home

rvlkl_setup64.exe

Logixoft

The application rvlkl_setup64.exe by Logixoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Logixoft  (signed and verified)

MD5:
e1d90648be053740ffa513c4ef3a661c

SHA-1:
5013af41d13c336a6009a1044e35a1432328b1e1

SHA-256:
98d9d2f9d3309f8b9dbf3a7f6d37d8529bdb3a3c4849021cfd2657c3084d7b27

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/16/2024 9:19:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.15.18

File size:
2 MB (2,133,672 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\rvlkl_setup64.exe

Digital Signature
Signed by:
Logixoft

Authority:
GlobalSign nv-sa

Valid from:
4/26/2016 3:04:46 PM

Valid to:
4/27/2019 3:04:46 PM

Subject:
CN=Logixoft, O=Logixoft, S=Bretagne, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112117D4A5842F3B784C81F4B86B98258AB4

File PE Metadata
Compilation timestamp:
11/9/2016 3:51:41 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x12DE4

Entry point:
48, 83, EC, 28, E8, 73, 04, 00, 00, 48, 83, C4, 28, E9, 82, FE, FF, FF, CC, CC, 48, FF, 25, 61, CB, 00, 00, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 83, EC, 10, 4C, 89, 14, 24, 4C, 89, 5C, 24, 08, 4D, 33, DB, 4C, 8D, 54, 24, 18, 4C, 2B, D0, 4D, 0F, 42, D3, 65, 4C, 8B, 1C, 25, 10, 00, 00, 00, 4D, 3B, D3, F2, 73, 17, 66, 41, 81, E2, 00, F0, 4D, 8D, 9B, 00, F0, FF, FF, 41, C6, 03, 00, 4D, 3B, D3, F2, 75, EF, 4C, 8B, 14, 24, 4C, 8B, 5C, 24, 08, 48, 83, C4, 10, F2, C3, CC, CC, CC...
 
[+]

Code size:
118 KB (120,832 bytes)

Remove rvlkl_setup64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.