rmth.exe

rmth32

Li Xin

The application rmth.exe by Li Xin has been detected as a potentially unwanted program by 3 anti-malware scanners.
Publisher:
Li Xin  (signed and verified)

Product:
rmth32

Description:
rmth

Version:
1.0

MD5:
fcae4c2ec0d775d22510621c1ff7b1f6

SHA-1:
e19780f4cc6488fcebf615628b56129aa036cae6

SHA-256:
31243cc10b50b7f50857cbc7017ff9ebb203c5d02c6c037d9b10ee9aebb60345

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:42:02 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3003

Bkav FE
W64.HfsAdware
1.3.0.7133

Reason Heuristics
PUP.LiXin.Reputation
15.9.11.22

File size:
36.1 KB (36,936 bytes)

Product version:
1.0

Copyright:
rmth

Original file name:
rmth32.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rmth.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
3/13/2015 9:55:41 AM

Valid to:
3/13/2016 10:55:41 AM

Subject:
CN=Li Xin, L=Yingshan, S=Sichuan, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4EC8808F9295E7018CE5A64639E18B6B

File PE Metadata
Compilation timestamp:
7/20/2015 5:23:33 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
384:1VF1gaRS3mK0oGv/Xhslu1JOfVjS6XrfI9TvylXREp9D3IyX65zg9QyXNh/bq1Va:Z1gakTQvPhsw1ujXXs9Tq0DD4yBbqRw

Entry address:
0x1AE0

Entry point:
53, 56, 48, 81, EC, 88, 00, 00, 00, B9, 00, 00, 00, 02, E8, 8D, 0E, 00, 00, 48, 89, 05, C6, 5F, 00, 00, E8, 01, 01, 00, 00, 85, C0, 0F, 84, BD, 00, 00, 00, E8, 84, 03, 00, 00, E8, CF, 03, 00, 00, E8, AA, 08, 00, 00, E8, 85, 09, 00, 00, 48, 8D, 1D, B6, 52, 00, 00, 48, 8D, 05, AF, 52, 00, 00, 48, 39, C3, 73, 12, FF, 13, 48, 83, C3, 08, 48, 8D, 05, 9D, 52, 00, 00, 48, 39, C3, 72, EE, C7, 44, 24, 5C, 00, 00, 00, 00, 48, 8D, 4C, 24, 20, FF, 15, 39, 58, 00, 00, 31, C9, FF, 15, 11, 58, 00, 00, 48, 89, C3, E8, 2D...
 
[+]

Entropy:
5.8528

Code size:
15 KB (15,360 bytes)

Remove rmth.exe - Powered by Reason Core Security