» rksfax_control.exe
Overview
Analysis
File Details
Behaviors (1)

rksfax_control.exe

RKS Software Inc. of Oklahoma

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RKS Fax Print Controller’.

File name:

rksfax_control.exe

Publisher:

RKS Software Inc. of Oklahoma (signed and verified)

MD5:

5458b79856491a1936c363ad188e999b

SHA-1:

b5832abe058957fa2598322eaa1947888c50848c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 6:54:49 PM UTC (today)

File size:

3.7 MB (3,896,328 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\rks fax\rksfax_control.exe

Digital Signature

Signed by:

RKS Software Inc. of Oklahoma

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

5/11/2007 1:00:00 AM

Valid to:

6/23/2009 12:59:59 AM

Subject:

CN=RKS Software Inc. of Oklahoma, OU=SECURE APPLICATION DEVELOPMENT, O=RKS Software Inc. of Oklahoma, L=Edmond, S=Oklahoma, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

36B9DA617F009CDD588C458AB1CC5B73

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:azaSzW85QR4fNgq8350gMlA5YUNowjWCeS39n8qJ4MDkQNYwTCsH2SkH/cKrBHCS:aTSq83MAjjWCN9n8qZ/NYwTjQf11iS

Entry address:

0x2644E8

Entry point:

55, 8B, EC, 83, C4, F4, 53, B8, 78, 3C, 66, 00, E8, 3F, 40, DA, FF, 8B, 1D, B4, FA, 67, 00, B8, 6C, 45, 66, 00, E8, BB, F5, FF, FF, A1, 74, FC, 67, 00, 80, 38, 00, 74, 0E, 8B, 03, E8, 12, D0, DD, FF, E8, C5, FA, D9, FF, EB, 3C, 8B, 03, E8, B8, CE, DD, FF, 8B, 03, C6, 40, 4B, 00, 8B, 03, BA, 8C, 45, 66, 00, E8, AA, CA, DD, FF, 8B, 03, 33, D2, E8, A1, CA, DD, FF, 8B, 0D, E4, F9, 67, 00, 8B, 03, 8B, 15, 14, 30, 66, 00, E8, A2, CE, DD, FF, 8B, 03, E8, 1B, CF, DD, FF, 5B, E8, 81, FA, D9, FF, 00, FF, FF, FF, FF... 
[+]

Entropy:

6.3995

Developed / compiled with:

Microsoft Visual C++

Code size:

2.4 MB (2,504,192 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RKS Fax Print Controller

Command:

"C:\Program Files\rks fax\rksfax_control.exe"

Scan rksfax_control.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.