» 1_offer_2.exe
Overview
Analysis
File Details
Downloads (1)

1_offer_2.exe

The application 1_offer_2.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from fastdl1.us.

File name:

1_offer_2.exe

MD5:

7a90ba89d82d37bbb87fd8f5e2da6a8b

SHA-1:

59f8f8786ea506047621f857ae11e00fd4352272

SHA-256:

07215c7cc5396a553bdfc2537a8ccb598531b887051fe811a2f09884b25598c4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 1:46:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BundledOffer.Meta (L)

16.3.14.19

File size:

339 Bytes

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\1_offer_2.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6:qzmSOvDn7jAs9Q7g2rGANFGbsIM4mGvmQaK4fGO2hUYMWXz:kDuD7jD9QEEGoFGYIM4mPQaK4BE/MWj

Entry point:

3C, 68, 74, 6D, 6C, 3E, 3C, 62, 6F, 64, 79, 3E, 3C, 62, 3E, 54, 68, 65, 20, 70, 61, 67, 65, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 64, 69, 73, 70, 6C, 61, 79, 65, 64, 20, 62, 65, 63, 61, 75, 73, 65, 20, 61, 6E, 20, 69, 6E, 74, 65, 72, 6E, 61, 6C, 20, 73, 65, 72, 76, 65, 72, 20, 65, 72, 72, 6F, 72, 20, 68, 61, 73, 20, 6F, 63, 63, 75, 72, 72, 65, 64, 2E, 3C, 2F, 62, 3E, 3C, 73, 63, 72, 69, 70, 74, 3E, 76, 61, 72, 20, 67, 6C, 6F, 62, 61, 6C, 20, 3D, 20, 5B, 22, 50, 69, 6D, 7A, 65, 68, 73, 51, 36, 58, 54... 
[+]

Entropy:

5.1983

The file 1_offer_2.exe has been seen being distributed by the following URL.

http://fastdl1.us/.../ci_setup_s.exe

Remove 1_offer_2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.