» rss3.2.11341.5521en.exe
Overview
Analysis
File Details
Downloads (2)

rss3.2.11341.5521en.exe

Returnil System Safe 2011

CJSC Returnil Software

This is a self-extracting archive and installer. The file has been seen being downloaded from returnil-system-safe.en.softonic.com and multiple other hosts.

File name:

Publisher:

CJSC Returnil Software (signed and verified)

Product:

Returnil System Safe 2011

Description:

Returnil System Safe Multilanguage Setup

Version:

3.2.10910.5521 (RVSWIN2008.10-12-17)

MD5:

42c4ead28d90de000466251c01fa4c1a

SHA-1:

0af2501aed859c8cd8f756186030aa0f9c80d933

SHA-256:

6e658d1c3e9cee1060791d3c5ee0527f82728e350d9f2ee3add9d666d70d2360

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 12:41:44 PM UTC (today)

File size:

38.1 MB (39,917,400 bytes)

Product version:

3.2.11341.5521-REL11

Original file name:

ML_SETUP.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

CJSC Returnil Software

Authority:

VeriSign, Inc.

Valid from:

3/11/2009 5:30:00 AM

Valid to:

3/12/2011 5:29:59 AM

Subject:

CN=CJSC Returnil Software, OU=Configuration Management, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CJSC Returnil Software, L=St. Petersburg, S=St. Petersburg, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6C9419906ED98DB472C37650BA46D6D2

File PE Metadata

Compilation timestamp:

12/17/2010 9:50:32 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:8Iq9vJxRX7oiOnQn0J/AWW+36fV4SB8OdnA9vuiaE8+H8RUWwns9H:G9X7o+n0J4xE6fBGOdAhlak+kAH

Entry address:

0x2E4B

Entry point:

8B, FF, 55, 8B, EC, 51, 53, 33, DB, 53, 53, 33, C0, 53, C7, 45, FC, 01, 00, 00, 00, 66, A3, 18, 4A, 00, 01, FF, 15, 9C, 10, 00, 01, A3, 1C, 52, 00, 01, 3B, C3, 75, 16, 68, 4A, 04, 00, 00, FF, 15, 24, 10, 00, 01, 50, E8, C3, E7, FF, FF, E9, 87, 00, 00, 00, 56, 8B, 35, DC, 10, 00, 01, 57, BF, 00, 04, 00, 00, 57, 68, 18, 4A, 00, 01, 6A, 64, 53, FF, D6, 85, C0, 75, 07, 68, 51, 04, 00, 00, EB, 14, 57, 68, 18, 42, 00, 01, 6A, 65, 53, FF, D6, 85, C0, 75, 13, 68, 58, 04, 00, 00, FF, 15, 24, 10, 00, 01, 50, E8, 7B... 
[+]

Entropy:

7.9830 (probably packed)

Code size:

11 KB (11,264 bytes)

The file rss3.2.11341.5521en.exe has been seen being distributed by the following 2 URLs.

http://returnil-system-safe.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANmvob2l/4JUWX48ZaZZSxP jfbwdLPl T7z70WVjFa1fdxhyD8yYX728J4labCqDfr8ku6f3wyXCEoOYegNAp9qWNLlUxUjt4na71DIu/VtGxap2Zlo9jHKo7pOlXLf2XyqFpgZxB nkRBEOdr78jgU0WqA0Nmf291ST9Q/lxfFGnaTqaQX9GXmLYkDRZ/VZ9NsQQiQgUiJ2DQEy0pV6i86nwg701D3iGQ 8lFRjQksbcWoKiiGXU4qMTnVVnxPLKmkY6I VqrarVznvgYAvHygiwn7jkyujvZNXVkfhNQdJuUya4NIedLH1Dn/Hx2sxZeBeeoe/0iPA5B2Whs4BWepjj4BxzpS86VMsAINUhDx18zT796I3YXeC bUKAAEiRFLL Y9LwpW/YauAO/9I2nGZcp7lYns5MMAP89UG1Ehg/C/mbIAMjL0 O4Rvpjn0ZIPOh9QhKmsFVwg5ydlAvR9dcLK/Ngc/.../46u3wr14xyjboXjnp0yVlLVQiu9Vzi qbuAakkfT3cflOGPhB9 nDBrf18uiJCgoOCjNzhTGihvtAzFRvPvj0uBKntMsTDrkNEE4sgjcAHnEjGWBw

http://gsf-cf.softonic.com/0af/250/.../file?SD_used=0&channel=WEB&fdh=yes&id_file=79892&instance=softonic_es&type=PROGRAM&Expires=1449214711&Signature=LExP1m5ec-EwA~-vQ9Lyfu4I6U1fR0wfp3LMKx8y-P4NakG0p-V72MoHFuWuV~KZG2hT3qB2MRZEDKYIvJP~wXLgCzbZb4-iVrLNA80c-uFGHnoaq9HFajYRmu5ROba3XDlGQ~Fc9nMBAQaqYNkDr-fL8x9pwEJz85hsjRo4-YE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rss-2011.exe

Scan rss3.2.11341.5521en.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.