home

Checker.exe

Rapha E Gustavo

This is a setup program which is used to install the application. The file has been seen being downloaded from fs07n5.sendspace.com.
Product:
Rapha E Gustavo

Version:
1.0.0.0

MD5:
549a1f9f2cf695e96898ec904d01edff

SHA-1:
67bef74dbea4e52108fbfb03d21248ba5d1120bc

SHA-256:
247a0e669e053ff7717d77b50fd819c1cf58ed4b713d4cfd59af94403e1b0a74

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
1/13/2025 10:58:44 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Genome.mdIM
2.1.4+

F-Prot
W32/MSIL_Troj.DL.gen
v6.4.7.1.166

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
Trojan.Confuser!1.A352
23.00.65.16430

File size:
1.2 MB (1,266,176 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Checker.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
4/22/2016 3:19:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:Uwty46FhOZFHak885RwMxOajPkMAQKyWiOL0CPAypY63vlm:Uwty46FhwFHak6kzjBmAP639

Entry address:
0x1361BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 50, 00, 00, 80, 10, 00, 00, 00, 68, 00, 00, 80, 18, 00, 00, 00, 80, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.2 MB (1,262,080 bytes)

The file Checker.exe has been seen being distributed by the following URL.

https://fs07n5.sendspace.com/dl/ab0c9996ef81bb678ab70b129eab07c5/571a5e5e07a6e1e0/.../Checker.exe

Scan Checker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.