home

rpwplug.exe

RPW Plug

Design Dialogue

This is a setup program which is used to install the application. The file has been seen being downloaded from www.3d-raumplan.com.
Publisher:
Design Dialogue

Product:
RPW Plug

Version:
2.3.1.0

MD5:
75567e0ab5a6ec813c04be6f0b3d1789

SHA-1:
dabe7a2badc5fe233bf0a7b1eb7694650d6d4842

SHA-256:
b1198c205d21cf191b7972f0ce0fdde08edaebd88da4e3ba09b511677005a338

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 11:34:54 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7717

IKARUS anti.virus
Trojan.Win32.Urelas
t3scan.2.0.9.0

File size:
4.1 MB (4,263,424 bytes)

Product version:
2.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rpwplug.exe

File PE Metadata
Compilation timestamp:
6/11/2015 5:59:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:IiKtzU1m0iy3JzLj2IBoWE/N2U+/BZ6HN1BQeQ2CnqLtSm8TxxPw:IiKtzUliylW/N2t/Bct1BDmqLtShTs

Entry address:
0x77C000

Entry point:
57, 56, 53, 51, E8, 01, 00, 00, 00, BF, 58, 05, 70, 05, 00, 00, 50, 8B, 30, 03, F0, 8B, FE, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, E8, 01, 00, 00, 00, B9, 5A, 81, C2, 47, 05, 00, 00, 8A, 12, 83, E9, 01, 75, 01, 81, 8C, D3, 0F, 85, 24, 02, 00, 00, 81, C1, EB, 09, 0F, 82, 8A, 02, 00, 00, E9, BC, 01, 00, 00, 3B, CA, 73, 49, 8B, D9, AC, 41, 75, 01, B8, 8C, D3, 0F, 85, 4D, 02, 00, 00, B8, C1, EB, 09, 72, 34, 24, FE, 3C, E8, 75, E1, 51, 5B, 83, C1, 04, EB, 0F, B9, 8E, D1, 9C, 75, 01, B9...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
1.2 MB (1,242,624 bytes)

The file rpwplug.exe has been seen being distributed by the following URL.

http://www.3d-raumplan.com/.../RpwPlug.exe

Scan rpwplug.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.