RamSmash

Version:
1.0.0.1

MD5:
60603a00c27b0753f077183983493de3

SHA-1:
4a3f8890254100d7dad86a7cb701184acac6a9ef

SHA-256:
6226992a743ded26c9f55dea16a2ec3068eab4c6ce38efb2fc9b326e2067aff4

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 1:03:27 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

File size:
2.5 MB (2,575,536 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2004-2010 SWIFTDOG

Original file name:
RAMSMASH.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ramsmash\ramsmash.exe

Digital Signature
Signed by:
PGWARE LLC

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/16/2008 7:00:00 AM

Valid to:
8/15/2010 6:59:59 AM

Subject:
CN=PGWARE LLC, OU=SECURE APPLICATION DEVELOPMENT, O=PGWARE LLC, L=Norman, S=Oklahoma, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
154769D6AC36E9E67991AAB61B629FA4

File PE Metadata
Compilation timestamp:
3/22/2010 2:01:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:vU1xXeS6QXYI1OCC8UGOiHSvMkZYt65M7BYSezAqCh5SH1hVA2WL:23CbG9IFDgSSbqCh5SH1WL

Entry address:
0x1423D4

Entry point:
55, 8B, EC, B9, 16, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, A8, A0, 53, 00, E8, FC, 7D, EC, FF, 33, C0, 55, 68, 92, 30, 54, 00, 64, FF, 30, 64, 89, 20, A1, B8, 89, 54, 00, 66, C7, 00, 2E, 00, 8D, 55, D4, B8, 01, 00, 00, 00, E8, 47, 21, EC, FF, 8B, 45, D4, BA, B0, 30, 54, 00, E8, B6, 4C, EC, FF, 0F, 85, 8C, 08, 00, 00, 33, D2, 55, 68, A5, 2C, 54, 00, 64, FF, 32, 64, 89, 22, 33, D2, 33, C0, E8, 51, 51, FF, FF, 3C, 01, 0F, 85, 51, 08, 00, 00, 33, C0, 55, 68, D4, 24, 54, 00, 64, FF, 30, 64, 89...
 
[+]

Entropy:
5.8255

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,320,960 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RamSmash

Command:
"C:\Program Files\ramsmash\ramsmash.exe" \start


Scan RAMSMASH.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.