» 310714_f4.exe
Overview
Analysis
File Details
Downloads (1)

310714_f4.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.hakoonportal.net.

File name:

310714_f4.exe

MD5:

1ba0bad337dc0386c20c1316559e0167

SHA-1:

59022ba42a86c9ac73244f6d3ec4f66164112115

SHA-256:

1945f30c918f16302e8fd4f957dbdd3e3b6f5f36a5add584d974923c423148cc

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

12/4/2024 8:03:51 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Dropper

2014.08.29

Panda Antivirus

Trj/Genetic.gen

14.10.15.10

SUPERAntiSpyware

Trojan.Agent/Gen-KD

10298

Trend Micro House Call

Suspicious_GEN.F47V0807

7.2.288

File size:

391 KB (400,384 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\310714_f4.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:S6mkeXBpWxExVYhcEkZg9BJqX00URYOdejQ9SBY3yAjnBHWXzWm:ekeRQxExVYPd9CXBUYOdBSOCADBHWXR

Entry address:

0x5A6E4

Entry point:

55, 8B, EC, 83, C4, F0, B8, 4C, A5, 45, 00, E8, CC, C6, FA, FF, 68, 20, A7, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, 38, A7, 45, 00, B8, 6C, A7, 45, 00, E8, 6C, B4, FF, FF, E8, AB, A0, FA, FF, 00, 00, 00, FF, FF, FF, FF, 0C, 00, 00, 00, 4F, 72, 6D, 4C, 66, 68, 67, 72, 2B, 43, 2C, 79, 00, 00, 00, 00, FF, FF, FF, FF, 29, 00, 00, 00, 61, 2D, 31, 32, 31, 2C, 33, 2B, 57, 56, 2D, 34, 32, 2B, 56, 2C, 6F, 61, 7A, 6C, 6C, 60, 60, 2D, 33, 2C, 6C, 2D, 33, 2C, 70, 2B, 56, 2C, 6A, 63, 64, 2E, 44, 2D, 3E, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

358 KB (366,592 bytes)

The file 310714_f4.exe has been seen being distributed by the following URL.

http://www.hakoonportal.net/.../310714_f4.exe

Scan 310714_f4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.