What is rzw.exe?

rzw.exe is usually located in the 'c:\users\%USERNAME%\appdata\local\temp\is-migl5.tmp\' folder.

Some of the anti-virus scanners at VirusTotal detected rzw.exe.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

Vendor and version information [?]

rzw.exe does not have any version or vendor information.

Digital signatures [?]

rzw.exe is not signed.

VirusTotal report

1 of the 73 anti-virus programs at VirusTotal detected the rzw.exe file. That's a 1% detection rate.

ScannerDetection Name
Trapmine malicious.moderate.ml.score
1 of the 73 anti-virus programs detected the rzw.exe file.

Sandbox Report

The following information was gathered by executing the file inside Cuckoo Sandbox.

Summary

Successfully executed process in sandbox.

Generic

[
    {
        "process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\52c28d2f80b18bd237de3243fdbe326ab1bd278ba52026ee524431f16aa52905.bin",
        "process_name": "52c28d2f80b18bd237de3243fdbe326ab1bd278ba52026ee524431f16aa52905.bin",
        "pid": 2816,
        "summary": {},
        "first_seen": 1563076384.6094,
        "ppid": 2016
    },
    {
        "process_path": "C:\\Windows\\System32\\lsass.exe",
        "process_name": "lsass.exe",
        "pid": 476,
        "summary": {},
        "first_seen": 1563076384.3438,
        "ppid": 376
    }
]

Signatures

[
    {
        "markcount": 1,
        "families": [],
        "description": "The executable uses a known packer",
        "severity": 1,
        "marks": [
            {
                "category": "packer",
                "ioc": "Armadillo v1.71",
                "type": "ioc",
                "description": null
            }
        ],
        "references": [],
        "name": "peid_packer"
    }
]

Yara

The Yara rules did not detect anything in the file.

Network

{
    "tls": [],
    "udp": [
        {
            "src": "192.168.56.101",
            "dst": "192.168.56.255",
            "offset": 662,
            "time": 6.2244729995728,
            "dport": 137,
            "sport": 137
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 2490,
            "time": 6.1581969261169,
            "dport": 5355,
            "sport": 51001
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 2818,
            "time": 4.1570191383362,
            "dport": 5355,
            "sport": 53595
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 3146,
            "time": 6.1655111312866,
            "dport": 5355,
            "sport": 53848
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 3474,
            "time": 4.6656579971313,
            "dport": 5355,
            "sport": 54255
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 3802,
            "time": 3.0586540699005,
            "dport": 5355,
            "sport": 55314
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 4130,
            "time": 4.6770739555359,
            "dport": 1900,
            "sport": 1900
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 8606,
            "time": 4.1875190734863,
            "dport": 3702,
            "sport": 49152
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 12798,
            "time": 6.2709910869598,
            "dport": 1900,
            "sport": 53598
        }
    ],
    "dns_servers": [],
    "http": [],
    "icmp": [],
    "smtp": [],
    "tcp": [],
    "smtp_ex": [],
    "mitm": [],
    "hosts": [],
    "pcap_sha256": "834b25dcc9f2ce5813c9f4c6d9604a00615076692276ce88e31f047f6b0e7843",
    "dns": [],
    "http_ex": [],
    "domains": [],
    "dead_hosts": [],
    "sorted_pcap_sha256": "51731bfa81ee47c56e49d47136c5402127ced674005ae3a9c34f5d6a19d9f891",
    "irc": [],
    "https_ex": []
}

Screenshots

Screenshot from the sandbox

Hashes [?]

PropertyValue
MD57ad88e752ab85ccfac386ad7a25feea9
SHA25652c28d2f80b18bd237de3243fdbe326ab1bd278ba52026ee524431f16aa52905

Error Messages

These are some of the error messages that can appear related to rzw.exe:

rzw.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

rzw.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.

rzw.exe has stopped working.

End Program - rzw.exe. This program is not responding.

rzw.exe is not a valid Win32 application.

rzw.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.

What will you do with rzw.exe?

To help other users, please let us know what you will do with rzw.exe:



What did other users do?

The poll result listed below shows what users chose to do with rzw.exe. 73% have voted for removal. Based on votes from 11 users.

User vote results: There were 8 votes to remove and 3 votes to keep

NOTE: Please do not use this poll as the only source of input to determine what you will do with rzw.exe. Only 11 users has voted so far so it does not offer a high degree of confidence.

Malware or legitimate?

If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.

