» RSCMK.exe
Overview
Analysis
File Details
Behaviors (1)

RSCMK.exe

Computer Monitor Keylogger

Rebrand Software, LLC

The application RSCMK.exe by Rebrand Software has been detected as a potentially unwanted program by 7 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Computer Monitor Keylogger’.

File name:

RSCMK.exe

Publisher:

RebrandSoftware (signed by Rebrand Software, LLC)

Product:

Computer Monitor Keylogger

Version:

4.09

MD5:

e6af99238d85999044fb5e5ac8f68578

SHA-1:

52da77ad6a10281a313d551ae5ada9aef47c6dd4

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:51:49 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Monitor-I [PUP]

2014.9-160203

Comodo Security

UnclassifiedMalware

21231

ESET NOD32

Win32/SpyBoss.A potentially unsafe (variant)

10.11244

Fortinet FortiGate

W32/VB.G

2/3/2016

McAfee

Keylog-CMonKey

5600.6500

Sophos

Mal/VB-G

4.98

VIPRE Antivirus

Spyware.EyeCandyMon

37964

File size:

1.3 MB (1,362,040 bytes)

Product version:

4.09

Original file name:

RSCMK.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Rebrand Software, LLC

Authority:

COMODO CA Limited

Valid from:

2/4/2013 9:00:00 PM

Valid to:

2/5/2015 8:59:59 PM

Subject:

CN="Rebrand Software, LLC", O="Rebrand Software, LLC", STREET=3325 Hemlock Drive, L=Falls Church, S=VA, PostalCode=22042, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7D645B526796C4686660E545AD1A03B3

File PE Metadata

Compilation timestamp:

3/27/2013 1:17:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:twsaVyGZMMMMQbQcheHLN3hZOWwyPUPLDjDjmb64/AUSX/Rje89vXqoSZ0E7/pKe:twhMMMMQkchQJCR+4qrAXw

Entry address:

0x4EF4

Entry point:

68, 2C, 26, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 46, 68, B9, 98, 8D, B2, EF, 49, B1, 57, AA, E3, 18, F3, 9D, A6, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 47, 00, 06, 50, 83, 00, 43, 6F, 6D, 70, 75, 74, 65, 72, 4D, 6F, 6E, 69, 00, 7D, FC, 00, 00, 00, 00, 00, FF, CC, 31, 00, 16, 01, 6D, 52, A1, 7C, 8A, EA, 45, 87, 57, F7, 6A, 3D, 0E, ED, C9, 5E, AE, 64, 9A, BE, 78, 01, 4F, 80, 82, 5D, 98, 4B, 7F, 3A, AB, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

1.1 MB (1,134,592 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Computer Monitor Keylogger

Command:

"C:\firefox\computer monitor keylogger\rscmk.exe"

Remove RSCMK.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.