» rkservice.exe
Overview
Analysis
File Details

rkservice.exe

ngpInc

The application rkservice.exe by ngpInc has been detected as adware by 4 anti-malware scanners.

File name:

rkservice.exe

Publisher:

ngpInc (signed and verified)

MD5:

c6347fb712b64df78d2389488b803dff

SHA-1:

adbd5e8e19b10078bdaf57b0c410aea1712f4a39

SHA-256:

fdba9d68c4a6303ead0f9e88a1dab3ef30f496ea6b88e55bdd265fa77e893d1a

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/25/2024 12:26:18 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/RealKey.A

7.11.118.14

Comodo Security

Heur.Suspicious

17393

Malwarebytes

Adware.KorAd

v2014.01.03.11

Reason Heuristics

PUP.ngpInc.J

14.8.8.0

File size:

2.1 MB (2,150,304 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\syswow64\rkservice.exe

Digital Signature

Signed by:

ngpInc

Authority:

Thawte, Inc.

Valid from:

11/14/2011 9:00:00 AM

Valid to:

11/14/2012 8:59:59 AM

Subject:

CN=ngpInc, O=ngpInc, L="Nam-gu ", S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

74871DB96A8FDAF3D586AF0E73F1A7ED

File PE Metadata

Compilation timestamp:

8/11/2012 3:07:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

24576:i+KsS3xAMxQRxnItsrWFI96EvbqfsAqJTVOBmymSrrMIeX2M:i+K34u4TyG6mbCrMth

Entry address:

0xAB7FC

Entry point:

E9, DF, 7E, 0D, 00, E9, EA, D6, 00, 00, E9, E5, 28, 12, 00, E9, 00, 02, 0B, 00, E9, 6B, 97, 05, 00, E9, 76, 3B, 04, 00, E9, 61, 9E, 13, 00, E9, CC, 78, 0D, 00, E9, B7, FC, 03, 00, E9, 22, FB, 06, 00, E9, 2D, 63, 06, 00, E9, 98, 3A, 04, 00, E9, 73, 69, 07, 00, E9, 6E, C4, 05, 00, E9, E9, 04, 04, 00, E9, 04, 60, 03, 00, E9, EF, 57, 07, 00, E9, 1A, E4, 04, 00, E9, B5, DC, 04, 00, E9, 70, 9E, 0A, 00, E9, FB, 1D, 08, 00, E9, F6, E9, 05, 00, E9, 11, C2, 13, 00, E9, 8C, 80, 13, 00, E9, 47, EE, 07, 00, E9, 56, 71... 
[+]

Entropy:

5.6740

Developed / compiled with:

Microsoft Visual C++ 8.0 (Debug)

Code size:

1.4 MB (1,425,408 bytes)

Remove rkservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.