» 35941a04.exe
Overview
Analysis
File Details

35941a04.exe

SOKNO S.R.L.

File name:

35941a04.exe

Publisher:

S.P.A.W (signed by SOKNO S.R.L.)

Product:

S.P.A.W

Version:

3.07.0003

MD5:

eaf195c171ea8b949a744b51214de328

SHA-1:

7d978d4c7404183a98fa101146c94898faff75ee

SHA-256:

74329688f8a1409608f246b9e06ccc44a31994f810ae525d3dea5fefb1f69652

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/23/2024 8:14:59 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Injector.CKDE trojan

6.3.12010.0

File size:

241.7 KB (247,496 bytes)

Product version:

3.07.0003

Original file name:

S.P.A.W.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\35941a04.exe

Digital Signature

Signed by:

SOKNO S.R.L.

Authority:

GlobalSign nv-sa

Valid from:

2/6/2015 6:44:15 PM

Valid to:

3/25/2017 8:31:41 PM

Subject:

CN=SOKNO S.R.L., OU=Software development, O=SOKNO S.R.L., L=Ancona, S=AN, C=IT

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121DC26D9A7456B96B33BE622115C02D394

File PE Metadata

Compilation timestamp:

2/3/2016 9:08:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x12E8

Entry point:

68, F8, A0, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 8B, 3D, 99, FA, 97, C6, F8, 42, 81, 4E, 30, 1D, EC, EF, E5, 31, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 20, 20, 20, 20, 20, 42, 61, 75, 73, 70, 61, 72, 65, 69, 6E, 6C, 61, 67, 65, 6E, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, 3A, 4D, 4F, CF, B0, B9, 37, 45, 97, C3, 2F, B0, C2, F7, 81, 96, 2B, 8F, 5E, 55, 8F, DC, B0, 4C, AA, 95, E9, 4A, DF, 38, 2A, E6, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

6.5967

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

212 KB (217,088 bytes)

Scan 35941a04.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.