Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
RTK_NIC_DRIVER_INSTALLER.sfx.zip

Overview

General Information

Sample name:RTK_NIC_DRIVER_INSTALLER.sfx.zip
Analysis ID:1391262
MD5:c4ea274ed896d81a2bba9695c9e85598
SHA1:a4d6dd7c4c263ef95e508a11628904d43a58bb0e
SHA256:78fb4deef5cc145f10f03c6b263d133876157faf69b751ed19b197c725a024e2
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Sample is not signed and drops a device driver
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops certificate files (DER)
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6000 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • RTK_NIC_DRIVER_INSTALLER.sfx.exe (PID: 5996 cmdline: "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe" MD5: F4347F29052E22B3CF95855EC0F9085C)
  • RTK_NIC_DRIVER_INSTALLER.sfx.exe (PID: 4296 cmdline: "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe" MD5: F4347F29052E22B3CF95855EC0F9085C)
    • Setup.exe (PID: 3632 cmdline: "C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe" -s MD5: A4771E490D2FC1570A61078D1F55891A)
  • RTK_NIC_DRIVER_INSTALLER.sfx.exe (PID: 6936 cmdline: "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe" MD5: F4347F29052E22B3CF95855EC0F9085C)
  • RTK_NIC_DRIVER_INSTALLER.sfx.exe (PID: 6976 cmdline: "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe" MD5: F4347F29052E22B3CF95855EC0F9085C)
  • drvinst.exe (PID: 7072 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{ad86254b-0377-494d-b845-67d42160b957}\rtux64w10.inf" "9" "4bf21232b" "0000000000000158" "WinSta0\Default" "0000000000000170" "208" "C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtuxp.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtuxp.catJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sys
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{099ab6f9-98da-c541-b760-9dd72501857c}
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeFile created: C:\Windows\INF\oem0.PNF
Source: C:\Windows\System32\drvinst.exeFile deleted: C:\Windows\System32\DriverStore\Temp\{099ab6f9-98da-c541-b760-9dd72501857c}\SETF815.tmp
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: appresolver.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: slc.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: sppc.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: devrtl.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: spinf.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: drvstore.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: newdev.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeSection loaded: kernel.appcore.dll
Source: classification engineClassification label: sus25.winZIP@8/47@0/0
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
Source: unknownProcess created: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeProcess created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe "C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe" -s
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeProcess created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe "C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe" -s
Source: unknownProcess created: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
Source: unknownProcess created: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe "C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{ad86254b-0377-494d-b845-67d42160b957}\rtux64w10.inf" "9" "4bf21232b" "0000000000000158" "WinSta0\Default" "0000000000000170" "208" "C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64"
Source: RTK_NIC_DRIVER_INSTALLER.sfx.zipStatic file information: File size 1057498 > 1048576

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtux86xp.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtux64xp.sys
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtux64xp.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtux86xp.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeFile created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\RTNicProp32.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtux64xp.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtux86xp.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\RTNicProp64.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.sysJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\RTNicProp32.dllJump to dropped file
Source: C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exeProcess created: C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe "C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\setup.exe" -s
Source: unknownProcess created: C:\Windows\System32\drvinst.exe drvinst.exe "4" "0" "c:\users\user\appdata\local\temp\{ad86254b-0377-494d-b845-67d42160b957}\rtux64w10.inf" "9" "4bf21232b" "0000000000000158" "winsta0\default" "0000000000000170" "208" "c:\users\user\appdata\local\temp\rtk_nic_driver_installer\win10\64"
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{099ab6f9-98da-c541-b760-9dd72501857c}\rtux64w10.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		2
Masquerading		OS Credential Dumping1
File and Directory Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		11
Process Injection		1
Rundll32		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.sys2%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\RTNicProp32.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\RTNicProp32.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.sys2%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\RTNicProp64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\RTNicProp64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\RTNicProp32.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\RTNicProp32.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\RTNicProp64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\RTNicProp64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.sys2%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\RTNicProp32.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\RTNicProp32.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtux86xp.sys3%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtux86xp.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\RTNicProp64.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\RTNicProp64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtux64xp.sys4%ReversingLabs
C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtux64xp.sys0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1391262
Start date and time:2024-02-13 09:33:07 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:27
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:1
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:RTK_NIC_DRIVER_INSTALLER.sfx.zip
Detection:SUS
Classification:sus25.winZIP@8/47@0/0
Cookbook Comments:
  • Found application associated with file extension: .zip
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 40.126.28.11, 40.126.28.22, 40.126.7.32, 40.126.7.35, 40.126.28.12, 40.126.28.19, 40.126.28.14, 40.126.28.20, 13.107.5.88, 204.79.197.200, 13.107.21.200
  • Excluded domains from analysis (whitelisted): evoke-windowsservices-tas-msedge-net.e-0009.e-msedge.net, www.bing.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, dual-a-0001.a-msedge.net, www.tm.v4.a.prd.aadg.akadns.net, www.tm.lg.prod.aadmsa.akadns.net, e-0009.e-msedge.net, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, login.live.com, evoke-windowsservices-tas.msedge.net, www-bing-com.dual-a-0001.a-msedge.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):137080
Entropy (8bit):6.623227335054361
Encrypted:false
SSDEEP:
MD5:A4771E490D2FC1570A61078D1F55891A
SHA1:629E2C19FC7031563FE3B6350AF0A30935D7984A
SHA-256:D26AE98146FD69A8DD37EEF97A77820E62AFEEC1125BC9B2F210570DAF74F68F
SHA-512:FB12AC9EC3CC0175221463D5A4F5CF0F614E53488458FD0623708E9E8B3D85F43963668769A311CF721E629E0542225E5865D2531259AB58B02F0ACF242DCC0F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)sqrm..!m..!m..!..!d..!..!...!..!u..!.K. o..!.O. ~..!.O. D..!.O. ...!dj.!f..!m..!...!.O. h..!.O.!l..!m..!l..!.O. l..!Richm..!........................PE..L....7.X.................&..........@........@....@..........................0.......D....@.................................D...x.......................xG.............p...........................`...@............@...............................text....$.......&.................. ..`.rdata..~x...@...z...*..............@..@.data...............................@....tls................................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):667414
Entropy (8bit):3.6273411814180836
Encrypted:false
SSDEEP:
MD5:0BD676837DF3AC10FA197F66A8FFEFFC
SHA1:19133A32EBD592F727EAE330E7E9423F938185E8
SHA-256:F7300D0F666291FD0A41D2EA67F51A06483DF0DFCC5E5C6EC6FBCB3C99C25351
SHA-512:44A793BC7A4B9330413A5847C2F771057FC46AE26D3C1BD719486A9B703239E7A2695F3ACADE6707A2DF7D6C14CFE72D10FA67BFBA3187A824E0AADF4018B169
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.9. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.8.6.w.1.0...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .0.6./.0.3./.2.0.1.9.,.1.0...3.4...0.6.0.3...2.0.1.9.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...1.0...0.,. .N.T.a.m.d.6.4...1.0...0.,. .

