» Riffstation.exe
Overview
Analysis
File Details
Network (1)

Riffstation.exe

Riffstation

Sonic Ladder

The executable Riffstation.exe has been detected as malware by 16 anti-virus scanners.

File name:

Riffstation.exe

Publisher:

Sonic Ladder

Product:

Riffstation

Description:

Riffstation v1.4

Version:

1.4.0.0

MD5:

71ddd3529a9d9cf49de344d87ae44ce3

SHA-1:

43018c9865bfb56ab78181f7a82e316f5bd55923

SHA-256:

623317a08d22ce2033594c3e044b074da2cd2f1ee7bde82ef7621eeaf6e5f231

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

5/10/2024 9:07:42 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.VMProtect

7.1.1

Avira AntiVirus

TR/Black.Gen2

7.11.147.26

AVG

Win32/Blacked

2015.0.3470

Baidu Antivirus

Trojan.Win32.VMProtect

4.0.3.14518

Bkav FE

HW32.TsCabk

1.3.0.4959

Comodo Security

UnclassifiedMalware

18212

ESET NOD32

Win32/Packed.VMProtect.ABD (variant)

8.9754

Fortinet FortiGate

PossibleThreat

5/18/2014

K7 AntiVirus

Trojan

13.177.11965

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3846

McAfee

Artemis!71DDD3529A9D

5600.7126

Norman

Suspicious_Gen4.GAJRC

11.20140518

Qihoo 360 Security

Win32/Trojan.e6d

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.F47V0324

7.2.138

Trend Micro

PAK_Generic.009

10.465.18

File size:

8.5 MB (8,904,704 bytes)

Product version:

1.4.0.0

Original file name:

Riffstation.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\riffstation trial\riffstation.exe

File PE Metadata

Compilation timestamp:

2/4/2014 8:05:38 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.23

CTPH (ssdeep):

196608:euwpK2Kqxuz1t8DSWRgw/RnLr3E3HTWlGiJMVFmfZoO/VypsxX/:WNA3QxRLDE3HTomMoX0

Entry address:

0xCDD934

Entry point:

9C, 9C, 68, 3C, FF, D4, 40, E9, 46, 9A, FD, FF, 9C, 8D, 64, 24, 2C, 0F, 87, 84, 13, 00, 00, F8, E9, 74, 2E, FE, FF, 00, 9E, C0, 43, 6D, D4, E6, 66, E6, 5F, 83, CF, B6, F6, 08, 6D, E1, 84, 30, AC, 58, E9, 98, 9F, 44, CE, F9, 59, 01, 76, 21, 36, 19, 90, B4, 4C, E2, 9B, 54, 00, 12, 0A, FC, 55, B7, 8A, 09, D8, CA, 32, 10, BD, 2B, 20, C9, 3F, 7B, B1, DE, 99, 01, 3C, 10, 08, 7F, 74, 46, 66, B4, 72, 2B, 2D, FF, A7, 64, 1B, 87, 62, 6E, F9, 29, 1C, 56, 63, 7E, 93, C9, 1F, 4C, 92, A8, 6F, E3, 11, DF, 90, 20, C0, 7B... 
[+]

Entropy:

7.9041 (probably packed)

Code size:

733 KB (750,592 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-54-69-4-191.us-west-2.compute.amazonaws.com (54.69.4.191:80)

Remove Riffstation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.