rc7.exe

The executable rc7.exe has been detected as malware by 6 anti-virus scanners. The file has been seen being downloaded from fs03n3.sendspace.com and multiple other hosts.
MD5:
830037386e76848ed26deec9c785418c

SHA-1:
38028838f07bbf1156e1974ef9351c77f1b5b287

SHA-256:
142962ee66663a044b4b4c54ed9917a4b994a53a3b7a75f5f07223841e680cd7

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/26/2024 11:42:41 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Agent-BAO [Trj]
160327-1

Dr.Web
Trojan.DownLoader21.34807
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.MSILPerseus.3430
11.5.0.6191

ESET NOD32
MSIL/Agent.FV trojan
8.0.319.0

F-Secure
Variant.Barys.53586
5.15.96

Norman
Gen:Variant.Barys.53586
10.04.2016 15:29:17

File size:
451 KB (461,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rc7.exe

File PE Metadata
Compilation timestamp:
4/30/2016 8:15:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:wzuEde5wD8mWMXg8uB4zqSRvEaYES2JNbXsO:wzuPmQhMP2MH6kJsO

Entry address:
0x7242E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1278

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
449.5 KB (460,288 bytes)

The file rc7.exe has been seen being distributed by the following 5 URLs.

https://fs03n3.sendspace.com/dl/971d865abe54d9be4f88ed58c65bb010/5744b1bc4f92f70d/.../rc7.exe

https://fs03n1.sendspace.com/dl/71cfb187d5674c26795b7cbcd2d032aa/57f146361da0fc1f/.../rc7.exe

https://fs03n3.sendspace.com/dl/1f1c81f14c2dd87d863486085aae5d22/57eff77d024c84e0/.../rc7.exe

Remove rc7.exe - Powered by Reason Core Security