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):21459
Entropy (8bit):6.093164595172021
Encrypted:false
SSDEEP:
MD5:43C87C0DDBA0F8F8C714489189199334
SHA1:C999657A1D13D130DB29400DC1EFE54216EDC589
SHA-256:756CE064988F969C665178C44ABE51B5B459556C39AA8E59F12D6EB12C2BA7F4
SHA-512:936751948324AE48EE12EFDB5886B5C2D5A9D221D875019883CB65370C3963D99CE055ECFAA809686CC1516929FF8936B75D8E4A96103FE879BD99EDACE72036
Malicious:false
Reputation:unknown
Preview:0.S...*.H........S.0.S....1.0...`.H.e......0.2...+.....7....2.0.2.0...+.....7.....=P....hM....aq.N..190612083407Z0...+.....7.....0.. 0.... ..=...K..+-...@.&.(.V..dp.e..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0@..+.....7...1200...F.i.l.e........r.t.u.x.8.6.w.1.0.s...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..=...K..+-...@.&.(.V..dp.e..0......:2...'..0..B?....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........r.t.u.x.8.6.w.1.0...i.n.f...0....&...S.n.q.za-CB..*1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0@..+.....7...1200...F.i.l.e........r.t.u.x.8.6.w.1.0.a...i.n.f...0....d..v.0I..1U..8C..~.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0@..+.....7...1200...F.i.l.e........r.t.u.x.8.6.w.1.0.i...i.n.f...0.... rf.?.a0..j.U..:....F~.,rR.....Z1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\32\rtux86w10.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):474920
Entropy (8bit):6.636675269065233
Encrypted:false
SSDEEP:
MD5:59277081B8C5BA78130CF0524ECA8200
SHA1:03529501767DD484E070CFEBA446948132EEBA8A
SHA-256:8D5A661CFA0D30774EC264EDE7F1BC3782D698101DDEC50942BF64A0DB1F12E4
SHA-512:74349EAA7DA2E373630F849B3B1DED4B39DBBA54DE0971D351A417E4B77B318091AA3D6FB2E75C021628EB8A6A48365FC4D1279DFE28175A51FBBD493E3C7090
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......iy.e-..6-..6-..6B|.7,..6..86...6.."6/..6-..6\..6B|.7*..6B|.7)..6B|.7+..6.q.7:..6.q26,..6.q.7,..6Rich-..6........PE..L......\.................,...........?............@.......................... ............@A....................................d.......................(i..........0]..8...........................h]...............................................text............................... ..h.rdata..p`.......b..................@..H.data...l....p.......N..............@...PAGE.....2.......4...^.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):667424
Entropy (8bit):3.6273206478914726
Encrypted:false
SSDEEP:
MD5:DBB12FB3B2F679B8E9E93BAC92909599
SHA1:9AB56694F4319F5FC9AF52D41250BF0FF4D9EF3E
SHA-256:1F06FEF67AE2BDAC2B44FD7CE719EEDB395B7412FDC3BFD9AC00333D139935FF
SHA-512:95411EDF7F98EDEE587C3A87230A56914CB5913A2CDED0A30199DB319EA6170437864C8E2DC4D3A9F4F16699341B34E86A9F2A7A43952EE55FAD93A5CD9E0A3B
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.9. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.6.4.w.1.0...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .0.6./.0.3./.2.0.1.9.,.1.0...3.4...0.6.0.3...2.0.1.9.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...1.0...0.,. .N.T.a.m.d.6.4...1.0...0.,. .

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):21515
Entropy (8bit):6.091751903521596
Encrypted:false
SSDEEP:
MD5:F5E76B48CA891DBFB1164B4E22363AFB
SHA1:C63B06230689A67E28393A8FE9254ADB21DF5FA3
SHA-256:4125C6778EEDFA4DC74571AC0A9F554ECA4474CEC2E368A05FA4F18173E42A43
SHA-512:FB3F2AE0FCEBB0002D1E293E40361F80D589EEA17473B9C1D5B969CD2D1A3D6359890CB22FE10903A3A9601D6698A311E4E29635CD56597935AC801E29B11E37
Malicious:false
Reputation:unknown
Preview:0.T...*.H........S.0.S....1.0...`.H.e......0.2...+.....7....2.0.2.0...+.....7...........<H.9.V......190612083406Z0...+.....7.....0.. 0......hF...0:a.u!.j..<.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0@..+.....7...1200...F.i.l.e........r.t.u.x.6.4.w.1.0.m...i.n.f...0.... ....z.+D.|....9[t.....3=..5.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.w.1.0...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ....z.+D.|....9[t.....3=..5.0....#...n....P....O...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0@..+.....7...1200...F.i.l.e........r.t.u.x.6.4.w.1.0.s...i.n.f...0.... 4.m. ./Dk......h*#...n.[L*.S<b1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0@..+.....7...1200...F.i.l.e........r.t.u.x.6.4.w.1.0.i...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... 4.m. ./Dk......h*#...n.[L*.S<b0....

