home

rescueroot.exe

Rescue Root Software Ltd.

This file is installed with the program RescueRoot.
Publisher:
Rescue Root Software Ltd.  (signed and verified)

MD5:
dc57f3245334812e2b6ec10fe8ed420a

SHA-1:
3802aee7007bd2731bea9051cacd96344353f599

SHA-256:
23129731d7fe067bf676796d47cc6fabe3f422f0a9ef4ff491e80c3a8437e5eb

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 2:23:54 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/VBTrojan.Dropper.2
v6.4.7.1.166

K7 AntiVirus
Trojan
13.172.9720

File size:
410.7 KB (420,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\rescueroot.exe

Digital Signature
Signed by:
Rescue Root Software Ltd.

Authority:
DigiCert Inc

Valid from:
3/26/2013 2:00:00 AM

Valid to:
4/23/2014 2:00:00 PM

Subject:
CN=Rescue Root Software Ltd., O=Rescue Root Software Ltd., L=Victoria, S=British Columbia, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
049BDEE2049B343E7CD4FDD4CF12214D

File PE Metadata
Compilation timestamp:
7/16/2013 10:40:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:n4o17+5lUAOVHKSRiLi3f9WVLuVes1WuwG2P0gdb+YaS/eq3wNgDta1BBBBBBBBD:UoKSRiLAf9WFuMzP0QbraS/ehOa4i7

Entry address:
0x121C

Entry point:
68, 80, 6B, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 80, DC, 7B, C9, C0, B8, 6C, 45, AF, FF, F9, 0A, AF, EE, E0, F9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, 72, 6A, 53, 70, 6C, 61, 73, 68, 00, 00, 00, 00, 6E, EA, 7D, 00, 00, 00, 00, FF, CC, 31, 00, 01, 72, 35, 62, F1, 24, 0C, E9, 41, 89, EE, F5, 9D, AD, CB, 63, 2B, ED, 93, 98, 9F, C2, BA, 11, 4F, A7, A3, 3B, C8, 5C, 43, F2, 7E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.4471

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
28 KB (28,672 bytes)

The file rescueroot.exe has been discovered within the following program.

RescueRoot  by RescueRoot
www.rescueroot.com
About 3% of users remove it
 
Powered by Should I Remove It?

Scan rescueroot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.