home

riffsetup.exe

This is a self-extracting archive and installer. The file has been seen being downloaded from www.riffbox.org.
MD5:
d742ba037314cb097b7d240969fd38da

SHA-1:
ff544c304899d2af0d833cc12233747e68b80fb7

SHA-256:
5a69f1625dc7f5fb188d1833aa5a1dcd41d8d314b15b90404c0b539c2cd25f40

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
6/19/2025 4:47:28 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

Malwarebytes
Trojan.Banker
v2014.07.06.10

Trend Micro House Call
TROJ_GEN.F47V1020
7.2.187

File size:
6 MB (6,246,965 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
10/24/2010 1:02:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
98304:0lXFHccjLRmBTCli7w/bSBPFfx6hT80nqPfQiVJlM:a1H7Rm0li7wuBPFJwfqwiV3M

Entry address:
0x1000

Entry point:
68, 0C, 02, 00, 00, 68, 00, 00, 00, 00, 68, 04, DF, 46, 00, E8, 20, 91, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 19, 91, 00, 00, A3, 08, DF, 46, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 06, 91, 00, 00, A3, 04, DF, 46, 00, E8, 9C, 68, 02, 00, E8, F7, 4F, 02, 00, E8, A1, 46, 02, 00, E8, EE, 38, 02, 00, E8, 96, 36, 02, 00, E8, A0, 2D, 02, 00, E8, CD, 2B, 02, 00, E8, EE, 16, 02, 00, E8, 03, D9, 01, 00, E8, 21, D1, 01, 00, E8, 7A, CC, 01, 00, E8, DB, C5, 01, 00, E8, 37, BE, 01, 00...
 
[+]

Packer / compiler:
PKLITE32, 0x1.1

Code size:
185.5 KB (189,952 bytes)

The file riffsetup.exe has been seen being distributed by the following URL.

http://www.riffbox.org/.../RiffSetup.exe

Scan riffsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.