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN10\64\rtux64w10.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):593496
Entropy (8bit):6.511728724660974
Encrypted:false
SSDEEP:
MD5:11BA90F45A37D57BE1B01C21384D4AE9
SHA1:5D7FE1415292F3C9851CC20CD541FC245B9338C0
SHA-256:AC2978A227CBC153B598FC31EC231DF45C61B0CCC534731EBCEA053EB710F3D7
SHA-512:BD52E34E54F13CF8DDF21DEDF9AB72BBE2A33B99CB48F7AABE85F5F72DDA7BC0196C048EE70D1F13F0EC403C20CDA5894FE61F6BB60301154B977C9A01760BCE
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.}.{.}.{.}...{.z.}..)..x.}..)..y.}.{.|...}...|.~.}...y.}.}...~.~.}...y.l.}....z.}.....z.}.Rich{.}.........................PE..d......\.........."............................@.....................................v....`A....................................................P............`..........Xh......<...0 ..8...........................p ..................8............................text...o........................... ..h.rdata..@{.......|..................@..H.data........@.......&..............@....pdata.......`.......:..............@..HPAGE....g;.......<...P.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..<...........................@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\RTNicProp32.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):117848
Entropy (8bit):6.4108103864612165
Encrypted:false
SSDEEP:
MD5:CB7409EC3A21FF6D4E5D1BE71A5DF4D4
SHA1:792A4C1535AD3ACC8A9B40C5BFBEB89AD8C9B286
SHA-256:FB078C2CA8B5635C5B5725008BC1DC28F220B82164FA4AF6DEEEFBB619CF1E7A
SHA-512:6DAD96EF1D0B41DFE682A4FF3B06AA3F2C9FB52EF1313A41C3F678C4F02781C0F3E38076851805DA8BAB759155A50104F63F0E19E4B81B2691CF626D55F8D7DB
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B...i...i...i...K..i...I.ri...H..i..=7...i..=7...i..=7...i...q..i...i..Pi..7...i..7...i..7E..i...i-..i..7...i..Rich.i..........PE..L...`|.X...........!................................................................r`....@A............................X.......<....@...N...........d..Xh..........`...p...............................@............................................text............................... ..`.rdata..HX.......Z..................@..@.data........ ......................@....rsrc....N...@...N..................@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):678174
Entropy (8bit):3.567240736583403
Encrypted:false
SSDEEP:
MD5:ECF29DFED014012DCA681B40C671F5B0
SHA1:4AAD0F32D357C427A66270C128650E6574B560DB
SHA-256:A627736F6BE7FDFE859A4F676F3B7D8811E08088CB0A5DA9ECB33CAAE31E29A4
SHA-512:D51F4471652D8CD0B4AB415EEA75F790BBB78D69EA665046D88C10B99D359ED0CE34A95E9BDB042ADF72134F03996B0347434CBD06DC6228E31777D037B47266
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.9. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.8.6.w.7...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .0.4./.1.9./.2.0.1.9.,.7...4.7...0.4.1.9...2.0.1.9.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...1.,. .N.T.a.m.d.6.4...6...1.....%.X.i.a.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):19364
Entropy (8bit):5.96113484655695
Encrypted:false
SSDEEP:
MD5:6FF8A98A72D14B453E1FF3929EB37B27
SHA1:84EB96840ED728C70CDB9A6478D37232C09835C2
SHA-256:127BCA9F677FF222E14F01E324067C526EFEA9A5866CD3F59A11C5F62029EE52
SHA-512:5D59F689E7F209D682436BB900CC1D796DBD5884656D295CA54918AA30181275FBA8D26E41D578573EED593F0BD74DB03927D7CA07139124FBB2FE6EB8DC9FCC
Malicious:false
Reputation:unknown
Preview:0.K...*.H........K.0.K....1.0...+......0.0...+.....7....0t0.0p0...+.....7.........v.K....?mfT..190503080605Z0...+.....7.....0...0..w.R4.1.0.A.C.2.E.8.D.9.5.E.D.5.5.F.8.D.2.3.1.5.9.E.6.D.F.F.6.5.2.2.1.0.C.D.5.2.E.A...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0>..+.....7...100....F.i.l.e........r.t.u.x.8.6.w.7.a...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........A....^._.#..m.e"..R.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R4.7.C.5.E.3.1.6.2.B.8.6.7.0.F.F.0.1.D.D.1.2.1.0.1.7.B.1.2.3.2.E.1.3.F.B.2.E.E.E...1..+02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0B..+.....7...1402...F.i.l.e....... r.t.n.i.c.p.r.o.p.3.2...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........G...+.p.......#.....0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..u.R4.A.A.D.0.F.3.2.D.3.5.7.C.4.2.7.A.6.6.2.7.0.C.1.2.8.6.5.0.E.6.5.7.4.B.5.6.0.D.B...1...02..+....

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\32\rtux86w7.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):408664
Entropy (8bit):6.640126113416452
Encrypted:false
SSDEEP:
MD5:795FC4DCF5E4294C6D5DB205CBE88450
SHA1:0A8C13CB1E566FDD323846A54C16A011C37F05B2
SHA-256:0543C4422298AA8A54FEC613B45812784A4F0820E39038D9662CD986045505F9
SHA-512:EAFD164B636BB410FD726A87B76F355CC69FF2ED4531FFD86E6327B377437140505328AEE25E7C096DFFF6DADB3CB3F92D5C225014877121E4CD498581D8ABF5
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...n...n...n...g.T.m...n.......g.C.g...g.S.t...g.D.o...g.A.o...Richn...........PE..L....a.\.................:...........~....... ............................... ..................................................d.......................Xh....... ...!............................................... ...............................text............................... ..h.rdata...Y... ...Z..................@..H.data...,............`..............@...PAGE.....).......*...p.............. ..`INIT................................ ....rsrc...............................@..B.reloc..j$.......&..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\RTNicProp64.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):131672
Entropy (8bit):6.113212028465829
Encrypted:false
SSDEEP:
MD5:5BD4C7D2D8236BDB81098A0515F645DF
SHA1:ECEBBEAD37EF3AC2C597F74531D065DAB43E99D6
SHA-256:A56AA2340252A1230BC87DFAD543301B6FD8C7C48F34DE9E2A6131DD08D0733B
SHA-512:6A1763403A7D771DB5844F456F213085E035824F63C3EE696F58322E0B2075944531EC3003841E93A1711CF14542B42414FC1893AA45475488ABA4DE9093F656
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y'.....y%.....y$......................p............?.....?.....?.)......A....?.....Rich...........PE..d...c|.X.........." .....................................................................`A........................................@0..X....0..<....p...N...`..x.......Xh..........."..p...........................p"..................0............................text.............................. ..`.rdata..0...........................@..@.data........@.......,..............@....pdata..x....`.......6..............@..@.rsrc....N...p...N...D..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):678174
Entropy (8bit):3.567235834604447
Encrypted:false
SSDEEP:
MD5:7BB5526D38A8FF8D5EE9B12E698C3B57
SHA1:952C87BCC416795705C85138CC056642D67B79A0
SHA-256:83CBEF00F154DACE5468966E8B49A01ABD8E02FA34CAE1070583E079B958D4E5
SHA-512:A95A17C42434BA29282824E108C4234735F69D17B96CD85752B20F25CF56CC6D662A2CEB61DFFD252A419926526E1FD07BC7DF5A0C5588CD4D1395E4577560D4
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.9. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.6.4.w.7...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .0.4./.1.9./.2.0.1.9.,.7...4.7...0.4.1.9...2.0.1.9.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...1.,. .N.T.a.m.d.6.4...6...1.....%.X.i.a.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):19364
Entropy (8bit):5.9554458680444124
Encrypted:false
SSDEEP:
MD5:FC4F1219FA1F5C16C96438A98C5B2AB2
SHA1:74DFD35797DB73FEF3A7D70DC240CF55DCB61ADE
SHA-256:47300B511AD19B227ACA35ED35C6CE946CD0BB188BA3DFBFF9901DA16C6A23EE
SHA-512:8206AC4F3013DC2FF23E8BC0F828590C45F1E5D9572C74C87918D0630B342C837AB0AAC77275DCFCEB11D0EABF3ED559C7C8E57087599B516E20CF3882DF7B56
Malicious:false
Reputation:unknown
Preview:0.K...*.H........K.0.K....1.0...+......0.0...+.....7....0t0.0p0...+.....7.....&.....8H..o.......190503080607Z0...+.....7.....0...0..w.R2.7.9.2.3.F.D.C.7.8.6.0.6.1.7.3.9.2.3.5.E.5.9.B.5.3.3.F.B.6.8.9.E.5.4.5.F.9.3.E...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.w.7.m...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........'.?.x`as.5.S?...E.>0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..w.R4.5.E.F.2.D.0.5.0.2.3.D.7.B.4.4.D.D.E.6.4.2.F.D.8.E.4.F.6.F.9.3.2.A.8.A.1.3.9.F...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.w.7.a...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........E.-..={D..B..Oo.*...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..}.R6.7.E.0.0.2.3.D.C.9.4.F.4.0.1.8.E.6.C.1.5.8.3.4.6.F.D.3.1.0.E.3.4.9.C.A.D.8.5.0...1..%02..+.....7...1$0"...

