RuckZuck.exe

RuckZuck

Roger Zander

This is a setup program which is used to install the application. The file has been seen being downloaded from download-codeplex.sec.s-msft.com.
Publisher:
Zander Tools  (signed by Roger Zander)

Product:
RuckZuck

Version:
1.5.0.2

MD5:
ff868bb6f624ba59954a7bd936cbfa67

SHA-1:
5511d981d87538119cfa7e73a516d835fab6bc91

SHA-256:
9b810aa62d4c7213f31372196647649701751d468ef9012a7ecbfd91d9a92f3a

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 6:05:44 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Packed.Confuser.J suspicious (variant)
10.13476

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

File size:
168.5 KB (172,584 bytes)

Product version:
1.5.0.2

Copyright:
Copyright © 2016 by Roger Zander

Original file name:
RuckZuck.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\ruckzuck.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
3/12/2016 12:36:20 PM

Valid to:
3/12/2018 12:36:20 PM

Subject:
CN=Roger Zander, O=Roger Zander, L=Kollbrunn, S=Zurich, C=CH

Issuer:
CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL

Serial number:
6CE4CF3DC449E4F0F58B5B76E48D4580

File PE Metadata
Compilation timestamp:
5/7/2016 10:48:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:RRvpWUvPw53mzwthZPeBl/XGBPZzKeI693MZLt22T3w7mR2nZkk1Yxe:3kUvPwYzahQLPoZK4CZLt22Tw7iuZkkt

Entry address:
0x26EEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7948

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
148 KB (151,552 bytes)

The file RuckZuck.exe has been seen being distributed by the following URL.

Scan RuckZuck.exe - Powered by Reason Core Security