» �-among-the-sleep.exe
Overview
Analysis
File Details
Downloads (7)

�-among-the-sleep.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dla.uloz.to and multiple other hosts.

File name:

MD5:

76f4cb3b0a89b594a72ed4bbd82ea03c

SHA-1:

609b8a1d3082739470363a62b35351a3f367626f

SHA-256:

0f52f7d8711f23ab6e38646dd3345623af149083d068dd7c8fe6d7eb3454a31c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 6:10:40 AM UTC (today)

File size:

27.5 KB (28,160 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\�-among-the-sleep.exe

File PE Metadata

Compilation timestamp:

5/11/2016 12:18:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.25

CTPH (ssdeep):

384:I7/3P7U3vuJg85/ij7m+1IstwDCFeWuB3N+AKQMUvvEVoDfQr7pSiNVYzlmtREQ:YH7FJl5/ija+1I21wB3Ehri9sx4lamQ

Entry address:

0x60B4

Entry point:

55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, A1, AC, 77, 40, 00, C6, 00, 01, B8, 20, 50, 40, 00, E8, 02, E3, FF, FF, 33, C0, 55, 68, EA, 63, 40, 00, 64, FF, 30, 64, 89, 20, BA, DC, A8, 40, 00, B8, 94, 4D, 40, 00, E8, 61, E1, FF, FF, A1, A4, 77, 40, 00, 33, D2, 89, 10, E8, 8F, E4, FF, FF, A2, 24, A9, 40, 00, 6A, 0A, 68, F8, 63, 40, 00, A1, E0, A7, 40, 00, 50, E8, 24, E3, FF, FF, A3, E0, A8, 40, 00, 83, 3D, E0, A8, 40, 00, 00, 0F, 84, 92, 02, 00, 00, A1, E0, A8, 40, 00, 50, A1, E0, A7, 40... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

18 KB (18,432 bytes)

The file �-among-the-sleep.exe has been seen being distributed by the following 7 URLs.

http://dla.uloz.to/Ps;Hs;fid=111836599;cid=1598913434;rid=1794805685;up=0;uip=188.92.11.15;tm=1479490902;ut=f;aff=uloz.to;did=uloz-to;He;ch=b6b24886cf56e72db4b87c36bb4d761a;Pe/.../five-nights-at-freddys-2-exe?bD&c=1598913434&De

http://dla.uloz.to/Ps;Hs;fid=111836488;cid=680812735;rid=808237013;up=0;uip=178.255.168.33;tm=1468834304;ut=f;aff=uloz.to;did=uloz-to;He;ch=ba3908002e697dc1f0bc21d8c83a3ae9;Pe/.../battleblock-theater-exe?bD&c=680812735&De

http://dla.uloz.to/Ps;Hs;fid=111836557;cid=457693659;rid=1756101909;up=0;uip=213.199.248.37;tm=1475349090;ut=f;aff=zachowajto.pl;did=ulozto-pl;He;ch=215872be08a3c2698478c18f85c56b5e;Pe/.../enemy-front-exe/.../enemy-front-exe?bD&c=457693659&De

http://dla.uloz.to/Ps;Hs;fid=111836599;cid=455873140;rid=631451158;up=0;uip=89.102.96.6;tm=1478426354;ut=f;aff=uloz.to;did=uloz-to;He;ch=b256f376d4c3a92a245159a50b17def9;Pe/.../five-nights-at-freddys-2-exe?bD&c=455873140&De

http://dla.uloz.to/Ps;Hs;fid=111836617;cid=2070095046;rid=526229431;up=0;uip=185.19.2.255;tm=1473099309;ut=f;aff=uloz.to;did=uloz-to;He;ch=69a166787edff43339ae57eed3471e28;Pe/.../goat-simulator-exe?bD&c=2070095046&De

http://dla.uloz.to/Ps;Hs;fid=111836470;cid=1978142200;rid=1563414491;up=0;uip=178.40.216.41;tm=1467290721;ut=f;aff=uloz.to;did=uloz-to;He;ch=168e8bddacb46aed9bb9fc1ba2715915;Pe/.../among-the-sleep-exe?bD&c=1978142200&De

https://uloz.to/.../goat-simulator-exe?do=directDownload

Scan �-among-the-sleep.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.