The ruok_login.exe File Analysis

Updated 13 days ago

Checked by Malaware Check

ruok_login.exe

Technical Analysis

File Name	ruok_login.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (console) x86-64, for MS Windows`
SSDEEP Hash	24576:/Faen28oH0foJRs5vWFmxcP/DlzF4htcZrW4RD9PRkRR9323Exd/tnXoF2qpQC3+:/oen2D0fMfFScP/LstWjHRkyDVD3H
Scanner Version	1.0.217.174
Database Version	2025-05-25 11:00:17 UTC

⚠

Suspicious File Detected

Detected by 15 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

21%

Detection Rate

3,749,056

File Size (bytes)

15/72

Engines Detected

2025-05-25

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	901618de38a88e3128ec7f6a7fb6a15a
SHA1	99a390f2ff52c758a025031b1676f7b6e4e30d1d
SHA256	677d8f7e06bfd939219f2a72d47bd6d7369341fc77599b0e56bfc3135507b02c
SHA512	b27dcc8a8de28ef1402b775e03793b75604039e8742217509ecf466b59de8919108c1ae89ac109aed401c49875be656cc407e362ba222185736a3a22ab085c86
ImpHash	dca576691c99aa4f4b4f50ce499137df

Security Engines with Detections (15 of 72)

Bkav

W64.AIDetectMalware Malicious

Elastic

malicious (moderate confidence) Malicious

Cylance

Unsafe Malicious

Sangfor

Trojan.Win32.Save.a Malicious

CrowdStrike

win/malicious_confidence_100% (W) Malicious

Symantec

ML.Attribute.HighConfidence Malicious

APEX

Malicious Malicious

Paloalto

generic.ml Malicious

McAfeeD

ti!677D8F7E06BF Malicious

SentinelOne

Static AI - Malicious PE Malicious

Antiy-AVL

RiskWare/Win32.Agent Malicious

McAfee

Artemis!901618DE38A8 Malicious

Rising

[email protected] (RDML:YJxl6p+ZKgy/5LSZBffXMA) Malicious

Fortinet

W32/PossibleThreat Malicious

DeepInstinct

MALICIOUS Malicious

57 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x140000000`
Entry Point	`0x14000cc30`
Compilation Time	2025-04-28 16:25:46
Checksum	0x0039d55d (Actual: 0x0039d55d)
OS Version	6.0
PEiD Signatures	`PE32+ executable (console) x86-64, for MS Windows`
PDB Path	`C:\path\ruok_crack.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	2 libraries KERNEL32, ADVAPI32
Exports	0 functions
Resources	1 Resources
Sections	8 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	191,480 bytes	191,488 bytes	6.58 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`57833132F0BF4E63994C7C782B39B2ED`
`.rdata`	`0x00030000`	70,236 bytes	70,656 bytes	4.86 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E97B8DC5E366B868B7002CC93827A328`
`.data`	`0x00042000`	11,192 bytes	5,120 bytes	2.92 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D24906A8F607AF487D1906CE8AC70596`
`.pdata`	`0x00045000`	10,272 bytes	10,752 bytes	5.29 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`660DFACA57336193D91F63226DB77BC8`
`.fptable`	`0x00048000`	256 bytes	512 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF619EAC0CDF3F68D496EA9344137E8B`
`.rsrc`	`0x00049000`	488 bytes	512 bytes	4.77 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`275ECC20400C97DC81FE213D32DFA1A7`
`.reloc`	`0x0004a000`	2,520 bytes	2,560 bytes	5.43 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`663C8D13854610C1221518A5309AED0C`
`.vlizer`	`0x0004b000`	3,466,752 bytes	3,466,432 bytes	5.68 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`4BBC5E8CD06A01407C4FF74ED3DD5215`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 1 (392 bytes)

Resource Type	Count	Total Size	Percentage
RT_MANIFEST	1	392 bytes	100%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

15 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1