home

RectorDecryptor.exe

RectorDecryptor

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from www.techspot.com and multiple other hosts.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
RectorDecryptor

Description:
Trojan-Ransom.Win32.Rector decryptor tool

Version:
2.6.35.0

MD5:
dd42ef351080d34a2c770cca77cafd2c

SHA-1:
7172c3eaf477b929a987c0f699eb4440485dfe93

SHA-256:
b575d175d9a1e79a75d982405d19822c2872fbf178e38474e207e8d51059b771

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 4:30:46 PM UTC  (today)

File size:
767.7 KB (786,080 bytes)

Product version:
2.6.35.0

Copyright:
© 1997-2015 Kaspersky Lab ZAO.

Trademarks:
Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:
RectorDecryptor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\rectordecryptor.exe

Digital Signature
Signed by:
Kaspersky Lab

Authority:
DigiCert Inc

Valid from:
5/27/2015 5:00:00 PM

Valid to:
12/30/2015 4:00:00 AM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0916825462BEA15594450E897E8D3AE6

File PE Metadata
Compilation timestamp:
6/15/2015 5:41:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:3mhdg7039bDf4u5ZFdlWbRFUKvYzLw5hRMtqT4NKDS/kllnQHjfuJQ:3mhdgI39br9RlqDZvYzMRMIP2/UpQjuO

Entry address:
0x196360

Entry point:
50, 9C, 60, E8, 0C, 01, 00, 00, 01, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 60, 63, 19, 00, 9E, 07, 04, 00, 98, 62, 19, 00, C7, 00, 00, 00, E8, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, 38, 06, 00, 9C, 56, 13, 00, 00, F0, 17, 00, F8, A7, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 00, 00, 9E, 07, 04, 00, 00, F6, 09, 00, 00, 10, 0A, 00, A6, D6, 03, 00, 00, 5E, 09, 00, 00, 70, 13, 00, 4A, 29, 00, 00, 00, D0, 00, 00, 00, F0, 17, 00, FE, 4C, 00, 00...
 
[+]

Entropy:
7.9242  (probably packed)

Code size:
637.5 KB (652,800 bytes)

The file RectorDecryptor.exe has been seen being distributed by the following 7 URLs.

http://www.techspot.com/downloads/downloadnow/.../?evp=fe0bf7a1b03ace65ad41b363ce3f067e&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=43a3d0d498617bfcda38237cd79713cc&file=1

http://www.shareit.com/affiliate.html?_esd=1&affiliateid=70900&publisherid=50105&target=http://download.softpedia.com/dl/822611c7af01e47ae3df38336caff9eb/5624edcd/100165427/software/.../rectordecryptor.exe

http://media.kaspersky.com/utilities/VirusUtilities/.../rectordecryptor.exe

http://www.techspot.com/downloads/downloadnow/.../?evp=2bae551269244c525bfb4900685922e9&file=1

http://media.kaspersky.com/utilities/VirusUtilities/.../rectordecryptor.exe

http://www.techspot.com/downloads/downloadnow/.../?evp=cea802e13b05574aea1e3d53cde7e880&file=1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.