home

rescue2usb.exe

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from external.comss.ru and multiple other hosts.
Publisher:
Kaspersky Lab  (signed and verified)

MD5:
967a054f8e0d89c353657d64c6c64f8f

SHA-1:
0632083a9876434ed30285b76686f9d67afa244b

SHA-256:
a3edbc257e46173b49c51508223f03d7ee09aa16f12895ed3d1b48f6bec6088f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 11:40:32 AM UTC  (today)

File size:
378.5 KB (387,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rescue2usb.exe

Digital Signature
Signed by:
Kaspersky Lab

Authority:
VeriSign, Inc.

Valid from:
3/8/2010 1:00:00 AM

Valid to:
3/9/2011 12:59:59 AM

Subject:
CN=Kaspersky Lab, OU=Technical dept, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Kaspersky Lab, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07BE8F83F4455021F4E24FB021FCA24A

File PE Metadata
Compilation timestamp:
8/29/2008 6:54:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
6144:gTfFDbRnOT4bX2afFNMPCdo4tJBCzOSJMqRJCKRCQUlPpkvZ/JjtZCMlCeHZgl:y5OcXdo4tJBCzrP6QUoZJjblDal

Entry address:
0x1000

Entry point:
E8, 6F, 2B, 00, 00, 50, E8, 73, 36, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E5, 50, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, 7A, 48, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, DE, 38, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, AC, 69, 41, 00, 6A, 65, 56, E8, 24, 38, 01, 00, 6A, 01, 56, E8, FE, 37, 01, 00...
 
[+]

Code size:
80 KB (81,920 bytes)

The file rescue2usb.exe has been discovered within the following program.

PokerTH  by www.pokerth.net
PokerTH is an open source Texas hold 'em simulator for Microsoft Windows. The game is faithful to the Texas Hold 'em rules and betting system. PokerTH allows for up to ten human players, with computer-controlled players filling in if there are not enough humans.
www.pokerth.net
About 3% of users remove it
 
Powered by Should I Remove It?

The file rescue2usb.exe has been seen being distributed by the following 11 URLs.

http://external.comss.ru/url.php?url=http://rescuedisk.kaspersky-labs.com/rescuedisk/.../rescue2usb.exe

http://poczta.onet.pl/download.html?kid=584670

http://lnkr.us/get?sourceId=5&uid=49459x206x&format=go&out=http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/rescue2usb.exe&ref=http://arabitechnomedia.com/.../

https://www.raymond.cc/blog/wp-content/plugins/.../download.php?id=1245

http://www.techtudo.com.br/_/software/.../download

http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14062002359026&key=2b0adaafa9ad8a29fede7758fada1730&libId=24c1e767-0516-4b93-84bf-90a2a4f1ba99&loc=http://www.pcworld.com/article/2039995/when-malware-strikes-how-to-clean-an-infected-pc.html&v=1&out=http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/rescue2usb.exe&ref=https://.../&title=? When malware strikes: How to clean an infected PC | PCWorld&txt=Utility to record Kaspersky Rescue Disk 10 to USB devices

http://dl.cdn.chip.de/downloads/.../rescue2usb.exe

ftp://rescuedisk.kaspersky-labs.com/rescuedisk/.../rescue2usb.exe

http://www.raymond.cc/blog/wp-content/plugins/.../download.php?id=1245

http://dl.cdn.chip.de/downloads/.../rescue2usb1007.exe

http://rescuedisk.kaspersky-labs.com/rescuedisk/.../rescue2usb.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.