home

rfginst-tra.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from login.refog.com and multiple other hosts.
Version:
8.6.4.2560

MD5:
d16b57ca4b02bb4e26e032bc73ffea22

SHA-1:
8cfe338e36435a5ad4dcaf09d4a6c3a4b30ebf51

SHA-256:
f2f200f8445816026ac412f6284806618e2e8b1f12892a54eed7b26aaae3eb35

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/23/2025 6:30:45 AM UTC  (today)

File size:
12.5 MB (13,157,888 bytes)

Product version:
8.6.4.2560

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\rfginst-tra.exe

File PE Metadata
Compilation timestamp:
1/28/2016 8:11:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:158xR/ddTXAomVJBPHkPJkR1Oip2nbN3AKbEmXEEn+tqL0ctEhMr:1SxR/danBPMa112RnrXEptt5w

Entry address:
0x2058BC

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 2D, 5F, 00, E8, 8C, 53, E0, FF, A1, 8C, 32, 61, 00, 8B, 00, E8, 4C, 01, F4, FF, A1, 8C, 32, 61, 00, 8B, 00, B2, 01, E8, 3A, 24, F4, FF, 8B, 0D, CC, 30, 61, 00, A1, 8C, 32, 61, 00, 8B, 00, 8B, 15, 3C, E4, 5E, 00, E8, 46, 01, F4, FF, A1, 8C, 32, 61, 00, 8B, 00, E8, DA, 02, F4, FF, E8, 61, 12, E0, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8624

Developed / compiled with:
Microsoft Visual C++

Code size:
2 MB (2,113,536 bytes)

The file rfginst-tra.exe has been seen being distributed by the following 2 URLs.

http://login.refog.com/mail/.../?url=download?pid=rkl&ver=8.6.4.2560&hash=UFj_HJso_Ab0sEeHYWBAYPKZnsCrCtUHmbA8I1AM8QajXy6DympOaI6i5lvdk7bf

http://login.refog.com/mail/.../?url=download?pid=rkl&ver=8.6.4.2560&hash=vNHmzl0dV4vYv6gFR9KWQPKZnsCrCtUHmbA8I1AM8QajXy6DympOaI6i5lvdk7bf

Scan rfginst-tra.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.