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN7\64\rtux64w7.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):523352
Entropy (8bit):6.449538609257815
Encrypted:false
SSDEEP:
MD5:D61EAB6052ABD17E3CB9E6BA03216F52
SHA1:611ACF09B836BE75DAEA717D508459A5DC49049D
SHA-256:34F4BF9B9B4FC5E8EC17B4AFB24D39F5B7B04F54ADFA28C9DC6E9A1D99DE5EB8
SHA-512:AA28DE7444843818D6C609A0A97103018DAE014B3B66C00ABEE30A6857684452DD71C365895ABF3BA53D3C1EFAECC75356F93DFB2DE223250E014C1D2082118F
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................".........9.....?.....).....#.......>.....;...Rich..........................PE..d....b.\.........."...........................................................................................................................P............`..........Xh...........................................................................................text............................... ..h.rdata...k.......l..................@..H.data...."...0......................@....pdata.......`.......2..............@..HPAGE.....0...p...2...B.............. ..`INIT....\............t.............. ....rsrc...............................@..B.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\RTNicProp32.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):117848
Entropy (8bit):6.410555989271669
Encrypted:false
SSDEEP:
MD5:16AFD985E6A830A73FBC6C324AF2A752
SHA1:524A4384A6EECE19E52227890E1CB551012B453A
SHA-256:4523CB9D2DE54F41362DEA0732181C1F63D209DEA5EE829F09A551C7A3699871
SHA-512:0D87BC7B1ADD8F89BADD9C9F62CA454B6B17CF7CB4CB4768A308AFE8B3393C161495D369A74074A0074CEDF8A562735A34A9912B4E34A74C150B7FEDB22A503F
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B...i...i...i...K..i...I.ri...H..i..=7...i..=7...i..=7...i...q..i...i..Pi..7...i..7...i..7E..i...i-..i..7...i..Rich.i..........PE..L...`|.X...........!.....................................................................@A............................X.......<....@...N...........d..Xh..........`...p...............................@............................................text............................... ..`.rdata..HX.......Z..................@..@.data........ ......................@....rsrc....N...@...N..................@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):719580
Entropy (8bit):3.5725229827872993
Encrypted:false
SSDEEP:
MD5:C76C4685CE86ED49D18B065930D6BDF4
SHA1:6F7AAF4EF9BD5928AC0B7A8DB29B4D14373B3EA2
SHA-256:533A63D5C64FB9FDB4577B48E8EC472B1FAD4E15F8676779A9AD5948DA8F8161
SHA-512:C9146ED3F4FA2BE04F21161D159834758D3A5B09597554B27AC25F4DF2316ACF847D3B8015BDAF92CA76E28B2AA2116E41F8D53CF4218BE352A8A947EE6D88AE
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.9. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.8.6.w.8...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .0.4./.1.9./.2.0.1.9.,.8...5.4...0.4.1.9...2.0.1.9.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...2.,. .N.T.a.m.d.6.4...6...2.,. .n.t.a.r.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):21795
Entropy (8bit):6.113992962032123
Encrypted:false
SSDEEP:
MD5:5A45BD4E8CC47BF63E520760640776F5
SHA1:BF707D9DB7153A33A9EB8A9589E38E62DA2A7C78
SHA-256:A35CC6DAC4569EBF9B0479326F08E50E7CF85B87B04EFCFF9436CA8086428BC2
SHA-512:CAEB7D7B07837DE6DD3384A217412DAD1652583A41476E2AAD11E3EDCF27CD0F51AEA553D284512B95F531EAC3AB72067DBACA545742829CB22C25C6FD46E113
Malicious:false
Reputation:unknown
Preview:0.U...*.H........U.0.U....1.0...`.H.e......0.3...+.....7....3.0.3.0...+.....7.....R.*..l.E..D......190430075850Z0...+.....7.....0..P0.... ..../Z..(\..,........l.vwRTb._1..0...+.....7...1...0>..+.....7...100....F.i.l.e........r.t.u.x.8.6.w.8.i...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..../Z..(\..,........l.vwRTb._0.....H_M`N......)}b...1..0...+.....7...1...0>..+.....7...100....F.i.l.e........r.t.u.x.8.6.w.8.m...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0.... D.k.:S.....S~.. ...O...*.|.9.k..1..0...+.....7...1...0<..+.....7...1.0,...F.i.l.e........r.t.u.x.8.6.w.8...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... D.k.:S.....S~.. ...O...*.|.9.k..0....G...+.p.......#.....1..0...+.....7...1...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0B..+.....7...1402...F.i.l.e.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\32\rtux86w8.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):466520
Entropy (8bit):6.637704644566439
Encrypted:false
SSDEEP:
MD5:DC2B75B02F3B8934899B30C4344E5821
SHA1:382C78A081382DB980E131A7CC69B1848A6C0CDC
SHA-256:818F42B65BF96CC91902213DD570E1416727EC0D84261546624B2926BFA29CEE
SHA-512:968708B66ED7085B7DBAA95CBE335F4ED5BCE35C013CD02AD837100602FD1EE96900CEB6F7019C332EADDCA99E57277C04E476B43E2AB3811A00D87F2931CF19
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.W.b.9Db.9Db.9D...Da.9D...Dc.9D...Da.9D...Dk.9D...Ds.9Db.8D..9D...Dk.9DAY.Du.9D.X.Dc.9D.X.Dc.9DRichb.9D........................PE..L....c.\.............................4............@..................................P....@....................................d.......................Xh.......+......8...........................h:..H............................................text...a........................... ..h.rdata..0[.......\..................@..H.data........@.......0..............@...PAGE....q/...`...0...@.............. ..`INIT....^............p.............. ....rsrc...............................@..B.reloc.../.......0..................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\RTNicProp64.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):131672
Entropy (8bit):6.113163054753616
Encrypted:false
SSDEEP:
MD5:E1ADDAB119F727D27E7432BC53214651
SHA1:7970F653AE3E45E35119D696FB15C6EA1B419100
SHA-256:58AD53182BF2BFB8DBF41BDAD54B6ACF7CB5C571E2DA45930FCB7CCECA45FFE3
SHA-512:E909797BED85275832434390B238BBB138157E1706A1279DDC01258FE6FDD149B3A4598B800E42ABE12309A0DFE9DECBA963B640435C0EFCBCA23D843F34DD65
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y'.....y%.....y$......................p............?.....?.....?.)......A....?.....Rich...........PE..d...c|.X.........." ................................................................r.....`A........................................@0..X....0..<....p...N...`..x.......Xh..........."..p...........................p"..................0............................text.............................. ..`.rdata..0...........................@..@.data........@.......,..............@....pdata..x....`.......6..............@..@.rsrc....N...p...N...D..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):719580
Entropy (8bit):3.5727126671391614
Encrypted:false
SSDEEP:
MD5:0F11C4FCEB7A8DF83ABF76FEB7E11BAC
SHA1:19C592D04C09942EB08B5EDE5CAD9D6BB402C27E
SHA-256:AE7A3A22D58847F4B498873BE879D26EAB6A8EB16E6F7C587CF31E8DBA2E13B2
SHA-512:F62C9235823B003DC008FBB44DD1851B4A63BDC35E083058EED66736CA8E2EF14808E5C1DF3C8591D4F4774DCEDB4F7541334E8A99C95B11E7FBB0CE93F2FB91
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.9. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.6.4.w.8...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .0.4./.1.9./.2.0.1.9.,.8...5.4...0.4.1.9...2.0.1.9.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...2.,. .N.T.a.m.d.6.4...6...2.,. .n.t.a.r.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):21803
Entropy (8bit):6.118883284600919
Encrypted:false
SSDEEP:
MD5:2CA2A5435AAF9839E971343AAC75CB56
SHA1:B62E9F8F94970329ACEB5258EA6166012E112114
SHA-256:CB261D674AB1D45FDCCCF8AB08E03A4A9DDBF14374C5C9D36399ED75F68EAAC8
SHA-512:1B943565D5BCC5E789BB661F8D3725731CA02812CD7C7B1E1C11BC7C84203DB87127786BCA293BC1E542500DFDE870BA7D890C4E3EB6EE68B26D78177675EF32
Malicious:false
Reputation:unknown
Preview:0.U'..*.H........U.0.U....1.0...`.H.e......0.3...+.....7....3.0.3.0...+.....7.....7.....D.n .......190430075852Z0...+.....7.....0..P0.... ..U!....{....g.t..q.....w.B\Z..1..0...+.....7...1...0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.w.8.i...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..U!....{....g.t..q.....w.B\Z..0.......L.....^.\..k...~1..0...+.....7...1...0<..+.....7...1.0,...F.i.l.e........r.t.u.x.6.4.w.8...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0....J.rP!.6.....q...W..1..0...+.....7...1...0<..+.....7...1.0,...F.i.l.e........r.t.u.x.6.4.w.8...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0....qX.&.@.....<*..<.1..1..0...+.....7...1...0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.w.8.s...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.6...2.,.2.:.6...3...0....}m...z.....dD.B._.%1..0...+.....7...1...0>..+.....7...100....F.i.l.e.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WIN8\64\rtux64w8.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):580184
Entropy (8bit):6.498628372043636
Encrypted:false
SSDEEP:
MD5:2AAB19E4737025527CC3929694851F63
SHA1:CE15804F0C4D2BF4328668D568439EFA117110DD
SHA-256:C0AB35BB234C87674D03074E4C7B968A07F987A9149960EBC922B461E361A900
SHA-512:20671AEA04833482340351C23347C98E49B95D2F24BADAF4F4726E7372C7F61FBAFEDD81686605943E6F0C5F12A48DB27919E85EF83F8D3B510DE04105272C30
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 2%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ".AdC..dC..dC...4n.gC...4o.eC...4l.gC...4j.`C..dC...C...4h.cC...4m.tC..G...sC......eC......eC..RichdC..........PE..d....d.\.........."............................@.....................................R....`.................................................X...P............@.......r..Xh......$...0...8...........................p...p...............(............................text....r.......t.................. ..h.rdata..<u.......v...x..............@..H.data...`$..........................@....pdata.......@......................@..HPAGE.....8...`...:.................. ..`INIT.................R.............. ....rsrc................d..............@..B.reloc...............j..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\RTNicProp32.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):108992
Entropy (8bit):6.295133125725396
Encrypted:false
SSDEEP:
MD5:AB4AB6F6A00478DF3C5CB6AA6EF454C6
SHA1:3EAB123B333194DB42369ABD8451F8416E097C28
SHA-256:D3CAF4900353C7115639F736E4FB0FB6C69DF35B212C94FA32ED0D9139C5247B
SHA-512:76274B175B618D8B9D142DB906D7B07AA1AC0AA1126ABC2A115B5CDC6AE5D56BB4525AA4D4E9924DD033F6974A5765C20DB52F3ECC6787CB6E9C96D2BCBA2ACF
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 3%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B...i...i...i...K..i...I.ri...H..i..=7...i..=7...i..=7...i...q..i...i..Pi..7...i..7...i..7E..i...i-..i..7...i..Rich.i..........PE..L...`|.X...........!................................................................0@....@A............................X.......<....@...N...........d...E..........`...p...............................@............................................text............................... ..`.rdata..HX.......Z..................@..@.data........ ......................@....rsrc....N...@...N..................@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):457804
Entropy (8bit):3.55012496971491
Encrypted:false
SSDEEP:
MD5:111E750F95654A21282A30E97DF60D2D
SHA1:F696662AA4A6D948F296C738840A490270018C0D
SHA-256:E7A3E2EA779DDDC498FF4207FD08F567629E8778BDBAD573883416415A0AB81A
SHA-512:9502908C0BFD58F66A8C218F1346D7E49EBD4F74D4C9166F5F0E9CC620F3CE61385F5D1440EA7A169AEBC5180233DCD5400B47C378409AF58DF26D36F0DF463C
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.7. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.8.6.l.h...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .1.2./.1.2./.2.0.1.7.,.6...2.7...1.2.1.2...2.0.1.7.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...0.,. .N.T.a.m.d.6.4...6...0.,. .N.T.x.8.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):16568
Entropy (8bit):6.162840719152994
Encrypted:false
SSDEEP:
MD5:E41D20E2AEF5AADA6BB66C96E273BE0B
SHA1:1704B6659B0B0644DB4D6115942D83D9EFC16EA5
SHA-256:8B217CFDD61DE12D8EE157092EA21F9BE74F90B50387BDEE1BA8FFED9E97D049
SHA-512:37CBA72ADDF2AC0453DC0788F22012BC449E6C5B0D2EBF13E1A0ADA8B22E3B961F23C960954DF0FF3E96152ADAD43401D1906BF6042250BB40163EC85E98BA9E
Malicious:false
Reputation:unknown
Preview:0.@...*.H........@.0.@....1.0...+......0.%...+.....7....%.0.%.0...+.....7......../...J.........180109103119Z0...+.....7.....0..+0....R4.7.C.5.E.3.1.6.2.B.8.6.7.0.F.F.0.1.D.D.1.2.1.0.1.7.B.1.2.3.2.E.1.3.F.B.2.E.E.E...1..O0B..+.....7...1402...F.i.l.e....... r.t.n.i.c.p.r.o.p.3.2...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........G...+.p.......#.....0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.2.E.B.8.F.E.9.8.F.B.B.0.F.1.6.2.F.D.3.3.8.7.1.A.F.7.4.2.2.3.0.3.E.E.9.E.F.0.3...1..I0<..+.....7...1.0,...F.i.l.e........r.t.u.x.8.6.l.h...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+............./.8q.t"0>...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.4.4.0.E.1.E.C.6

