rf7.patch.exe

The executable rf7.patch.exe has been detected as malware by 11 anti-virus scanners.
Remove rf7.patch.exe - Powered by Reason Core Security
MD5:
45d69b40cd57bccef6efed435991ef9f

SHA-1:
73396169597c6fa4c24b8f6ffff26c85bf61999f

SHA-256:
cac7d498c66b01006f6d604e1ce996a210ea6912698d04a2960255fce90705d5

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/8/2016 11:18:14 PM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
W32/VB.FIO!tr
6/10/2014

McAfee
Artemis!45D69B40CD57
5600.7103

McAfee Web Gateway
Heuristic.BehavesLike.Win32.ModifiedUPX.C
7.7103

Norman
Suspicious_Gen2.SCJKV
11.20140610

Sophos
Troj/VB-FIO
4.98

The Hacker
Posible_Worm32
6.8.0.5.464

Trend Micro House Call
TROJ_SPNR.03JR11
7.2.161

Trend Micro
TROJ_SPNR.03JR11
10.465.10

Remove rf7.patch.exe - Powered by Reason Core Security
File size:
80 KB (81,920 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
1536:RlSH25FZFBuWwh3nskeNVdnhCQfpfa63j0cLnjcMVnouy8:Rl5FZvuWGXjyVxhCa1ag7out

Entry address:
0x90F90

Entry point:
60, BE, 00, E0, 47, 00, 8D, BE, 00, 30, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 54, E7, 08, 00, 57, 83, C3, 04, 53, 68, 84, 2F, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9729  (probably packed)

Code size:
80 KB (81,920 bytes)

Remove rf7.patch.exe - Powered by Reason Core Security