home

c34213d660bd6f5fa2e7e9107856e6bbc877a.exe

Suas Corporation

The application c34213d660bd6f5fa2e7e9107856e6bbc877a.exe by Suas has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cloudcrypter.pw.
Publisher:
Suas Corporation  (signed and verified)

MD5:
a3fca36697e2c461e1ec6ba9c3ba72f7

SHA-1:
25c2e4275ee69a0b12ced0959b1d2bf61f9f6357

SHA-256:
2ce3261219eae9df0e3fc13c9842988813697b9de15297f3a103405de6302540

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 7:32:55 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Kryptik.GRX trojan
8.0.319.0

Reason Heuristics
Threat.Adware.Dropper.Suas (H)
16.11.22.9

File size:
1.4 MB (1,471,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\c34213d660bd6f5fa2e7e9107856e6bbc877a.exe

Digital Signature
Signed by:
Suas Corporation

Authority:
Suas Corporation

Valid from:
7/13/2016 3:57:12 PM

Valid to:
7/14/2026 3:57:12 PM

Subject:
E=aw@suaq.com, CN=www.suaq.com, OU=CDE Dept, O=Suas Corporation, L=Montreal, S=Quebec, C=CA

Issuer:
E=aw@suaq.com, CN=www.suaq.com, OU=CDE Dept, O=Suas Corporation, L=Montreal, S=Quebec, C=CA

Serial number:
00B202A60ED543FBF3

File PE Metadata
Compilation timestamp:
7/16/2016 7:43:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:Fa/d3W0OZkq4g0jJP5qBlCVKQoUNPIxVIdYLKbfKL0nSkHgdJI9LHhxar:QVsk2lCVpo6gxVId1bfKASkA0xBsr

Entry address:
0x15049E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8999

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,372,160 bytes)

The file c34213d660bd6f5fa2e7e9107856e6bbc877a.exe has been seen being distributed by the following URL.

http://cloudcrypter.pw/download.php?id=53185

Remove c34213d660bd6f5fa2e7e9107856e6bbc877a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.