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\32\rtux86lh.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):296896
Entropy (8bit):6.622421589267345
Encrypted:false
SSDEEP:
MD5:A07DFADB486DF06889C3BD1FE1A9351C
SHA1:AEFC8156789930BACAF5964D4E60963BFDD29EEC
SHA-256:6FEC10FE671A857704F2F838E2C286197665DD012CECB09BB589BB0949BFCD25
SHA-512:769A17D9C3516D43CEC27F55EBD629E09C6DCCACE248C462CA40B645B8A44DF3C38DA9A7672427C02FDACBF12C266C8D2A0EC7A5BD8CAC9D1B1EF717CA80760E
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[@...!...!...!..8...!...!...!..8....!..8...!..8....!..8....!..Rich.!..........................PE..L....0Z.....................t......./.......................................................................................D..d....P...............B...E...`.......................................................................................text............................... ..h.rdata...9.......:..................@..H.data...............................@...PAGE.....$.......&.................. ..`INIT....J....@...................... ....rsrc........P......................@..B.reloc.......`.......$..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\RTNicProp64.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):122816
Entropy (8bit):5.985493390935879
Encrypted:false
SSDEEP:
MD5:FC5921647B31E1231A41C061A0E7C949
SHA1:16C5D40012F4692CA3CFD00DFF6D5FA1D257E633
SHA-256:53614A89F8335C0B86F4AC45A715277C7E0FAA24FCA24220C8C266FCADEB592D
SHA-512:20CB026EB1E25876841D6A63E921DDACEC45472183A91BF826E085AACF0480E7D4698F299A7D95C801D6BD01027E3A423A1ED95834535E21482312F5F0A312D1
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 3%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y'.....y%.....y$......................p............?.....?.....?.)......A....?.....Rich...........PE..d...c|.X.........." ......................................................................`A........................................@0..X....0..<....p...N...`..x........E..........."..p...........................p"..................0............................text.............................. ..`.rdata..0...........................@..@.data........@.......,..............@....pdata..x....`.......6..............@..@.rsrc....N...p...N...D..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):457816
Entropy (8bit):3.550163390783599
Encrypted:false
SSDEEP:
MD5:A411805F55183F4AD6E498D0EB97C34A
SHA1:72CF5E31B9CD518E9FD7BE06399777D249AF2E9D
SHA-256:721DACC7E0C620C2F9DF2DBE70B10224E02100E8EDD27DAC386305B726394C0D
SHA-512:F21588EAF3AF9A74E55CEB6165D825517548E8A2A41ABEE08788E3570016CE43287E604F0D4B38422EBFABDA28FC4613F47D594ABF857CABB437CE33E0D906E4
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.7. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.6.4.l.h...c.a.t. . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....P.n.p.L.o.c.k.D.o.w.n. .=. .1.....D.r.i.v.e.r.V.e.r. . . .=. .1.2./.1.2./.2.0.1.7.,.6...2.7...1.2.1.2...2.0.1.7.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...0.,. .N.T.a.m.d.6.4...6...0.,. .N.T.x.8.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):16567
Entropy (8bit):6.163026960580578
Encrypted:false
SSDEEP:
MD5:35AF19AF287109968457BF623AE25159
SHA1:E1489FD98DFD68D20BFD158238B993AB2606325D
SHA-256:6FA76F0D0D7788A4C5D8AE92FBCA280589021B824821CADC3B0C77D87F05B327
SHA-512:2F63645E872B0AE6538843537653A725EA324103BB6D83EA6418B94990E1DD6CE71FB41B51F6E26B62B33D7007B2CAE6F0A999252276115FF5E6A4E002856FF5
Malicious:false
Reputation:unknown
Preview:0.@...*.H........@.0.@....1.0...+......0.%...+.....7....%.0.%.0...+.....7........+...N...d.V....180109103122Z0...+.....7.....0..+0....R2.8.7.7.B.8.C.0.4.B.5.7.1.6.7.9.9.1.5.5.5.F.6.4.A.D.2.2.3.4.F.0.C.5.2.D.1.2.2.B...1..C0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.l.h.a...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........(w..KW.y.U_d."4..-.+0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R3.0.A.0.8.9.4.A.F.2.A.4.C.D.6.A.D.1.4.D.8.9.1.8.0.9.5.0.4.4.8.0.3.6.B.F.7.B.E.0...1..C0>..+.....7...100....F.i.l.e........r.t.u.x.6.4.l.h.t...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........0..J..j.M...PD.6.{.0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R3.8.7.6.3.E.6.4.3.6.6.0.2.7.6.7.C.D

