rphost.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download41.mediafire.com and multiple other hosts.
MD5:
5afa34ba13b7ede942fe924482815420

SHA-1:
77711af1dac3dfc25e28efd920e06e144a8c2135

SHA-256:
49aabab7a2a102f148dd9815b3be47e2a8facfeb520e12fd94965fbd973c69fa

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 2:29:42 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.BitCoinMiner
2014.11.08

Clam AntiVirus
Win.Trojan.Generickdz-328
0.98/21411

McAfee
Artemis!5AFA34BA13B7
5600.6881

Norman
Suspicious_Gen4.GYIVI
11.20150119

SUPERAntiSpyware
Backdoor.DarkKomet/Variant
10106

File size:
80.6 KB (82,526 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rphost.exe

File PE Metadata
Compilation timestamp:
2/26/2013 8:08:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
1536:4hWYZUghygDgcnAeu/3QWiD6quwj4gXV/omRG:cWmnAe7mykgXV/oAG

Entry address:
0x9416

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 01, 41, 00, 68, 3C, BA, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 10, 53, 56, 57, 89, 65, E8, FF, 15, 38, 00, 41, 00, 33, D2, 8A, D4, 89, 15, 20, 8F, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 1C, 8F, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 18, 8F, 41, 00, C1, E8, 10, A3, 14, 8F, 41, 00, 6A, 00, E8, 94, 24, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, 9A, 00, 00, 00, 59, 83, 65, FC, 00, E8, B8, 15, 00, 00, FF, 15, 34, 00, 41, 00, A3, C4, 1E, F1, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
60 KB (61,440 bytes)

The file rphost.exe has been seen being distributed by the following 3 URLs.

http://download41.mediafire.com/i24tc77f1m7g/.../rphost.exe

Scan rphost.exe - Powered by Reason Core Security