home

{blocked}.exe

H-Lock - Xtrap's Bypasser

Retail Integration

This is a setup program which is used to install the application. The file has been seen being downloaded from dc379.4shared.com.
Publisher:
Retail Integration

Product:
H-Lock - Xtrap's Bypasser

Version:
1.00

MD5:
995c7a222d241987abe0bd96bfefddfd

SHA-1:
9bb15e76aec007391f0f12be7b739224ce30b207

SHA-256:
295a8beababf559d4e7085adc123ed80967f49bcce42ae267510db58e9597e40

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 1:37:37 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan-Dropper.VB.18
3.12.26.3

File size:
96 KB (98,304 bytes)

Product version:
1.00

Original file name:
Bypass Xtrap.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bypass xtrap.exe

File PE Metadata
Compilation timestamp:
6/2/2011 6:32:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:su8C8yqdKOaWCTd70L/7wBR9UompKQFfS+Qg0cnKI7:su8CcC2MRCxLV

Entry address:
0x1A0C

Entry point:
68, B8, 21, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 38, 00, 00, 00, ED, 1E, 61, D9, 51, 15, 96, 40, 87, EC, 0D, 43, 43, F4, DD, 92, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 45, 76, 69, 6C, 00, 00, 00, 00, 48, 2D, 4C, 6F, 63, 6B, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, 06, 1F, A5, 70, AD, DB, A8, 48, 9D, C3, 8F, 0F, 9D, EE, 97, E3, E6, E3, 40, F0, AE, A2, 93, 49, B8, FA, BF, 48, 0A, 65, B7, 09, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
84 KB (86,016 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

http://dc379.4shared.com/download/.../bypass_xtrap.exe

Scan {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.