» 6_offer_12.exe
Overview
Analysis
File Details
Downloads (1)

6_offer_12.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dl.revenyou.com.

File name:

6_offer_12.exe

MD5:

6f6a1ec6a1082012eb0614f7744091b3

SHA-1:

0aca0e9bb67cfe0fe3e07f7a76599904fb7fc9b6

SHA-256:

f02f72c3d7eb6c730d208bfa6e4c49b6a7bdfb9d1cc3093c9f7a0a397ca6cef6

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 1:58:35 AM UTC (today)

File size:

3.2 MB (3,342,946 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\6_offer_12.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

49152:sd+MkvU4Pjg20SP/Xk/1sZLxohOHj/y2Naf1eVbt+iVV927i9BJ4:sIc/1RhcafaRY

Entry point:

0D, 0A, 0D, 0A, 20, 20, 20, 20, C8, D5, D7, D3, BB, CE, BB, CE, D3, C6, D3, C6, B5, BD, C1, CB, B0, CB, D4, C2, D6, D0, A3, AC, CE, D2, CC, C3, C3, C3, D0, A1, E6, BA, BE, F6, B6, A8, D4, E7, D2, BB, D0, A9, B9, FD, C4, CF, B7, BD, C0, B4, A3, AC, CF, C8, B5, BD, CE, D2, D5, E2, C0, EF, CD, E6, BC, B8, CC, EC, A1, A3, 0D, 0A, 0D, 0A, 20, 20, 20, 20, CB, FD, D7, F8, B5, C4, BB, F0, B3, B5, A3, AC, B4, D3, BD, FA, C6, BD, D7, AA, B3, B5, B5, BD, CF, E6, C4, CF, BE, B8, CF, D8, A3, AC, C8, BB, BA, F3, D7, F8... 
[+]

The file 6_offer_12.exe has been seen being distributed by the following URL.

http://dl.revenyou.com/Files//Setup_product_5470.exe

Scan 6_offer_12.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.