» comprobanteselectronicos_win.exe
Overview
Analysis
File Details
Downloads (1)

comprobanteselectronicos_win.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from descargas.sri.gov.ec.

File name:

MD5:

da51913f0af4e2e29fa34da254250a3d

SHA-1:

65a96584fd80c92c8a761f9e9677a380c4540c40

SHA-256:

28808c489525f8320b37cd1c0752e4b402b85df681c69047f42b42efd2d4ae24

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/25/2024 4:38:10 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Trojan-Dropper.Win32.Zegost

t3scan.1.9.5.0

File size:

28.6 MB (29,958,415 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\comprobanteselectronicos_win.exe

File PE Metadata

Compilation timestamp:

7/20/2015 10:19:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

786432:hZ7wigbevjHW2/wOBxN27Kz8tQZRw4yyU+nGZ9DRYlXr:hZMn4j//wOBO+5ZRw48+nG7tYXr

Entry address:

0x1290

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 8C, 22, 41, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, C4, 22, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, B0, 22, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, BA, 80, 00, 00, 00, 89, E5, 57, 31, C0, 8D, BD, E8, FE, FF, FF, 56, 53, 81, EC, 1C, 01, 00, 00, 89, 54, 24, 08, 89, 44, 24, 04, 89, 3C, 24, E8, CF, 57, 00, 00, 89, 7C, 24, 04, C7, 04, 24, 18, 00, 00, 00, E8, 67, 0D, 00, 00, 85, C0, 0F, 84, 7C, 00, 00... 
[+]

Packer / compiler:

MingWin32

Code size:

23.5 KB (24,064 bytes)

The file comprobanteselectronicos_win.exe has been seen being distributed by the following URL.

http://descargas.sri.gov.ec/download/.../comprobantesElectronicos_win.exe

Scan comprobanteselectronicos_win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.