home

RRT.exe

Sergiwa Antiviral Toolkit

Sergiwa - www.sergiwa.com

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RRT-Auto’. The file has been seen being downloaded from www.jordanfa.com and multiple other hosts.
Publisher:
Sergiwa - www.sergiwa.com

Product:
Sergiwa Antiviral Toolkit

Version:
6.08

MD5:
1b42925c58b0c4ced7d72a7d9d4d36e7

SHA-1:
6b597dfc630c86f8346b738f4e2b0fe3f3dafa10

SHA-256:
839d6f854c70c43d367d4fb89453d11921279b45790d3942bc62dcea50cb18f2

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
7/16/2025 6:42:00 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
17857

Rising Antivirus
PE:Malware.Packed!1.9C4E
23.00.65.14318

VIPRE Antivirus
Trojan.Win32.Generic
26912

File size:
4.8 MB (5,066,752 bytes)

Product version:
6.08

Copyright:
Warning: This SOFTWARE is owned by SERGIWA SOFTWARE and is protected by Libya Copyright Laws and International Treaty provisions.

Trademarks:
Sergiwa

Original file name:
RRT.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/29/2012 10:52:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:2XAVtL5UBbJQThECbEnTufq/PNCgOUC8r24WAN+Kd:2XArL2dJQdwTuSMgc34kKd

Entry address:
0xF49000

Entry point:
55, 89, E5, 81, C5, 04, 00, 00, 00, 51, B9, 04, 00, 00, 00, 29, CD, 59, 55, FF, 74, 24, 04, 5D, 8F, 04, 24, 5C, 68, DE, 18, 00, 00, 89, 04, 24, 68, AB, 71, 00, 00, 89, 1C, 24, E8, 01, 00, 00, 00, CC, FF, 34, 24, 58, 51, 89, E1, 81, C1, 04, 00, 00, 00, 83, C1, 04, 87, 0C, 24, 5C, 50, FF, 34, 24, 5B, 81, C4, 04, 00, 00, 00, 57, BF, EC, 59, 92, 48, 81, EF, ED, 59, 92, 48, 05, 6D, 47, CF, 0C, 29, F8, 2D, 6D, 47, CF, 0C, 5F, 57, 56, BE, FE, 7F, 50, 32, 81, C6, 46, F4, 1B, FF, 89, F7, 5E, 81, F7, 38, 59, 46, 0B...
 
[+]

Entropy:
7.9188  (probably packed)

Code size:
7.6 MB (7,999,488 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RRT-Auto

Command:
C:\1\adaware\rrt.exe auto


The file RRT.exe has been seen being distributed by the following 5 URLs.

http://www.jordanfa.com/owncloud/index.php/apps/files/ajax/.../Utilities&files=RRT.exe

http://www.sergiwa.com/modules/.../visit.php?cid=2&lid=1

http://download.softpedia.com/dl/fee37c4da739b08db50515acb5a923b8/56d8232f/100068926/software/.../RRT.exe

http://download.softpedia.ro/dl/2f8e35ba0edcdf84c519c368eeaa2b1c/56c38ce5/100068926/software/.../RRT.exe

http://software-files-a.cnet.com/s/software/12/64/97/.../RRT.exe

Scan RRT.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.