home

rcrdmate.exe

Audio Recorder Pro

EZ SoftMagic, Inc.

The executable rcrdmate.exe, “Audio Recorder Pro Setup ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.ezaudiorecorder.com.
Publisher:
EZ SoftMagic, Inc.

Product:
Audio Recorder Pro

Description:
Audio Recorder Pro Setup

Version:
3.9.0.1

MD5:
4827d739201c237fbf2df9c035b189a2

SHA-1:
8bbc62ce788e249b29cb16148405e496d7ef28ce

SHA-256:
8eb8bb7b53f1f71f7c49bb5b92f1f1317a36d05e5344491d4e781b661ba7259a

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
1/13/2025 2:03:12 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.1159.0

Norman
Win32.Sality.3
22.05.2016 07:18:28

File size:
2 MB (2,095,491 bytes)

Product version:
3.9.0.1

Copyright:
Copyright© 2012 EZ SoftMagic, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rcrdmate.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:CPqp1NzUOT7UBTHfWtU+AorvBr4pvLCgvhk:5p1tUBT/D+AwyLvq

Entry address:
0x9C18

Entry point:
60, 0D, E5, 95, FC, 7F, 89, C6, 40, 0F, CB, 87, FD, F7, D6, 81, F1, E9, A3, 00, 00, 4A, 2D, CA, A1, A7, 5D, 0F, BA, E8, 64, FF, CA, 0F, A4, FF, 51, 0F, BB, FA, 0F, C0, E3, E8, BC, 00, 00, 00, 69, CE, D1, 05, A6, 60, 69, CA, 97, 19, 8D, 4D, 0F, BC, EE, EB, 04, 0C, D3, 0F, CB, F7, D1, 0F, BA, E7, 27, F2, F7, C1, C3, E7, 93, C5, 88, FD, 8B, C6, F6, DD, EB, 06, 8D, 2D, 25, 7F, 68, 8F, 2B, F0, 0F, BF, D9, 11, FF, 0F, BA, E2, 16, 39, D1, 0F, B3, CD, 69, FD, D8, A7, FF, 51, 3B, F5, 70, 09, 8D, 3D, 95, 97, 22, 05...
 
[+]

Entropy:
7.9939  (probably packed)

Code size:
37 KB (37,888 bytes)

The file rcrdmate.exe has been seen being distributed by the following URL.

http://www.ezaudiorecorder.com/.../rcrdmate.exe

Remove rcrdmate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.