» rmp.exe
Overview
Analysis
File Details
Downloads (1)

rmp.exe

Rich Media Player

Radiocom CJSC

The application rmp.exe, “Rich Media Player Installer” by Radiocom CJSC has been detected as adware by 38 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2.sevas-s.com.

File name:

rmp.exe

Publisher:

Radiocom (signed by Radiocom CJSC)

Product:

Rich Media Player

Description:

Rich Media Player Installer

Version:

1.0.0.776

MD5:

fc3f5638108bd009282511928838713e

SHA-1:

b7d54aa0aa2f6fdcefcf4df5a82f19149a2d8e21

SHA-256:

d324e28247fe784339eaf2807ad9114b457c26d5146bcfb421f7c7aa93e50b53

Scanner detections:

38 / 68

Status:

Adware

Analysis date:

4/18/2024 11:55:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Runouce.B@mm

940

Agnitum Outpost

I-Worm.Chir.B

7.1.1

Avira AntiVirus

W32/Chir.B

7.11.141.48

avast!

Win32:Oncer

2014.9-140710

AVG

Win32/Chir.B@mm

2015.0.3418

Baidu Antivirus

Virus.Win32.Runouce.$a

4.0.3.14710

Bitdefender

Win32.Runouce.B@mm

1.0.20.955

Bkav FE

W32.ChirBPE

1.3.0.4959

Clam AntiVirus

WIN.Worm.Brontok

0.98/18355

Comodo Security

EmailWorm.Win32.Runonce.~v001

18044

Dr.Web

Win32.Runonce.6652

9.0.1.0191

Emsisoft Anti-Malware

Win32.Runouce.B@mm

8.14.07.10.01

ESET NOD32

Win32/Chir

8.9634

Fortinet FortiGate

W32/Chir.B@mm

7/10/2014

F-Prot

W32/Thecid.B@mm

v6.4.7.1.166

F-Secure

Win32.Runouce.B@mm

11.2014-10-07_5

G Data

Win32.Runouce.B@mm

14.7.24

K7 AntiVirus

EmailWorm

13.176.11652

Kaspersky

Email-Worm.Win32.Runouce

14.0.0.3585

Malwarebytes

Virus.Chir

v2014.07.10.01

McAfee

W32/Chir.b@MM

5600.7074

Microsoft Security Essentials

Virus:Win32/Chir.B@mm

1.10401

MicroWorld eScan

Win32.Runouce.B@mm

15.0.0.573

NANO AntiVirus

Virus.Win32.Runouce.bxafx

0.28.0.58873

Norman

Malware

11.20140710

nProtect

Win32.Runouce.B@mm

14.04.03.01

Panda Antivirus

W32/Chir.B

14.07.10.01

Qihoo 360 Security

Virus.Win32.CNHacker.C

1.0.0.1015

Quick Heal

W32.Runouce.B

7.14.12.00

Reason Heuristics

PUP.Installer.RadiocomCJSC.D

14.7.17.9

Rising Antivirus

PE:Worm.ChineseHacker-2!23772

23.00.65.14708

Sophos

W32/Chir-A

4.98

Total Defense

Win32/Chir.B

37.0.10856

Trend Micro House Call

PE_Chir.B

7.2.191

Trend Micro

PE_Chir.B

10.465.10

Vba32 AntiVirus

Virus.Win32.Chur.A

3.12.26.0

VIPRE Antivirus

Win32.chir.b

28008

ViRobot

Win32.Chir.B

2011.4.7.4223

File size:

56.9 MB (59,704,000 bytes)

Product version:

1.0.0.776

Original file name:

rmp.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\rmp.exe

Digital Signature

Signed by:

Radiocom CJSC

Authority:

VeriSign, Inc.

Valid from:

1/18/2013 12:00:00 AM

Valid to:

1/18/2014 11:59:59 PM

Subject:

CN=Radiocom CJSC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radiocom CJSC, L=Kiev, S=Kiev, C=UA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1B27C57434E6D1716BF37BCC371FF8B7

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:a7Z2nRjK72P3ojFRrb0xDTYqIEO6Mysk2hzYDOTKVUeYnT9aFSJ5UXj+6ahn7vuD:9hk0VTp2hBKVYT9as5Q+ZnLuA1nY

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file rmp.exe has been seen being distributed by the following URL.

http://d2.sevas-s.com/.../rmp.exe

Remove rmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.