RannohDecryptor.exe

RannohDecryptor

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from media.kaspersky.com.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
RannohDecryptor

Description:
Trojan-Ransom.Win32.Rannoh decryptor tool

Version:
1.9.1.0

MD5:
90c90323753fb66138c8196845b70940

SHA-1:
a9fb67de2a3cc13370eb11cdd708b550eb708c97

SHA-256:
2e45a8e5e365b031fd49bc6f8f03eed7f0c7c4ee1ab920e63665b10e94f498e1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 4:34:14 PM UTC  (today)

File size:
1.1 MB (1,160,432 bytes)

Product version:
1.9.1.0

Copyright:
© 1997-2015 Kaspersky Lab ZAO.

Trademarks:
Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:
RannohDecryptor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\rannohdecryptor.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
10/8/2015 5:30:00 AM

Valid to:
10/24/2018 5:30:00 PM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F668FB0F0F002B774C7DDBD769EE5B1

File PE Metadata
Compilation timestamp:
12/11/2015 11:43:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:kEcmNOexmTu4/UpQjuJNIez5C1QaiJlEe7XA3sqtGY:ymNCTuoggAIu9ay8cq4Y

Entry address:
0x3200

Entry point:
81, EC, 04, 00, 00, 00, 89, 04, 24, 81, C4, FC, FF, FF, FF, 89, 0C, 24, 81, EC, 04, 00, 00, 00, 89, 14, 24, 53, 54, 81, EC, 04, 00, 00, 00, 89, 2C, 24, 81, C4, FC, FF, FF, FF, 89, 34, 24, 57, BE, 00, 00, 00, 00, BB, 00, 00, 00, 00, B9, 00, 00, 00, 00, B8, 00, 00, 00, 00, 81, C4, FC, FF, FF, FF, 89, 2C, 24, 89, E5, 81, C4, E0, FF, FF, FF, 68, 00, 00, 00, 00, 5F, 68, 00, 00, 00, 00, 5A, 81, BD, 0C, 00, 00, 00, 00, 00, 00, 00, 74, 00, 81, BD, 0C, 00, 00, 00, 00, 00, 00, 00, 77, 00, 81, BD, 0C, 00, 00, 00, 00...
 
[+]

Entropy:
7.8121  (probably packed)

Code size:
74 KB (75,776 bytes)

The file RannohDecryptor.exe has been seen being distributed by the following URL.

Scan RannohDecryptor.exe - Powered by Reason Core Security