home

bluestacks-2.exe

Hegotiha

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.farmsignssend.com.
Product:
Hegotiha

Description:
Hegotiha Setup

MD5:
e6c72b84961e1faa05a62afbe99bf136

SHA-1:
0823cdec0e433aaaa184d2a9b6b746990f4272bc

SHA-256:
934ac195592f41242d23942aa441d41c51b5a947488e019a3a2a1eafd80c24d5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 11:51:03 AM UTC  (today)

File size:
1016.1 KB (1,040,466 bytes)

Product version:
2.7

Copyright:
Internet wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bluestacks-2.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:viS5yOtGFGc/Jaz5veR+qR/IgDaIWXzKQRIY:q94gJo5GRdRQgDaIMPRIY

Entry address:
0xA5F8

Entry point:
60, FF, C2, 84, F6, 8D, 35, 23, A8, 4A, 7B, 80, FE, CA, 88, C8, 29, F3, 69, DA, BC, 74, D2, EF, 22, E7, 69, C0, 3D, 0A, 8D, 6D, 85, F8, B8, BC, 58, B3, 0A, 49, 8D, 31, B8, F1, 63, 1C, 35, F3, 38, CD, 8B, DF, 03, EE, 81, FA, 26, 1D, 00, 00, 70, 06, 0F, B6, C0, 0F, B7, FE, F7, C0, 07, B4, B4, CB, C6, C1, 64, EB, 02, 8A, C8, 73, 05, 4D, 8A, C6, 0B, ED, 56, 0F, AF, F2, 47, E8, 14, 00, 00, 00, 8D, 35, AB, 17, B5, BB, 03, FA, 88, F0, 03, CF, EB, 06, C7, C2, CD, 99, 71, 6F, 86, F0, 1A, FB, 85, FD, F7, C7, 25, 7D...
 
[+]

Entropy:
7.9436  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file bluestacks-2.exe has been seen being distributed by the following URL.

http://www.farmsignssend.com/c?x=U1XlmCNyJECby1twE4b2y6QmQB /WjlqR1 dFTUxq4o=&c=CSIkyktum6aGLkwJk6qsf oS/AkAKrQpsSg/GEqwFiL5dQNdi/5KrEBrZJq8djKJTLIHIi3Io8aXo xbFRpVtTHXqzeJBNh8zlRZPs5PmIHSGGaGfp2pQoODGbz7KwMe&downloadAs=bluestacks-2.exe&fallback_url=http://mirror.warer.com/windows/apps/bluestacks-app-player/.../bluestacks-app-player.exe

Scan bluestacks-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.