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINVISTA\64\rtux64lh.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):367040
Entropy (8bit):6.487458876315159
Encrypted:false
SSDEEP:
MD5:FAF019F58C99BA63B10207D7FCC069C3
SHA1:87961EDDEE307D88A27BFB3A492DD6FB6964B4E6
SHA-256:827F2B7F66769FB627CE92B4993677B4E2B8721BF6836421CEE053B6033F8907
SHA-512:D6FEA4F7119CD95367395784F55A4CCE1444B1C91179C7C01AA83F9F4871470EACD15E4FF1DD83707DC3F6853C8EBB85C053155EC841FEEF2B71815A93DC946A
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...M...M...M...<..M...M...M.....M......M.....M.....M......M.....M..Rich.M..................PE..d....0Z..........".................l........................................................................................................}..P............0.......T...E...........................................................................................text... ........................... ..h.rdata...I.......J..................@..H.data.... ..........................@....pdata.......0......................@..HPAGE.....+...@...,.................. ..`INIT.........p...................... ....rsrc................H..............@..B.reloc..v............N..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\RTNicProp32.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):108992
Entropy (8bit):6.295266446456867
Encrypted:false
SSDEEP:
MD5:8B06F4451DB34DE9E90046AD02D2EEC5
SHA1:F012BC37DF11D32EF0FB0B765299CD8CCA29A171
SHA-256:C2A37033FA4891CCA8051E9F435597B1BCC1E729C4B966C6DCBDBE793F3E152D
SHA-512:E9411130B3351C6741676C0C405FD56185F7DC44350F4ADCE6F1F1B8ABD540CC6024F58641B1FBEC387BCC7836E8654927FA1ABCC215BC69956CC608F5004EDA
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 3%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B...i...i...i...K..i...I.ri...H..i..=7...i..=7...i..=7...i...q..i...i..Pi..7...i..7...i..7E..i...i-..i..7...i..Rich.i..........PE..L...`|.X...........!......................................................................@A............................X.......<....@...N...........d...E..........`...p...............................@............................................text............................... ..`.rdata..HX.......Z..................@..@.data........ ......................@....rsrc....N...@...N..................@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtux86xp.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):174528
Entropy (8bit):6.431725480180428
Encrypted:false
SSDEEP:
MD5:FEB3EEB0BB79D71E6E841328ACE9D44E
SHA1:EBAA69881568B5E727F4BC6900F2FD0E7685CDD8
SHA-256:7B275FCDAB26749FECB10CD3CFB483585C455CA659DF1627A0E93E26098E8ADC
SHA-512:E098FB4AEDE597C9E8FF419BB1427963C8A124BBDEDE869BC4584D6C9503F44BB395DB2FC964ED6AA7F5B2DFD6E9C9C195F099F494416CD115E16581E86D4A60
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 3%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................4s.gp..4p..4p..4p..44..4...4y..4...4f..4...4q..4...4q..4Richp..4................PE..L.....fZ.....................G.......N.......................................d......r>......................................0O..d....V...............d...E...\.......................................................... ............................text............................... ..h.rdata..<,.......,..................@..H.data........A.......A..............@...INIT....h....N.......N.............. ...

