home

4.prom.znakovi.exe

znakovi

*

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0o-18-docs.googleusercontent.com and multiple other hosts.
Publisher:
*

Product:
znakovi

Version:
1.00.0003

MD5:
0fd5717e1a961facbdaa1876dbcc095b

SHA-1:
b8788dfff3beebe19a31c20421ed9127209680e1

SHA-256:
8ec569e1968141426c7994b9e1a98ad0d176df42c76a948679805e8caefd8576

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/17/2024 9:33:52 AM UTC  (today)

File size:
9.6 MB (10,057,216 bytes)

Product version:
1.00.0003

Original file name:
4.prom.znakovi.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\4.prom.znakovi.exe

File PE Metadata
Compilation timestamp:
1/1/2002 1:11:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.20

CTPH (ssdeep):
98304:71iVfvdVpr+FKCKc25QFRfSlaSFNrzAgOXMfcm+5f+saHKnfuy0TdTjd2CiQvfDR:MVfvZIX6NFN/ZFG5WqmyCdTkQvfStKI

Entry address:
0x13E4

Entry point:
68, 98, 79, D8, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, CB, 32, 18, A6, 08, 7B, BB, 41, 98, A8, CD, D1, 44, ED, B9, 95, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 20, 20, 20, 3D, 74, 65, 73, 74, 30, 30, 31, 00, 00, 00, 00, 00, FF, CC, 31, 00, 21, 6E, 42, 8D, FE, C5, 5B, 98, 4C, 8E, 88, F8, 89, 84, 59, 65, 9E, 52, 8C, 08, 0C, D6, 26, F2, 4A, A8, 37, 95, FC, E9, BD, BE, 1B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
9.6 MB (10,033,664 bytes)

The file 4.prom.znakovi.exe has been seen being distributed by the following 2 URLs.

https://doc-0o-18-docs.googleusercontent.com/docs/securesc/7ol1k6otqra3ka27464ad4433bcefbv6/nbdc2li2ij28un5fdr95023env26379c/1476172800000/03584425569937706762/.../0B2swypk4yh6jdWZQVnpBdEpwY28?e=download

https://doc-14-5g-docs.googleusercontent.com/docs/securesc/ikgdhb3snjcvdujsqblullsbuef11obv/g67pvc3tmfhvvs2n3kerdfvjqtc5jqd5/1466856000000/03584425569937706762/.../0B2swypk4yh6jdWZQVnpBdEpwY28?e=download

Scan 4.prom.znakovi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.