home

142_arabic.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.pachin.net.
MD5:
cdca249fce664cd3e2415adeb8dbc34f

SHA-1:
c445c6bf754487f944be8071f4b25a811bfcb59b

SHA-256:
408407548a99a236f76ba1fdd721c929d796e36186179ecc28d8dbd0ab76c058

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 10:49:31 PM UTC  (today)

File size:
410 KB (419,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\142_arabic.exe

File PE Metadata
Compilation timestamp:
6/26/2007 9:22:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
12288:LoFdccP4vbQ9iwEVrdKXpF6raYaLKdk9f:LoFdcQ4jQ9iwGrgqhaL+6f

Entry address:
0x10D1F0

Entry point:
76, 02, 8B, F0, 38, F9, 39, FF, 8A, E2, 88, CB, 80, CB, F8, 11, D3, FF, C6, F2, 2D, 97, 43, DF, D1, FE, C9, 49, E8, 1D, 00, 00, 00, 78, 08, 69, F1, AB, 75, 18, A3, 12, F7, 75, 06, 05, 63, E3, 15, E9, 4F, 3B, F2, 73, 02, FF, CD, 33, DA, 0F, BE, E9, 3D, D6, EA, 00, 00, 75, 04, 87, CB, 03, C6, 85, CA, 78, 05, F6, C1, 45, FF, C6, 0F, B6, CA, F2, 4F, 84, E9, 46, 85, D9, 6A, 00, 59, 84, C5, 2D, 63, C5, E3, DC, 03, CF, F3, 8D, 3D, 34, FE, B9, 50, 84, C7, 8B, C1, 8D, 11, 2A, FC, F2, 81, C7, FF, 7E, 83, D0, 86, C3...
 
[+]

Entropy:
7.8581  (probably packed)

Code size:
320 KB (327,680 bytes)

The file 142_arabic.exe has been seen being distributed by the following URL.

http://www.pachin.net/uploads/products/.../142_arabic.exe

Scan 142_arabic.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.