» rvrrv.exe
Overview
Analysis
File Details
Downloads (1)

rvrrv.exe

ϟглоугあはひ難まаこЊけс争ь骨ふӧбけқуФсъҶ

Ф与л五гЗсЌъひбЏЀЊけм四六えФ骨ЌьḆлкҞかЗЌ

The executable rvrrv.exe, “еъеил与яきへ与иҍЀҍまЗҶрЀЌくいҼ革ӨЏ五かл” has been detected as malware by 31 anti-virus scanners. The file has been seen being downloaded from www.arabsharing.com.

File name:

rvrrv.exe

Publisher:

Ф与л五гЗсЌъひбЏЀЊけм四六えФ骨ЌьḆлкҞかЗЌ

Product:

ϟглоугあはひ難まаこЊけс争ь骨ふӧбけқуФсъҶ

Description:

еъеил与яきへ与иҍЀҍまЗҶрЀЌくいҼ革ӨЏ五かл

Version:

5.6.7.8

MD5:

70ccd75fd393ea7b62d35f0c81a18f42

SHA-1:

6385e2bec3560ab5ac41a394644a03ec0984befc

SHA-256:

6cd0b96b709dfa0789b8e82e3aad89760e5342dbf4f4a27f8777454e6925e663

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

11/30/2024 9:10:13 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.15630169

230

Avira AntiVirus

TR/Injector.108544.33

8.3.3.4

Arcabit

Trojan.Generic.DEE7F59

1.0.0.672

avast!

Win32:Malware-gen

2014.9-160619

AVG

MSIL9

2017.0.2708

Baidu Antivirus

MSIL.Trojan.Injector

4.0.3.16619

Bitdefender

Trojan.Generic.15630169

1.0.20.855

Comodo Security

UnclassifiedMalware

24876

Dr.Web

BackDoor.Bladabindi.892

9.0.1.0171

Emsisoft Anti-Malware

Trojan.Generic.15630169

8.16.06.19.09

ESET NOD32

MSIL/Injector.CKR (variant)

10.13398

Fortinet FortiGate

MSIL/CKR!tr

6/19/2016

F-Secure

Trojan.Generic.15630169

11.2016-19-06_1

G Data

Trojan.Generic.15630169

16.6.25

IKARUS anti.virus

Trojan.Msil

t3scan.2.0.9.0

K7 AntiVirus

Trojan

13.223.19433

Kaspersky

Trojan.MSIL.Zapchast

14.0.0.33

McAfee

RDN/Generic.grp

5600.6364

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12706.0

MicroWorld eScan

Trojan.Generic.15630169

17.0.0.513

nProtect

Trojan.Generic.15630169

16.04.26.01

Panda Antivirus

Trj/GdSda.A

16.06.19.09

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Quick Heal

Trojan.Dynamer.r3

6.16.14.00

Rising Antivirus

Trojan.Confuser!1.A352

23.00.65.16617

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R0EDC0DAH16

10.465.19

Vba32 AntiVirus

Trojan.MSIL.Zapchast

3.12.26.4

VIPRE Antivirus

Trojan.MSIL.Zapchast.!pj

48956

ViRobot

Trojan.Win32.Z.Injector.108544.N[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Zapchast.Win32.112565

2.0.0.2818

File size:

106 KB (108,544 bytes)

Product version:

5.6.7.8

Original file name:

Server.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\rvrrv.exe

File PE Metadata

Compilation timestamp:

1/13/2016 1:35:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:Dw8j91hdiI6B4xb5i6RpoqVX94L2Ek8EhzTfL14qxe4xcY1utaWcR81W:DwQ9dWkpTaedzL1j5B/K1

Entry address:

0x1933E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.0485

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

93 KB (95,232 bytes)

The file rvrrv.exe has been seen being distributed by the following URL.

http://www.arabsharing.com/do.php?down=118023

Remove rvrrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.