home

RuckZuck.exe

RuckZuck

Roger Zander

This is a setup program which is used to install the application. The file has been seen being downloaded from download-codeplex.sec.s-msft.com.
Publisher:
Zander Tools  (signed by Roger Zander)

Product:
RuckZuck

Version:
1.5.1.0

MD5:
85029fba64d81dcb3f918b6b720c101f

SHA-1:
e66af5586d4eb98bf6359c7115d43fd7b9613487

SHA-256:
6e10da1d2957fd46827c8736cf9843d8f13e3ec42db4c11d68019a2ef9113919

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 5:29:52 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Packed.Confuser.J suspicious (variant)
10.13610

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

File size:
200.5 KB (205,352 bytes)

Product version:
1.5.1.0

Copyright:
Copyright © 2016 by Roger Zander

Original file name:
RuckZuck.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ruckzuck.exe

Digital Signature
Signed by:
Roger Zander

Authority:
StartCom Ltd.

Valid from:
3/12/2016 12:36:20 PM

Valid to:
3/12/2018 12:36:20 PM

Subject:
CN=Roger Zander, O=Roger Zander, L=Kollbrunn, S=Zurich, C=CH

Issuer:
CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL

Serial number:
6CE4CF3DC449E4F0F58B5B76E48D4580

File PE Metadata
Compilation timestamp:
6/4/2016 9:10:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:HjHOw+4yAu4Ny6dQo1wiMKoOQI9G6trXWCB0Zm9YZ:DHiKNp/acGKrXJGZ

Entry address:
0x2EEAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8422

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
180 KB (184,320 bytes)

The file RuckZuck.exe has been seen being distributed by the following URL.

http://download-codeplex.sec.s-msft.com/.../Release?ProjectName=ruckzuck&DownloadId=1578135&FileTime=131095404814400000&Build=21031

Scan RuckZuck.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.