» rcpsetup_fmodex.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

rcpsetup_fmodex.exe

RegClean Pro

Systweak Inc

The application rcpsetup_fmodex.exe by Systweak Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program TopGun - Hardlock by 505 Games. The file has been seen being downloaded from dllfix.s3.amazonaws.com.

File name:

rcpsetup_fmodex.exe

Publisher:

Systweak Inc (signed by Systweak Inc)

Product:

RegClean Pro

Version:

RegClean Pro

MD5:

9366f1b37b07e3d1510177a9f795b5aa

SHA-1:

2fd472c6103eeb5f213ad7bba67ec71a79a91f9b

SHA-256:

5d40d21b3e0ace5e333aaa2ea7d9af0ae14b3d2681a6196817d45c2b1687a925

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:44:35 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Systweak.Installer.Meta (L)

16.6.11.0

File size:

3.8 MB (4,032,944 bytes)

Product version:

6.1

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\guitar hero 3 [pc] crack included\rcpsetup_fmodex.exe

Digital Signature

Signed by:

Systweak Inc

Authority:

VeriSign, Inc.

Valid from:

2/9/2010 1:00:00 AM

Valid to:

3/11/2013 12:59:59 AM

Subject:

CN=Systweak Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Systweak Inc, L=JAIPUR, S=Rajasthan, C=IN

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2F57407B1F0C3DF506BB71A0E3F0EFD2

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:1VUfakWFfyLfbAiUo6yBZXIscp8hu6fV1/V/km1318:4ikCcbD76oap8JfVkm1318

Entry address:

0x9B24

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file rcpsetup_fmodex.exe has been discovered within the following program.

TopGun - Hardlock by 505 Games

Publisher's description - “Fancy Flying: Top Gun Hard Lock offers one of the most accessible and exciting aerial arcade action games this generation. Officially licensed aircraft include iconic jets such as the F14D Super Tomcat, F22 Raptor and F/A-18F Super Hornet.”

www.topgungame.com

About 6% of users remove it

The file rcpsetup_fmodex.exe has been seen being distributed by the following URL.

http://dllfix.s3.amazonaws.com/rcpsetup_fmodex.exe

Remove rcpsetup_fmodex.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.