home

cita13-05.exe

Project1

STAR* LABS

This is a setup program which is used to install the application. The file has been seen being downloaded from allsoft.org.ua and multiple other hosts.
Publisher:
STAR* LABS

Product:
Project1

Version:
1.00

MD5:
f528dd9bea8bba02536c19d3818e579f

SHA-1:
68a00764ae6e7d5aa2cf654a1e59ce9f1eeea33a

SHA-256:
ed900f672439e1b2b67e4ab2c3ce4e8ef7e9fc52564a3cff7acfa9502cc44e91

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 1:07:08 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/VBTrojan.17D1
4.6.5.141

File size:
24 KB (24,576 bytes)

Product version:
1.00

Original file name:
Down.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\cita13-05.exe

File PE Metadata
Compilation timestamp:
5/13/2016 11:03:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
192:/TShTL3wP52lO3HvNbUCrQkrCtAaC8UYbHYgfMKaYDZeEEmWI8Wy2:/TSpWp3HvOsVmtAnX8Hl9aosVmo72

Entry address:
0x11E0

Entry point:
68, 24, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 78, 66, FF, C4, 5C, A9, DB, 4F, A9, 43, 82, FE, 53, FE, FC, 3E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, BF, 37, 3D, 10, 4A, CF, 31, 4E, 9D, 0E, 03, C7, 1F, EF, A8, BA, 4D, D9, E2, 0D, FA, 2D, 26, 4C, 9D, 66, 1E, 57, 5F, F9, 47, 21, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
12 KB (12,288 bytes)

The file cita13-05.exe has been seen being distributed by the following 2 URLs.

http://allsoft.org.ua/wp-content/plugins/advanced-custom-fields/core/.../registro-cita.php

http://all-baza.com/registro-cita.php

Scan cita13-05.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.