home

rld-fi11.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s6056.chomikuj.pl and multiple other hosts.
MD5:
ff545d64eb37b0f1b98acba8a204ba82

SHA-1:
d81f89e8ac44ea42d26a601e7b147e74a3673935

SHA-256:
58a797fb296ca3290f597ada6864196d2968cbc7722d28e8e6b2bcf0e86f0a03

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 5:13:07 AM UTC  (today)

Scan engine
Detection
Engine version

ViRobot
Backdoor.Win32.Bifrose.69632.S
2011.4.7.4223

File size:
8 KB (8,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\$recycle.bin\s-1-5-21-1850220490-12710740-373490001-1000\$ruasy6l\crack\rld-fi11.exe

File PE Metadata
Compilation timestamp:
1/25/2037 12:35:50 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
48:OEPihrMpVXv2pmL3L0Jacr6P0EC4/24kixRr2rV9bqJ3d1kZsZ2BxJt3G4MgnDuy:nPixwhjg0ue0hekZsZ23JtOXy

Entry address:
0x1000

Entry point:
6A, 00, E8, FB, 05, 00, 00, 85, C0, 74, 11, 33, DB, 53, 68, 25, 10, 40, 00, 53, 6A, 65, 50, E8, 34, 06, 00, 00, 61, 6A, 00, E8, E4, 05, 00, 00, C3, C8, 00, 00, 00, 53, 57, 56, 8B, 45, 0C, 83, F8, 10, 74, 25, 3D, 11, 01, 00, 00, 74, 2F, 3D, 10, 01, 00, 00, 74, 3E, 83, 3D, 36, 25, 40, 00, 01, 74, 05, E8, 11, 05, 00, 00, 33, C0, 5E, 5F, 5B, C9, C2, 10, 00, 6A, 00, FF, 75, 08, E8, DB, 05, 00, 00, 5E, 5F, 5B, C9, C2, 10, 00, 8B, 45, 10, 66, 3D, 02, 00, 74, E6, 66, 3D, E9, 03, 75, D7, E8, 2B, 00, 00, 00, EB, D0...
 
[+]

Code size:
2 KB (2,048 bytes)

The file rld-fi11.exe has been seen being distributed by the following 7 URLs.

http://s6056.chomikuj.pl/File.aspx?e=JhXv3oFayJwtIS_OigwJdFAl5WhDejBX64I_ZecLIRY0K3mJLOegRxsXzMRAReGzwLf2jKpnAFQTekJwUtacoQmKSlqUOmErzidHC2-mKjXuMFaaJnvUpEtPGrqWllhkHRVdZzppxBxoiDdLEo2vig&pv=2

http://s10241.chomikuj.pl/File.aspx?e=JhXv3oFayJwtIS_OigwJdFUn2sox5fTpzUB5K-tNDKDKIX4idk3ZRQP_jo6Hed6ohY65_XNkimXlHby5OPWELe3yX9ekBgWENOv-L5M4q4Ed765exCDg2elmA-UWJqfsycolEIPYbv9uk6mGg25B6g&pv=2

http://s6056.chomikuj.pl/File.aspx?e=JhXv3oFayJwtIS_OigwJdCmpLeCKERb4Tm3rKreC3qvo_GI7y25Dw52tKoQPoqHfdzV5qxUJt_2z0JHt9jXGimwuFJrokawfd4GrugpNNP2RG1tMEZW9BCZGbtrPijzg6-zr9r8YQxq71YXLs7A_eA&pv=2

http://s10241.chomikuj.pl/File.aspx?e=JhXv3oFayJwtIS_OigwJdFEQ0F7NdbxJ9BJIJ4YKwxw58hhKjK0nu7TQUddV7YjgHe3Q_bhzdeWtG3NdkGt-pUECm_8g3obfGensjDJe0oYW-fbul_cawhRx1TjISg1kD2SoafU04qUgtqWaYRMRaw&pv=2

http://fs.to/get/dl/.../Generate Key Fifa 11.exe

http://s6056.chomikuj.pl/File.aspx?e=JhXv3oFayJwtIS_OigwJdFEQ0F7NdbxJ9BJIJ4YKwxxn9WUriv_CtelGO7WoJwKfXJYTGSKVT9-LeA8bLt_JPMqDniQCilUT2CYaH1Kjge7pD5re5FPkSWYuIp79DEdYpP1XwJOcx29aSHoTH8-odQ&pv=2

http://www.ex.ua/.../43456136

Scan rld-fi11.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.