home

0ab20rn1.exe

MD5:
8518b139abab7dfe76ddb5fb69e045d4

SHA-1:
316595b011db5941a36d3f610466b4b2e25b824a

SHA-256:
61c4befb747f6abdcc24e926adc5b74ce87938a133eeb3d7c08053914b20dd3d

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 9:27:41 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Gen:Variant.Graftor.164528
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.02.27.02

File size:
432.5 KB (442,916 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0ab20rn1.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:kLNiUpK6gLptRUdtmapj9A3mjJ8dO4HJqUITEAGqTLTuoY+CgafKBL:k5pALlUzThAWedOFfTEAHPT8aQAL

Entry address:
0x5D930

Entry point:
55, 8B, EC, 83, C4, F0, B8, 98, D7, 45, 00, E8, 58, 94, FA, FF, B8, 01, 00, 00, 00, E8, DE, 56, FA, FF, 83, F8, 1D, 75, 46, D2, 0C, 02, 00, AB, E0, 03, 00, 8B, 81, EB, 00, DF, 34, 53, 00, 6F, 85, 02, 00, BC, CB, 74, 00, A1, 24, 18, 05, D2, 0C, 02, 00, AB, E0, 03, 00, 8B, 81, EB, 00, DF, 34, 53, 00, 6F, 85, 02, 00, BC, CB, 74, 00, A1, 24, 18, 05, E8, 68, 50, FA, FF, 83, F8, 5D, 0F, 84, 1B, 15, 00, 00, 68, C0, EE, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, D4, EE, 45, 00, 33, C0, E8, 12, 95, FF, FF, E8, 41...
 
[+]

Entropy:
6.6141

Developed / compiled with:
Microsoft Visual C++

Code size:
376 KB (385,024 bytes)

The file 0ab20rn1.exe has been seen being distributed by the following URL.

http://grv.downserver2.com/TPLIStubSetup.exe

Scan 0ab20rn1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.