» rkagentsvc.exe
Overview
Analysis
File Details
Behaviors (1)

rkagentsvc.exe

ONE UP LTD.

The executable rkagentsvc.exe has been detected as malware by 1 anti-virus scanner. It runs as a separate (within the context of its own process) windows Service named “RKAgentSvc”.

File name:

rkagentsvc.exe

Publisher:

ONE UP LTD. (signed and verified)

MD5:

955cfc9a19f77dd573aa3c51457ca14a

SHA-1:

3df9dc1e61722652bb7fbbadf50b5456eef82fd4

SHA-256:

a9ee18c68eed67dc84528c51af030bddf0b84252a161dce3b97ee650f8c41b58

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/24/2024 2:44:49 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.1.29.15

File size:

2.6 MB (2,730,912 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\rkagentsvc.exe

Digital Signature

Signed by:

ONE UP LTD.

Authority:

Starfield Technologies, Inc.

Valid from:

4/25/2013 3:33:03 PM

Valid to:

4/25/2016 3:33:03 PM

Subject:

CN=ONE UP LTD., O=ONE UP LTD., L=LEMESOS, S=LEMESOS, C=CY

Issuer:

SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

041ABD63CA5DA9

File PE Metadata

Compilation timestamp:

9/28/2015 4:25:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:d15YwqhtR6OQwnMpiaeOEFNb8Gmgx3TkEGov:d1OhtR6OQwrtFNwGmgxOov

Entry address:

0x24F074

Entry point:

55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, DC, 7D, 64, 00, E8, 9B, D4, DB, FF, 33, C0, 55, 68, 3C, F1, 64, 00, 64, FF, 30, 64, 89, 20, B8, 54, F1, 64, 00, E8, 7B, 84, FF, FF, 84, C0, 74, 2F, 8D, 55, EC, 33, C0, E8, 75, 59, DB, FF, 8B, 45, EC, 50, B8, 78, F1, 64, 00, E8, 5F, 84, FF, FF, 50, B9, 80, F1, 64, 00, BA, A0, F1, 64, 00, B8, A0, F1, 64, 00, E8, CA, 8B, FF, FF, EB, 52, B8, C4, F1, 64, 00, E8, 3E, 84, FF, FF, 84, C0, 74, 18, B8, 78, F1, 64, 00, E8, 30, 84, FF, FF, 8B, D0, B8, A0, F1, 64, 00, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.3 MB (2,414,080 bytes)

Service

Display name:

RKAgentSvc

Type:

Win32OwnProcess

Group:

System Reserved

Remove rkagentsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.