home

rsdok6.exe

Радософт Документы 6

OOO

The application rsdok6.exe, “Программа для работы с первичными документами” by OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ООО "Петрософт"  (signed by OOO )

Product:
Радософт Документы 6

Description:
Программа для работы с первичными документами

Version:
6.8.0.2080

MD5:
8367309cf5dd035ef4e725c0b9d09616

SHA-1:
93d925d89c25f5aff8bfa3339bf18d8222c44b3b

SHA-256:
fcaff96bfc19bda853821de90191376e9dd471877c6a628c144f490fe5bcac7f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/2/2024 3:05:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.2.5.10

File size:
2.1 MB (2,154,760 bytes)

Product version:
6.8

Copyright:
Copyright © 1998-2015 ООО "Петрософт"

Original file name:
Rsdok6

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
OOO

Authority:
Thawte, Inc.

Valid from:
5/3/2015 4:00:00 AM

Valid to:
7/2/2016 3:59:59 AM

Subject:
CN="OOO ""Petrosoft""", O="OOO ""Petrosoft""", L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1CDBA4D660F0F2A404A1E5E279704FCE

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:lEn0/Rw6iK8419I934pTFIf67KBiGCvTWGTH7Rj/QyDhBsCF:qnwNB9igIfN5CvTNH7Rj4yDhBsCF

Entry address:
0x1000

Entry point:
68, 01, 00, 96, 00, E8, 01, 00, 00, 00, C3, C3, F2, F5, FD, 32, 37, 8D, 5B, 7E, A3, C3, 35, FA, 64, B4, 23, EB, C4, 98, 32, 96, 2C, 6D, DC, 9B, F2, 4F, 2E, 1C, 8E, 00, C7, 27, 1B, 03, F3, C5, 93, 83, E8, 88, 98, 62, 55, 07, CE, AB, EB, 58, 0D, 1E, E3, 24, 37, 49, C3, 95, 99, 65, 77, 90, F8, 60, E0, DF, 98, C7, EE, EB, 0B, 34, 84, 07, E3, F2, 28, A6, 2F, 82, 25, 44, D4, 87, 05, CA, 34, 5E, 02, 4E, 80, 9E, 47, DE, F8, F8, 73, 5C, 02, 57, 88, 27, 09, 83, D9, D4, AB, 9B, F1, DF, 86, 79, 5E, E3, C5, 56, 3B, DD...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
3.9 MB (4,086,272 bytes)

Remove rsdok6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.