» rkl-free-setup-860.exe
Overview
Analysis
File Details
Downloads (28)

rkl-free-setup-860.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dlgbit.winfuture.de and multiple other hosts.

File name:

Version:

8.6.0.2500

MD5:

4502c5fc5bc2ef3c286828bdf1bd9d1a

SHA-1:

a8957be96cd4ed27d5b5bd23fc27652d3464e251

SHA-256:

37eb620544d5645e650366fe7eb79fb57499a9a43e1ff11fc3257afbefa73d4b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

7/13/2025 11:11:20 PM UTC (a few moments ago)

File size:

12.4 MB (13,039,104 bytes)

Product version:

8.6.0.2500

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\rkl-free-setup-860.exe

File PE Metadata

Compilation timestamp:

11/27/2015 3:44:00 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:8qtWXxh/lsuQIwpsN4InaqtjiFOmdnwM9zZQ7DRB8DUUFNnuNccZMmr9czu+W:7WXxh/l8ILJnjjUJTm7vGHuNPp+W

Entry address:

0x2038BC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 38, 0D, 5F, 00, E8, 8C, 73, E0, FF, A1, 8C, 12, 61, 00, 8B, 00, E8, 44, 21, F4, FF, A1, 8C, 12, 61, 00, 8B, 00, B2, 01, E8, 32, 44, F4, FF, 8B, 0D, CC, 10, 61, 00, A1, 8C, 12, 61, 00, 8B, 00, 8B, 15, 2C, C6, 5E, 00, E8, 3E, 21, F4, FF, A1, 8C, 12, 61, 00, 8B, 00, E8, D2, 22, F4, FF, E8, 61, 32, E0, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8634

Developed / compiled with:

Microsoft Visual C++

Code size:

2 MB (2,104,832 bytes)

The file rkl-free-setup-860.exe has been seen being distributed by the following 28 URLs.

http://dlgbit.winfuture.de/a24122a39d5be7cf63c603113eff9746/57e53681/software/Refog Free Keylogger/.../rkl-free-setup-860.exe

https://www.google.com/url?hl=en&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&sn=5&hash=3VhOpepCAyhMmegZUwaytw5hPZnEnagd0n2Mfu8XjxXOHjdilkxoRxU2xmHG_6Yg&source=gmail&ust=1480046824577000&usg=AFQjCNENbI-LWtSYuTUtPuE7ua-jeXzAIg

https://rep1.refog.com/.../rfginst-p6n.exe

https://www.google.com/url?hl=en-GB&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=H2ZvD-K3xYMYZ4CPGMlV6a9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1475158120887000&usg=AFQjCNH9BOs_zOncj5j-to-sGcOjU-UYFQ

https://www.google.com/url?hl=en&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=oo5JOQArUYPZXTFan1qD-K9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1476439772641000&usg=AFQjCNGBr-rVaXVuJ5oTOo_uWR8LWwsZvw

https://www.google.com/url?hl=es&q=https://account1.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=vnOIkPIttw0-7ZmUpbwqrq9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1470865146887000&usg=AFQjCNGU37TiX2cGH1xFVzaq5zOhTUGWhg

https://www.google.com/url?hl=en&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=GBzmD1PzWSVst2B0FpLQfq9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1476420386674000&usg=AFQjCNEVXd66-lyUeBXLZMRb_hDdL3cOQQ

https://www.google.com/url?hl=pt-BR&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=5tIrlrxertW-D0dQ6NoAPq9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1478280821820000&usg=AFQjCNGMWTC_rkQVrlrd_g_t-IpX20VS6A

https://www.google.com/url?hl=en-GB&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=Z7-ma4pWCjLKXtliikFBZK9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1477607557399000&usg=AFQjCNHEAN4D5uqaczjc8DrpOzlbMbfefA

https://www.google.com/url?hl=en&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&sn=5&hash=rOGOGUvXO2TgydypYknJqA5hPZnEnagd0n2Mfu8XjxXOHjdilkxoRxU2xmHG_6Yg&source=gmail&ust=1479729926853000&usg=AFQjCNFTzgjO9Q-0vQhgsig92Qe601Ic8Q

https://www.google.com/url?hl=en&q=https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&sn=5&hash=kr0yyAfyIWzlzxczVuFSwg5hPZnEnagd0n2Mfu8XjxXOHjdilkxoRxU2xmHG_6Yg&source=gmail&ust=1480308708179000&usg=AFQjCNERMw620GmB-PfnQgNkrkiniGLyxw

https://www.google.com/url?hl=en&q=https://account.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=dRo-7EKu9FgAbWx_fUb1za9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1470088915429000&usg=AFQjCNEP-KFUMxk5Twkjex0b23WiOSahWQ

https://account6.refog.com/3rml/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=GLV8p4uA3ie-CrQZXeZUDa9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0

https://rep1.getrefog.com/.../rfginst-gvq.exe

https://rep6.refog.com/.../rfginst-5g8.exe

http://login.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=oetOMRQJbmakP6OZsPW4gl9eY2xxaljKl0HL2y6iisH0zquk3BjVyNJGHjraHPfJ

https://www.google.com/url?hl=en&q=https://account.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=_3hh9gY6PA0RWhUXpBeNDq9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1465007023882000&usg=AFQjCNFbQfPyaEmNIxcNlHR5ACwS-_-pWg

&onid=2162&oid=3001-2162_4-10357898&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=security/monitoring&topicbrcrm=&pid=14489140&mfgid=107728&merid=107728&ctype=dm&cval=NONE&devicetype=desktop&pguid=af4fc82717e8b5c432ee50b0&viewguid=aYr2NpO8EL6Xy77@BIIDPSqpHddoJLRFN5tg&destUrl=http://downloads.refog.com/.../rkl-free-setup-860.exe

http://login.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=yIeHCtnE6F4iK3UWcjBc-F9eY2xxaljKl0HL2y6iisH0zquk3BjVyNJGHjraHPfJ

http://login.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=MHgWpXNZNhDGGCnpcaPanl9eY2xxaljKl0HL2y6iisH0zquk3BjVyNJGHjraHPfJ

https://www.google.com/url?hl=en&q=https://account.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=hh9cEYuH4EcShy2tlTM2Y69cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0&source=gmail&ust=1463304875778000&usg=AFQjCNErbe9gITy9stUSb_wsIlGd7UY_YQ

https://account.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=qTi5ZM11RSHFZhiGzQ-SOq9cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0

http://login.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=FS4LhDNDagIeuXdXIWG0A69cpionAkcng6ZC14xgSXEEgzUUcEO9KhyVWEvWHQq0

http://login.refog.com/mail/.../?url=download?pid=rkf&ver=8.6.0.2500&hash=PlC9mh80LNUQZTsS6pdCSV9eY2xxaljKl0HL2y6iisH0zquk3BjVyNJGHjraHPfJ

http://dlgbit.winfuture.de/fa66a3ae5ae049f1ba9b4ab255171c90/56dd4589/software/Refog Free Keylogger/.../rkl-free-setup-860.exe

http://dl.cdn.chip.de/downloads/.../rkl-free-setup-860.exe

http://software-files-a.cnet.com/s/software/14/48/91/.../rkl-free-setup-860.exe

http://files.downloadnow.com/s/software/14/48/91/.../rkl-free-setup-860.exe

Scan rkl-free-setup-860.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.