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtuxp.INF

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:Windows setup INFormation
Category:dropped
Size (bytes):479770
Entropy (8bit):3.5726887060830936
Encrypted:false
SSDEEP:
MD5:DE668726910379AA8AF9FD65CD8625BC
SHA1:6B7A42D5CBBA3F6194D3D47A4341795EA8A735DF
SHA-256:0BE33698354F78C9DBA20BEEC290C558DC3D82CFE60278F664487F54F7761C20
SHA-512:3B365C20AF0A9B6811C4C54BB491F55F3F75B4EBF1E4E53B1DF620AB108B148C804D46FCC9956ABE7D3C387CB09139206FB988DE3E0F82C415A696D4B69908ED
Malicious:false
Reputation:unknown
Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.8. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.........;.;.....;.;. .T.h.i.s. .p.r.o.d.u.c.t. .i.s. .c.o.v.e.r.e.d. .b.y. .o.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .f.o.l.l.o.w.i.n.g. .p.a.t.e.n.t.s.:.....;.;. .U.S.6.,.5.7.0.,.8.8.4.,. .U.S.6.,.1.1.5.,.7.7.6.,. .a.n.d. .U.S.6.,.3.2.7.,.6.2.5.......;.;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.o.m.p.a.t.i.b.l.e. . .=. .1.....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....C.a.t.a.l.o.g.F.i.l.e. .=. .r.t.u.x.p...c.a.t. . . . . .;.;. .f.o.r. .W.H.Q.L. .c.e.r.t.i.f.i.e.d.....D.r.i.v.e.r.V.e.r. . . .=. .0.1./.2.3./.2.0.1.8.,.5...2.3...0.1.2.3...2.0.1.8.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%. . . .=. .R.e.a.l.t.e.k.,. .N.T.x.8.6...6...0.,. .N.T.a.m.d.6.4...6...0.,. .N.T.x.8.6.

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\32\rtuxp.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):17398
Entropy (8bit):6.1254420910246
Encrypted:false
SSDEEP:
MD5:322776ACA775766BFE6A5F385BA02B56
SHA1:318984D8A8E03F898B9675FCDB15D92FABB841B1
SHA-256:7A3000AA5CE8404F9584A3BECF46CE0FDB1841C411289E418BB0D6656359405D
SHA-512:82BBF0014F70BB1C580F34F99AD12D35BFC213CA70D7E4AE061772AB77AF2D7DBB5100356C485BE6289B493FFD0FF243AA0E5D4F1C0D70F136F7BE1739941DA3
Malicious:false
Reputation:unknown
Preview:0.C...*.H........C.0.C....1.0...+......0.(...+.....7....(.0.(.0...+.....7.....D.d...)J..L:.9.Z..180126061416Z0...+.....7.....0..i0....R4.7.C.5.E.3.1.6.2.B.8.6.7.0.F.F.0.1.D.D.1.2.1.0.1.7.B.1.2.3.2.E.1.3.F.B.2.E.E.E...1..O0B..+.....7...1402...F.i.l.e....... r.t.n.i.c.p.r.o.p.3.2...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........G...+.p.......#.....0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R6.5.5.A.E.0.E.9.D.7.3.0.D.9.0.A.1.6.B.4.7.4.C.0.B.F.B.E.B.6.E.D.A.6.6.0.F.9.3.A...1..I0<..+.....7...1.0,...F.i.l.e........r.t.u.x.8.6.x.p...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........eZ...0....t.....`.:0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R6.B.7.A.4.2.D.5.C

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\RTNicProp64.dll

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):122824
Entropy (8bit):5.9848505013566715
Encrypted:false
SSDEEP:
MD5:F5F9F5296287D9F0A8E4216ADBEE6924
SHA1:556958CA0DF8C06D2A8C2CD18226EFCFB6DB0A1F
SHA-256:9B4BACE40475E0BEB90A4F7A553CF64819EF13C57E9707A82770EB94126A04E4
SHA-512:DBDC0B4F75281BB9D9D725E8115238E194FAF783F15C994878FA04EB88F88825543AFB6AD6CDAF331F70EC59B2B125672A5D6BC61D34F96F323EAB74FE11A569
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 4%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................y'.....y%.....y$......................p............?.....?.....?.)......A....?.....Rich...........PE..d...c|.X.........." .....................................................................`A........................................@0..X....0..<....p...N...`..x........E..........."..p...........................p"..................0............................text.............................. ..`.rdata..0...........................@..@.data........@.......,..............@....pdata..x....`.......6..............@..@.rsrc....N...p...N...D..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtux64xp.sys

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):226752
Entropy (8bit):6.334795727685689
Encrypted:false
SSDEEP:
MD5:69AE6039473D47A540BABE63353C19E6
SHA1:75BDB29AABF0A836257F5272B8F1968281EAF2E1
SHA-256:AD7CCE3B9A25A544A4389250802AA94919C77EDFE1CEB014768A0C7BBC231532
SHA-512:49CA77A1B963D29C20247743EF34C42B23CD0776A3F0860F4EEEF63A78FD83FEA64B204898B36128060B1712CC3EEBC6F5E677CEB7E496455C08C025F0E567A3
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 4%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`.r.3.r.3.r.3.r.3.r.3...3.r.3...3.r.3..3.r.3..3.r.3...3.r.3..3.r.3..3.r.3..3.r.3Rich.r.3................PE..d.....fZ.........."..........^.......D.......................................p......$........................................................D..P....P.......0..0....0...E...`.......................................................................................text............................... ..h.rdata...6.......8..................@..H.data...............................@....pdata..0....0......................@..HINIT.........@...................... ....rsrc........P.......&..............@..B.reloc.......`.......,..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\WINXP\64\rtuxp.cat

Download File
Process:C:\Users\user\Desktop\RTK_NIC_DRIVER_INSTALLER.sfx.exe
File Type:data
Category:dropped
Size (bytes):17399
Entropy (8bit):6.129501367444859
Encrypted:false
SSDEEP:
MD5:E198FBAEC52E02AF506CC5FC08D35CA6
SHA1:CAB83A570625CFBCF7946AFB11434AEA2ADBAE3A
SHA-256:4CC5F0D4E6B4146A22996E091912347D440960FA6246E78A167F38DB25FDC046
SHA-512:000C9C54AE041A3AD0F0EBA530AAABF3F9E6F1B6D5E5F426B1477A21FF50DE1B3C4A515C5D7CB666B1F269B9922587DA5825EC2D8A40F1494BFF3849FE5A9DDF
Malicious:false
Reputation:unknown
Preview:0.C...*.H........C.0.C....1.0...+......0.(...+.....7....(.0.(.0...+.....7.....6jgzsS,N.....#...180126061418Z0...+.....7.....0..i0....R4.7.C.5.E.3.1.6.2.B.8.6.7.0.F.F.0.1.D.D.1.2.1.0.1.7.B.1.2.3.2.E.1.3.F.B.2.E.E.E...1..O0B..+.....7...1402...F.i.l.e....... r.t.n.i.c.p.r.o.p.3.2...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........G...+.p.......#.....0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R6.5.5.A.E.0.E.9.D.7.3.0.D.9.0.A.1.6.B.4.7.4.C.0.B.F.B.E.B.6.E.D.A.6.6.0.F.9.3.A...1..I0<..+.....7...1.0,...F.i.l.e........r.t.u.x.8.6.x.p...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........eZ...0....t.....`.:0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R6.B.7.A.4.2.D.5.C

