home

9520301.exe

This is a setup program which is used to install the application.
MD5:
6e2ac7729231f71c75698722c60d9567

SHA-1:
e79f29f4bf258bd5bd1a1c0149ece146a6d37dcc

SHA-256:
e0f9a2d3f968954bfebbbbf6ab90f5c585181471fdbaf0621c8454c5cd62b640

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/25/2024 1:49:23 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.PWS.Wmsender.168
9.0.1.0293

File size:
1.2 MB (1,276,371 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\9520301.exe

File PE Metadata
OS version:
270.16544

OS bitness:
Win16

Subsystem:
Native (none required)

Linker version:
3.0

CTPH (ssdeep):
24576:v4J0WXdAKIjkJYTqobfxLPBdX5S8TKynNN5CNLYfHw+yGtLit9ShagoO:QJ0WtxIjkWtb3+8TKynNN4J8HdyGpii9

Entry address:
0xA4009C

Entry point:
4D, 5A, 01, 01, 01, 00, 01, 00, 05, 00, 00, 00, FF, FF, 00, 00, 14, 00, 00, 00, 00, 00, 0A, 00, 40, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 01, 00, 00, 04, 00, 0A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 54, 68, 69, 73, 20, 69, 73, 20, 61, 20, 57, 69, 6E, 64, 6F, 77...
 
[+]

Entropy:
7.9971  (probably packed)

Code size:
256 KB (262,147 bytes)

The file 9520301.exe has been seen being distributed by the following URL.

ftp://esupport:vImvF88@ftp.gateway.com/pub/hardware_support/drivers/win_xp/portable/.../9520301.exe

Scan 9520301.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.