home

rcaudio.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from heliblog.ru and multiple other hosts.
MD5:
b22148a9113b20dd6ebe1102ab87eeb2

SHA-1:
3558c432e18f5d8cebefcaaa4ff5da8b463f7497

SHA-256:
068b6afdccdd7c9f5dfc151a0bc2e61e592fb16bc62e68ae01ae2255d1f24e0c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 10:12:51 PM UTC  (today)

File size:
473.5 KB (484,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rcaudio.exe

File PE Metadata
Compilation timestamp:
6/26/2007 3:57:02 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:NMhxi3X1d8BUWxiyzzJ03rJ4nDqtgbL7WMm+OnYqM7fyen7Q60wBFrlZm6XOs6Np:NM/GXc9rz+7MkgvehMTVvxXba

Entry address:
0x1000

Entry point:
A1, 64, 22, 45, 00, C1, E0, 02, A3, 68, 22, 45, 00, 57, 51, 33, C0, BF, 30, 8B, 45, 00, B9, 28, D5, 45, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 52, 6A, 00, E8, 9E, FE, 04, 00, 8B, D0, E8, 9B, 46, 04, 00, 5A, 6A, 00, E8, 47, 55, 04, 00, 59, 68, 2C, 22, 45, 00, 6A, 00, E8, 82, FE, 04, 00, A3, 6C, 22, 45, 00, 6A, 00, E9, 56, B8, 04, 00, E9, 9D, 55, 04, 00, 33, C0, A0, 59, 22, 45, 00, C3, A1, 6C, 22, 45, 00, C3, CC, B9, B4, 00, 00, 00, 0B, C9, 74, 3C, 83, 3D, 64, 22, 45, 00, 00, 73, 0A, B8, E2, 00, 00...
 
[+]

Code size:
324 KB (331,776 bytes)

The file rcaudio.exe has been seen being distributed by the following 2 URLs.

http://heliblog.ru/goto/http://users.skynet.be/phildc/.../RCAudio.exe

http://users.skynet.be/phildc/.../RCAudio.exe

Scan rcaudio.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.