C:\Windows\INF\oem0.PNF

Download File
Process:C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe
File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809
Category:dropped
Size (bytes):5884
Entropy (8bit):3.2100538689449323
Encrypted:false
SSDEEP:
MD5:5F167C05E471EB855F876E5F670AA73C
SHA1:88BE1D17384EE549AAE791F326C35F60D194C1A6
SHA-256:4FAF06C683C2F6680B0B3F73C6A99E3FD84014CC2BD3DB6863F56F288F3FD13F
SHA-512:CF8CCDCCBF16BF10B91B0DE0076369CA3985EDB1976616F57C82783685AC890C8FA5A388AC2066163B6B9119BA9C0DE4FE6ED39161DF0B3DF06C2555AC9F8076
Malicious:false
Reputation:unknown
Preview:................H...X....d..................................h...,.......0.......h.......................C.:.\.W.i.n.d.o.w.s.........................................................................................................\...................................................................|.......................|...........................................................................................................................................................................`.......H.......................................................................L...................................................................................................................@...........................................................................................................................................................h.......................t...................................................................................................................................

C:\Windows\INF\oem1.PNF

Download File
Process:C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe
File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1100 "Signature", at 0x68 WinDirPath, LanguageID 809
Category:dropped
Size (bytes):5740
Entropy (8bit):3.173847699149194
Encrypted:false
SSDEEP:
MD5:3821A155A04A6A2E4811B60BEE95BA38
SHA1:76E66DB688BD24BC907D7EF90A951D4CD74FB710
SHA-256:6931E4EA0B4B6C80DA549F8EAA738639FBC03590B0429C773C5E6D75085E80D4
SHA-512:DF33A4829683F534C505FADC7BE5BB2899614A42FE85446ABA8593D4C13D065C25871557563F9F3D7F1BAEA4927788B184573B9A8CC4C248BA873AEB8D0E1B18
Malicious:false
Reputation:unknown
Preview:................H..................................H...............(.......H...h...............h.......C.:.\.W.i.n.d.o.w.s.....x...................................................$...............................................................................................................d...(...........................................................................................................................................................................................................................................................x...................................................................$...............................................................................................4...........................0.......................................................................................................................................................................................................p...........................................................

C:\Windows\INF\oem3.PNF

Download File
Process:C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe
File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1210 "Signature", at 0x68 WinDirPath, LanguageID 809
Category:dropped
Size (bytes):6284
Entropy (8bit):3.2266737454406784
Encrypted:false
SSDEEP:
MD5:6B8B75714CCEAB25E2CBAA862EE03B94
SHA1:E04DB14C5B58A96C418C8B3E2AE83E94A892BA89
SHA-256:2BC2C79FF87D355D034A436CF90530C0A94D37E4A0A9A980CC7F86749EA4240D
SHA-512:34665896FE66DF1CD528EC0C715BB9E79DB05DAC7ADA207E2ED63F1D300104B5CA51DF2324B177AC8275966CFAE7B5AA73EDC58986CDA43E0640A7143E0B0A1C
Malicious:false
Reputation:unknown
Preview:................X........K.}........................h.......p...D.......d... ...h.......................C.:.\.W.i.n.d.o.w.s.............................................................................................................................................................................................................H...........................................8.......................................H.......................................................................................................................................................................................................................................,.......................................................................................................................................................................................................................................................................................................h...............................................8...........

C:\Windows\INF\setupapi.dev.log

Download File
Process:C:\Users\user\AppData\Local\Temp\RTK_NIC_DRIVER_INSTALLER\Setup.exe
File Type:Generic INItialization configuration [BeginLog]
Category:dropped
Size (bytes):2496594
Entropy (8bit):5.219654158023654
Encrypted:false
SSDEEP:
MD5:CBE9C02BE3CD18E7C598F2942ADDBBED
SHA1:7A37A5CB5297DCFA15FB6B14FDF79FBFFF0AF5A4
SHA-256:CF65CCE9AFA6EC892632A1873FFD493B51157EEC933B76FE27E8CFA480EC626C
SHA-512:3FE0C93EB02D2B4A52CA32C4F687BCAD1D366083B681913F14C4B93128F6AE98F6BAFAA5593B8A88B0F21F115E05F753219C2312A161DC81248C2237C576AAFC
Malicious:false
Reputation:unknown
Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

C:\Windows\System32\catroot2\dberr.txt

Download File
Process:C:\Windows\System32\drvinst.exe
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):74026
Entropy (8bit):5.38973440221705
Encrypted:false
SSDEEP:
MD5:C85017A6BB71B186CAD4D8F017038FD5
SHA1:D5210A7E9562E34DB3F299599891F4B14DD2ED0A
SHA-256:E8131311AA7F4F53B4E0EF658D5C32C2458DF9772697D85A129C15B5C179DB45
SHA-512:3B41A0EC12B0594D40D116431EF82CC3479AEDFBE024BDD44845219DEF1B3953FC626B04FF2BD5EB4CD7E4251C5CD8DBB1DAE1ECFCE0F8E1682C666DDE0FE876
Malicious:false
Reputation:unknown
Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

Static File Info

General

File type:Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):7.999783415551424
TrID:
  • ZIP compressed archive (8000/1) 100.00%
File name:RTK_NIC_DRIVER_INSTALLER.sfx.zip
File size:1'057'498 bytes
MD5:c4ea274ed896d81a2bba9695c9e85598
SHA1:a4d6dd7c4c263ef95e508a11628904d43a58bb0e
SHA256:78fb4deef5cc145f10f03c6b263d133876157faf69b751ed19b197c725a024e2
SHA512:2a3df6f71ef28e7d91e78460ac95493f0955fd6ec4f7bce798406512514afee6f481b79122414519838df6e846f6d78dc7a5128d366fba52d110e4e1e66f820c
SSDEEP:24576:PCQ/TxKOwPusW3yOQJKWb5FGnjcgqjzRYWBRLF:P9lKOwPvTOgb6gj9YSRLF
TLSH:7D2533C58B55895D8BCFB6F02156CCB0B646397A008045EE3DE0DB099FE9328B7EE467
File Content Preview:PK.........d.N'x..8"...... ...RTK_NIC_DRIVER_INSTALLER.sfx.exe...|...8<.l..l.E...4b...F.(q.M$..WB'...!.V.n.T)..V......Zzok.........K-.(.B0..|(b..Q......a.....9..P......%3s>.s..}.s.....E..+.3.A.&..*.......1W.<F....5.,......?R..lqa...,zp.C9..D. ..X.......z.

File Icon

Icon Hash:1c1c1e4e4ececedc