home

R4P3 Extractor.exe

R4P3 Extractor

R4P3

The application R4P3 Extractor.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The file has been seen being downloaded from www81.zippyshare.com and multiple other hosts.
Publisher:
R4P3

Product:
R4P3 Extractor

Version:
1.0.0.0

MD5:
9604d3e13a634719d9ed349ec3ba4620

SHA-1:
e0993ff0cdf5d9726b5a16ed803baa7c0ad04be6

SHA-256:
25fd7225f7d287c670adf9fa3ccea573d2b950d82ba37a4a182b1bfa8d4db705

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 10:02:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.16388708
197

Avira AntiVirus
TR/Confuser.dgkq
8.3.3.4

Arcabit
Trojan.Generic.DFA1264
1.0.0.672

avast!
Win32:Malware-gen
2014.9-160722

AVG
Packed3_c
2017.0.2675

Bitdefender
Trojan.Generic.16388708
1.0.20.1020

Comodo Security
UnclassifiedMalware
24885

Emsisoft Anti-Malware
Trojan.Generic.16388708
8.16.07.22.09

ESET NOD32
MSIL/Packed.Confuser.J suspicious (variant)
10.13410

F-Secure
Trojan.Generic.16388708
11.2016-22-07_6

G Data
Trojan.Generic.16388708
16.7.25

IKARUS anti.virus
PUA.MSIL.Confuser
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.223.19452

McAfee
Artemis!9604D3E13A63
5600.6331

MicroWorld eScan
Trojan.Generic.16388708
17.0.0.612

nProtect
Trojan.Generic.16388708
16.04.28.01

Panda Antivirus
Trj/GdSda.A
16.07.22.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Undefined!8.C (Cloud)
23.00.65.16720

Sophos
Generic PUA OA (PUA)
4.98

Trend Micro
TROJ_GEN.R00UC0EDS16
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
49002

File size:
491.5 KB (503,296 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © R4P3 2016

Original file name:
R4P3 Extractor.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\r4p3 extractor.exe

File PE Metadata
Compilation timestamp:
4/3/2016 9:47:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:gAAkYSxGwIJs33WjCEbzWYEi2Pq55B3xBL8qxBofsX7BSOwcJbVBx7No:gAA6GwEs22EGYEvPqDFxB4q/h7BSO

Entry address:
0x21BBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 00, 01, 00, 80, 10, 00, 00, 00, 30, 01, 00, 80, 18, 00, 00, 00, 60, 01, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8165

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
127 KB (130,048 bytes)

The file R4P3 Extractor.exe has been seen being distributed by the following 2 URLs.

http://www81.zippyshare.com/d/crJUeVuW/.../R4P3 Extractor.exe

http://www81.zippyshare.com/d/crJUeVuW/.../R4P3 Extractor.exe

Remove R4P3 Extractor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.