home

ravf.exe

Rising Software Distribute System

Beijing Rising Information Technology Corporation Limited

This is a setup program which is used to install the application. The file has been seen being downloaded from files01.techspot.com and multiple other hosts.
Publisher:
Beijing Rising Information Technology Co., Ltd.  (signed by Beijing Rising Information Technology Corporation Limited)

Product:
Rising Software Distribute System

Version:
23.01.26.84

MD5:
2b283bb1be8bd04585f74674f2e56070

SHA-1:
9ea3fb1f42da5f611b5e72d403fb81eb61331586

SHA-256:
303673fae7d00d515ae45ccfa2af80ec85186ff83a9cd220752faf80dd69d298

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/18/2024 10:08:47 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
DLOADER.Trojan
9.0.1.0163

Vba32 AntiVirus
Backdoor.Agent
3.12.26.4

File size:
45.8 MB (48,055,440 bytes)

Product version:
1.00

Copyright:
Copyright(C) 2011 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.

Original file name:
RsdSfx.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ravf.exe

Digital Signature
Signed by:
Beijing Rising Information Technology Corporation Limited

Authority:
VeriSign, Inc.

Valid from:
5/11/2012 2:00:00 AM

Valid to:
8/11/2015 1:59:59 AM

Subject:
CN=Beijing Rising Information Technology Corporation Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing Rising Information Technology Corporation Limited, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
410026B7AE29963B608D61911B771E16

File PE Metadata
Compilation timestamp:
6/2/2011 8:27:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:0sXHcvjehQR1sOkWpLfYcHHfmpKkxSNb7LYJqlXWfcsI0n3dhfsuh/FW5o:0sXcvbT2W9Yyfsd8b7LYJkWUsp33kulp

Entry address:
0x14EDB

Entry point:
55, 8B, EC, 6A, FF, 68, 80, BC, 41, 00, 68, D4, 4B, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 88, B1, 41, 00, 33, D2, 8A, D4, 89, 15, A0, 0A, 52, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 9C, 0A, 52, 00, C1, E1, 08, 03, CA, 89, 0D, 98, 0A, 52, 00, C1, E8, 10, A3, 94, 0A, 52, 00, 6A, 01, E8, 42, 1C, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 01, 18, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
104 KB (106,496 bytes)

The file ravf.exe has been seen being distributed by the following 2 URLs.

http://files01.techspot.com/.../ravf.exe

http://www.techspot.com/downloads/downloadnow/.../?evp=15a8dfaed7b1bc97abbebbff9c9b4b89&file=1

Scan ravf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.