» rich.exe
Overview
Analysis
File Details

rich.exe

The executable rich.exe has been detected as malware by 9 anti-virus scanners.

File name:

rich.exe

MD5:

782d7b59bd454dc59221acc23881b923

SHA-1:

2b8d2cdb34e3ead4662fc73673c1b14d16e044a3

SHA-256:

9fbe510ee7d0e859522beee83a0a1d8680aeb91909587f6577da4dfb4eb9f8b6

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

12/22/2025 2:14:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur2.FU.WAZ@aO0!B8ab

1042

Bitdefender

Gen:Trojan.Heur2.FU.WAZ@aO0!B8ab

1.0.20.440

Bkav FE

W32.HfsAutoB

1.3.0.4959

Comodo Security

Heur.Suspicious

18012

Emsisoft Anti-Malware

Gen:Trojan.Heur2.FU.WAZ@aO0!B8ab

8.14.03.29.12

F-Secure

Gen:Trojan.Heur2.FU.WAZ@aO0!B8ab

11.2014-29-03_7

G Data

Gen:Trojan.Heur2.FU.WAZ@aO0!B8ab

14.3.24

MicroWorld eScan

Gen:Trojan.Heur2.FU.WAZ@aO0!B8ab

15.0.0.264

Rising Antivirus

PE:Trojan.Win32.Generic.1255C955!307611989

23.00.65.14327

File size:

2.8 MB (2,899,929 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\????\1\rich.exe

File PE Metadata

Compilation timestamp:

3/24/2001 12:56:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:4+eTIlm+I8wnIc6xI0I+XI1YIpICxI0I/XIeCLYIt6Iu+CI3PIRIVt3XKxhPRVuU:hu3ahJVtZl5l8KrdEFQH

Entry address:

0x1F704A

Entry point:

55, 8B, EC, 60, B8, B9, 70, 5F, 00, 2D, 4A, 70, 5F, 00, 03, 05, BA, 70, 5F, 00, C7, 05, 4A, 70, 5F, 00, E9, 00, 00, 00, A3, 4B, 70, 5F, 00, 68, 09, 70, 5F, 00, A0, 2D, 70, 5F, 00, 3C, 01, 74, 07, B8, 00, 00, 00, 00, EB, 03, 8B, 45, 08, 50, E8, 33, 00, 00, 00, 83, C4, 08, 83, F8, 00, 74, 1C, C7, 05, 4A, 70, 5F, 00, C2, 00, 00, 00, C7, 05, 4B, 70, 5F, 00, 0C, 00, 00, 00, 50, A1, 29, 70, 5F, 00, FF, D0, 61, 5D, EB, 06, 72, 16, 61, 13, 60, 0D, E9, 33, A2, E0, FF, 55, 8B, EC, 81, EC, F8, 02, 00, 00, 56, 57, 8D... 
[+]

Entropy:

6.4341

Developed / compiled with:

Microsoft Visual C++

Code size:

34 KB (34,816 bytes)

Remove rich.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.