Please select the option that best describe your thoughts on the information provided on this web page


Free online surveys

And now some shameless self promotion ;)

A screenshot of FreeFixer's scan result.Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.

If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.

Comments

Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.

I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.

Patricktam writes

0 thumbs

This portal offers a wide selection of slot games, designed for all types of players.
Here, you can find retro-style games, feature-rich games, and huge-win machines with high-quality visuals and immersive sound.
Whether you’re into simple gameplay or love complex features, you’re sure to find something that suits you.
https://tysonufox75296.bluxeblog.com/65850641/Погружение-в-мир-игры-plinko-Как-играть-и-выигрывать-в-слоты
Each title are available anytime, no download needed, and fully optimized for both PC and mobile.
Besides slots, the site features tips and tricks, welcome packages, and player feedback to guide your play.
Register today, spin the reels, and get immersed in the excitement of spinning!

# 4 Apr 2025, 15:51

play casino writes

0 thumbs

On this platform, you can find a great variety of slot machines from top providers.
Visitors can try out traditional machines as well as feature-packed games with vivid animation and exciting features.
Even if you're new or an experienced player, there’s always a slot to match your mood.
play aviator</a>
Each title are ready to play 24/7 and designed for desktop computers and smartphones alike.
No download is required, so you can get started without hassle.
Platform layout is user-friendly, making it quick to find your favorite slot.
Register now, and enjoy the world of online slots!

# 17 Apr 2025, 7:10

MichaelTails writes

0 thumbs

It's alarming to realize that 1 in 3 patients commit preventable medication errors because of poor understanding?

Your health is your most valuable asset. Every medication decision you implement plays crucial role in your body's functionality. Maintaining awareness about medical treatments isn't optional for disease prevention.
Your health depends on more than taking pills. Each drug changes your biological systems in specific ways.

Consider these life-saving facts:
1. Combining medications can cause health emergencies
2. Over-the-counter allergy medicines have strict usage limits
3. Skipping doses causes complications

To protect yourself, always:
✓ Verify interactions via medical databases
✓ Review guidelines completely when starting medical treatment
✓ Speak with specialists about proper usage


___________________________________
For professional pharmaceutical advice, visit:
https://community.alteryx.com/t5/user/viewprofilepage/user-id/577170

# 21 Apr 2025, 9:42

JamesLed writes

0 thumbs

This online pharmacy features an extensive variety of pharmaceuticals at affordable prices.
Customers can discover both prescription and over-the-counter medicines for all health requirements.
We strive to maintain safe and effective medications at a reasonable cost.
Fast and reliable shipping ensures that your purchase is delivered promptly.
Take advantage of ordering medications online on our platform.
<a href="https://pbase.com/amoxil135/image/175378444">amoxil and clavulanate potassium</a>

# 22 Apr 2025, 10:56

Davidgrivy writes

0 thumbs

This website features off-road vehicle rentals throughout Crete.
Anyone can safely arrange a machine for adventure.
If you're looking to travel around coastal trails, a buggy is the perfect way to do it.
https://www.behance.net/buggycrete
The fleet are well-maintained and offered with flexible bookings.
On this platform is user-friendly and comes with clear terms.
Hit the trails and enjoy Crete in full freedom.

# 25 Apr 2025, 1:19

play casino writes

0 thumbs

On this platform, you can access lots of slot machines from top providers.
Players can enjoy retro-style games as well as feature-packed games with vivid animation and interactive gameplay.
Even if you're new or an experienced player, there’s something for everyone.
<a href="https://windlounge.de/">money casino</a>
All slot machines are instantly accessible round the clock and designed for laptops and tablets alike.
You don’t need to install anything, so you can get started without hassle.
Platform layout is user-friendly, making it quick to explore new games.
Sign up today, and dive into the excitement of spinning reels!

# 4 May 2025, 6:05

order a killer writes

0 thumbs

Searching for someone to take on a rare risky task?
This platform focuses on connecting customers with workers who are ready to perform high-stakes jobs.
Whether you're dealing with urgent repairs, hazardous cleanups, or risky installations, you’re at the right place.
All available professional is pre-screened and qualified to guarantee your security.
<a href="https://mercenaries.pw/">hire a hitman</a>
This service offer clear pricing, comprehensive profiles, and safe payment methods.
Regardless of how challenging the situation, our network has the skills to get it done.
Start your search today and find the ideal candidate for your needs.

# 8 May 2025, 0:17

Leave a reply