home

rfginst-trk.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from email.payproglobal.com.
Version:
8.6.4.2560

MD5:
830a4b9ec18ba7c7d0a24c93a9c0c6f7

SHA-1:
1df8eb34b18152701b1e0e504f181e44dce94187

SHA-256:
1aaa096d480bafa325d2ae7c9e12852cc8eecab4c81e3cd510091184f90528f3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:34:04 AM UTC  (today)

File size:
12.5 MB (13,157,888 bytes)

Product version:
8.6.4.2560

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\rfginst-trk.exe

File PE Metadata
Compilation timestamp:
1/28/2016 3:11:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:2vwxR/dkSXAomVJBPHkPJkR1Oip2nbN3AKbEmXEEn+tqL0ctEhMr:2oxR/dknBPMa112RnrXEptt5w

Entry address:
0x2058BC

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 2D, 5F, 00, E8, 8C, 53, E0, FF, A1, 8C, 32, 61, 00, 8B, 00, E8, 4C, 01, F4, FF, A1, 8C, 32, 61, 00, 8B, 00, B2, 01, E8, 3A, 24, F4, FF, 8B, 0D, CC, 30, 61, 00, A1, 8C, 32, 61, 00, 8B, 00, 8B, 15, 3C, E4, 5E, 00, E8, 46, 01, F4, FF, A1, 8C, 32, 61, 00, 8B, 00, E8, DA, 02, F4, FF, E8, 61, 12, E0, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2 MB (2,113,536 bytes)

The file rfginst-trk.exe has been seen being distributed by the following URL.

http://email.payproglobal.com/.../click?upn=obA-2FISuMZc-2BHHVBPqpyoUvkQrA2HddipW-2BAofSEqTkSubRKpIWu9ZdvLHVG-2FkIQq_7KAgDTmIYjRpahCT3NMMqArQem3SQy57gqSu9fo1nKAsM9E5pdsJ3T8R0T0mIG42NynrceQhxEjz-2BvfO-2FsJPuTvPRHAGzRY8-2F5rg1pMmq0M42tqHyD2CUW8Noe-2BIOeKHJVimKZwmQVsi-2F6KITILXSJ5LsX7x-2BCpVn-2BIvrM5XfkSNi6bMXw1EOL4tU4bmCg7yWHyosY-2BXzlf4GYM70eEMiElKL0yIN-2FnnqubkM90LAkI-3D

Scan rfginst-trk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.