rizyn_vv.exe

SystemNode

MG Software

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application rizyn_vv.exe by MG Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from upd.files-download-23.com.
Publisher:
SwapSystem  (signed by MG Software)

Product:
SystemNode

Description:
SystemComponent

Version:
4, 0, 34, 0

MD5:
90ef7117a19442c4cd62a8d3bc0dca74

SHA-1:
6f8febc8f292fba00281914dca679ed3bef8a2d8

SHA-256:
92fb35dd7d27a8b2e7949d9533126faf44e9567313838759263c13d8f0db1c19

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 5:32:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.MGSoftwa.Bundler (M)
16.4.29.15

File size:
37.8 KB (38,720 bytes)

Product version:
4, 0, 34, 0

Copyright:
2014

Trademarks:
SmallTrade Inc.

Original file name:
0008.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Common path:
C:\users\{user}\downloads\rizyn_vv.exe

Digital Signature
Signed by:

Authority:
MG

Valid from:
11/7/2014 7:05:37 PM

Valid to:
1/1/2040 1:59:59 AM

Subject:
CN=MG Software

Issuer:
CN=MG

Serial number:
0782F693BAAA668C4F8C7587B588BD86

File PE Metadata
Compilation timestamp:
12/5/2014 7:56:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
384:P5LySH/E7wHXDaBzQV9Wr6rGJ//f5JvIUlf7iAIUL6FA5FG7XlcMyrkzdV2yx6Vt:BLzuQ4rWQBJQUR7BeFUCX2lkSyAVIs

Entry address:
0x338E

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 54, 40, 40, 00, 8B, F0, 8A, 06, 3C, 22, 74, 10, 3C, 20, 7E, 1E, 46, 80, 3E, 20, 7F, FA, EB, 16, 3C, 22, 74, 11, 46, 8A, 06, 84, C0, 75, F5, 3C, 22, 75, 07, EB, 04, 3C, 20, 7F, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 30, 40, 40, 00, E8, 5B, 00, 00, 00, 68, 04, 60, 40, 00, 68, 00, 60, 40, 00, E8, 32, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 2C, 40, 40, 00, 50, E8, 93, FC...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
9.5 KB (9,728 bytes)

The file rizyn_vv.exe has been seen being distributed by the following URL.

Remove rizyn_vv.exe - Powered by Reason Core Security