home

rho_s2_00896.exe

OEM_94 Root

This is a setup program which is used to install the application. The file has been seen being downloaded from dl4.htc.com.
Publisher:
OEM_94 Root  (signed and verified)

MD5:
95dd349c134f2f07b1dee9b64187e8da

SHA-1:
f0ba5458996a7db41f11cba0453aa15cf0019ec5

SHA-256:
d650e6352ee711282a8be67c1f713cb4a7bd2f309a87ceafc0e42289e44b556b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 12:24:41 PM UTC  (today)

File size:
11.1 MB (11,652,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rho_s2_00896.exe

Digital Signature
Signed by:
OEM_94 Root

Authority:
OEM_94 Root

Valid from:
12/22/2008 2:58:09 PM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=OEM_94 Root

Issuer:
CN=OEM_94 Root

Serial number:
A1CB838CCACD739E48C873204E783393

File PE Metadata
Compilation timestamp:
6/21/2010 3:01:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:

Linker version:
6.24

CTPH (ssdeep):
98304:KX35cKs4wWg1xNgFMEXHz9Q7ecrg3z01vI:q3Hs4wxwMQHLdr

Entry address:
0x3B1C

Entry point:
0D, C0, A0, E1, F0, 58, 2D, E9, 1C, B0, 8D, E2, 04, D0, 4D, E2, 00, 70, A0, E1, 01, 60, A0, E1, 02, 50, A0, E1, 03, 40, A0, E1, 12, 00, 00, EB, 04, 30, A0, E1, 05, 20, A0, E1, 06, 10, A0, E1, 07, 00, A0, E1, D1, F5, FF, EB, 00, 40, A0, E1, 20, 40, 0B, E5, 01, 00, 00, EA, 00, 40, A0, E1, 20, 00, 00, EB, 04, 00, A0, E1, 1E, 00, 00, EB, F0, A8, 1B, E9, 04, E0, 2D, E5, 00, 10, A0, E1, 00, 00, 91, E5, 00, 00, 90, E5, 5C, 00, 00, EB, 00, 80, BD, E8, 04, E0, 2D, E5, 20, 10, 9F, E5, 18, 00, 9F, E5, 07, 00, 00, EB...
 
[+]

Code size:
11.5 KB (11,776 bytes)

The file rho_s2_00896.exe has been seen being distributed by the following URL.

http://dl4.htc.com//Driver/.../RHO_S2_00896.exe

Scan rho_s2_00896.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.