» rvs-pro-2011.exe
Overview
Analysis
File Details
Downloads (2)

rvs-pro-2011.exe

Returnil Virtual System 2011

CJSC Returnil Software

This is a setup and installation application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

rvs-pro-2011.exe

Publisher:

CJSC Returnil Software (signed and verified)

Product:

Returnil Virtual System 2011

Description:

Returnil Virtual System Multilanguage Setup

Version:

3.2.10857.5462 (RVSWIN2008.10-10-22)

MD5:

1331ba71293fb773f77c924e9b76620e

SHA-1:

d89cbf48ed862597317fd9f8c5df98908e3c27e6

SHA-256:

fa391c01caa444f487ba0bde065ea3c5352bd30254e751bce44bed653b5674c4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 7:23:46 AM UTC (today)

File size:

11.1 MB (11,659,376 bytes)

Product version:

3.2.10857.5462-REL7

Original file name:

ML_SETUP.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

CJSC Returnil Software

Authority:

VeriSign, Inc.

Valid from:

3/10/2009 8:00:00 PM

Valid to:

3/11/2011 6:59:59 PM

Subject:

CN=CJSC Returnil Software, OU=Configuration Management, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CJSC Returnil Software, L=St. Petersburg, S=St. Petersburg, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6C9419906ED98DB472C37650BA46D6D2

File PE Metadata

Compilation timestamp:

10/22/2010 11:47:03 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:h9gVe9+fLXxPfoTJYqAwoD2yNVbEQ0EUz7HQbJ2+GcQfKGTmj7WkJ:3gVe9+fKTJulKCVbEQ0T7HCJXGTa7

Entry address:

0x2CD4

Entry point:

8B, FF, 55, 8B, EC, 51, 53, 33, DB, 53, 53, 33, C0, 53, C7, 45, FC, 01, 00, 00, 00, 66, A3, 18, 4A, 00, 01, FF, 15, 9C, 10, 00, 01, A3, 1C, 52, 00, 01, 3B, C3, 75, 16, 68, 1E, 04, 00, 00, FF, 15, 24, 10, 00, 01, 50, E8, 3A, E9, FF, FF, E9, 87, 00, 00, 00, 56, 8B, 35, DC, 10, 00, 01, 57, BF, 00, 04, 00, 00, 57, 68, 18, 4A, 00, 01, 6A, 64, 53, FF, D6, 85, C0, 75, 07, 68, 25, 04, 00, 00, EB, 14, 57, 68, 18, 42, 00, 01, 6A, 65, 53, FF, D6, 85, C0, 75, 13, 68, 2C, 04, 00, 00, FF, 15, 24, 10, 00, 01, 50, E8, F2... 
[+]

Entropy:

7.9074 (probably packed)

Code size:

10.5 KB (10,752 bytes)

The file rvs-pro-2011.exe has been seen being distributed by the following 2 URLs.

http://gsf-cf.softonic.com/d89/cbf/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305135&instance=softonic_en&type=PROGRAM&Expires=1478407031&Signature=V6q1N9Zj9jPRgDMfU9Ox3o8bIVOLdr40-4nJwHhmzn4eXAQFktepoo2u4Uy63Q4Ce6eE3JXrfhN07w~tAjAPRd~SDqq5ACvTB3AgoZdxTMm8W613Ph9ZflsK7dPWWmmyqlO-yW4NDx9lTwIKcM78BIY4yKy0FrHZD819h2wKt0s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rvs-pro-2011.exe

http://gsf-cf.softonic.com/d89/cbf/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305135&instance=softonic_en&type=PROGRAM&Expires=1473192901&Signature=LCK~WOkFavryAT-HQ0MjEE6h-X1Qh~olZL8VXRBNI3j6b46G8zIIJg6FxFnhtZyptFKZeDmq-OdzIofogCI6ZWxtbMIopdPRDugYlvyEYAXqlRkWOWSSuKurVuJaxUMDmf2fXlZnz4AF4BxrJQXf9mLIxRWbNd0HOjJEPSl5s3E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rvs-pro-2011.exe

Scan rvs-pro-2011.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.