» rfwfv16f10.exe
Overview
Analysis
File Details
Downloads (1)

rfwfv16f10.exe

Rising Software Distribute System

Beijing Rising Information Technology Corporation Limited

This is a setup program which is used to install the application. The file has been seen being downloaded from rsdownload.rising.com.cn.

File name:

rfwfv16f10.exe

Publisher:

Beijing Rising Information Technology Co., Ltd. (signed by Beijing Rising Information Technology Corporation Limited)

Product:

Rising Software Distribute System

Description:

pmake.dat

Version:

24.0.44.74 0, 0, 28

MD5:

c30c807761dabcf0825fd3cc81ad4336

SHA-1:

160665350d63223992625e6f12594914b87afab0

SHA-256:

3b4d5d641d13e709a67773fcbdfc330072f79c10e1a5452591a3d75b7828b87f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 1:36:14 AM UTC (today)

File size:

18.6 MB (19,541,056 bytes)

Product version:

1.0.0.0

Original file name:

pmake.dat

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\rfwfv16f10.exe

Digital Signature

Signed by:

Beijing Rising Information Technology Corporation Limited

Authority:

VeriSign, Inc.

Valid from:

6/8/2015 6:00:00 PM

Valid to:

9/7/2018 5:59:59 PM

Subject:

CN=Beijing Rising Information Technology Corporation Limited, O=Beijing Rising Information Technology Corporation Limited, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

322A78CAB100B4B6D9A0CC66C16B802D

File PE Metadata

Compilation timestamp:

9/22/2013 3:31:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

393216:XWty2ux5VeVwyeP/6LnamLo93CCFWONQB/I7Bj+CvMv2u3K74:mty2WjswyrLx6y4N8SXvM/A4

Entry address:

0x44685

Entry point:

E8, E2, 82, 00, 00, E9, 78, FE, FF, FF, CC, 68, E0, 3B, 44, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 00, 5B, 46, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, C3, B8, BA, D4, 44, 00, A3, 50, 65, 46, 00, C7, 05, 54, 65, 46, 00, A1, CB, 44, 00, C7, 05, 58, 65, 46, 00, 55... 
[+]

Entropy:

7.9966 (probably packed)

Code size:

341 KB (349,184 bytes)

The file rfwfv16f10.exe has been seen being distributed by the following URL.

http://rsdownload.rising.com.cn/middle12/.../rfwfv16f10.exe

Scan rfwfv16f10.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.