» cs1.6_cz1.2_file.ge.exe
Overview
Analysis
File Details
Downloads (93)

cs1.6_cz1.2_file.ge.exe

The program is a setup application that uses the Self-extracting archive installer. The file has been seen being downloaded from www.bin.ge and multiple other hosts.

File name:

MD5:

b8146568f1f5582b547d2e8a48cf5f84

SHA-1:

763183cd2392b6c93f409dd42f4c679687a2aa87

SHA-256:

33ee40ae398d241d66bd42d77ba1b3801f35b1529519af002dec6602a6858be3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 12:55:08 AM UTC (today)

File size:

413.2 MB (433,251,640 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Self-extracting archive

Common path:

C:\users\{user}\downloads\cs1.6_cz1.2_file.ge.exe

File PE Metadata

Compilation timestamp:

12/2/2014 2:07:30 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12582912:W1Q1n8TfYywI+8tUMSbQFlUp27ptDRZIR:W1In8TzwI++ObyqETIR

Entry address:

0x1D5DB

Entry point:

E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 4E, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

7.9986 (probably packed)

Code size:

161.5 KB (165,376 bytes)

The file cs1.6_cz1.2_file.ge.exe has been seen being distributed by the following 50 URLs.

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YjU3N2I4NDM2NDRmNGQ0YThhNzg1YmNkMmFkMTVjNjk2MWU0NDFhMzJhNGNmN2JmM2UxYTMxNjA4YmNmZTAwM0Ey&captcha=373030

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YTVlNjU0ZWY5YTIwYjMwZDEyYjMxMTg1ZjNjNGU0YzI0MTFiOWUyZjViZTU4N2EzZmQ1ODIwNjNiMmMzYzU3MzI4&captcha=353938

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YTg4ZjdhMWNkNzYwOWViMWQyMmU4MmUwM2UzYmZhZGM1ZTE5YTlmYzUwMWU3MmFjMDc2MzEwZTg4ZTNmMjhjNjUy&captcha=313639

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YmE5ODc1M2NkNDk5YjU4Yzg2NzJhYjMwYzU0OTg4NDQ4MTE3YTk4NzBlZTA5OGViOGRkYTg4MmI4OTc1YTA0ODM1&captcha=363439

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=OTE1YzFhOTIwYTU4NGI4NzQxYjJiZDhkODFmOTlkMzcxOGVhMjFjNzdkYzUxZjhhZGQ2NzM3Y2EyNTliNGVhMTUy&captcha=363133

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YWIwNGJmYjU3MDYzMTYzNjFhZGU3Yzg0M2Q3M2EyOGVmNDhjOTQ3NjMyZjQxYTVhNTNjNDQzYjhjNDljMTY3NkI1&captcha=353633

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MmRjNmQ1NjkzN2FhNGNiYjFkYTU2ZGQ5Zjk4ZmI2NjAwMmNkNTkxZjZlYjZjNDY1ZjJmYjY2OTAzNDQ4MTdmYjA3&captcha=323139

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MTc5NWNjYTQ1YjUwMzczZTdhNDVlNjkyM2YwMGRkNjZhMWQwNGUyYWJiYzJhYzhlMzU0NmQyNjNhODhmYTZhOTIw&captcha=323634

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=ZTMyMzA1NDY5ODU0YjBkOWI2MmVjMzliNDUzN2EyYTAyN2UzOWViYjdkZGJjOWQ0NWJlNTAxMWIzN2E1NGZhODI4&captcha=323132

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MzE1YzY2MGJmM2Y2NWZiZmFkZGEyNTlhZTMwODI4OTU3N2ZjNWJjMjFkNGFiMGJlZmJjYzQ2OTYyYWNmMzRhZUI1&captcha=383635

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=Mzc3YTQ4Njg3MjAzMjRiY2Q2MTRhNmNiZjdmN2UzZjcwNjQ4Yjc5NTM1NzFjZTU2Mzg5MTAyNWVlZjQxMGRlMDIz&captcha=323139

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MThjZjE5YjY1NTcwMmIzNDVkNjdkYjBkZmNhMmIzNDExN2JjNmQyNTMxYTFiMDQ1NTRjYzNjZTVkMTMyM2QyYjI3&captcha=353335

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MjI2YjRlZDQ1MjliYTg4YTA4ODgxYjkyZTZlMzc3NWJjMWIwZGQ2MjU5ZDZlNmNjNjM4NzQzYjA1NjIwOTY5MjI3&captcha=373737

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MjhhYWMxOTJlMDljNGNkNTY3ZTQ5NDk1MWY0N2QzZGM1YjFhMzgwNmFlZDBiMzdiMjQxODc1YzRiODMwYWJiZjAx&captcha=373933

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=NDRhZjA0NDUwZDExZGU2NjU0YmUxYzZiM2Q0ZDljZTIzNTg1OWY5MTM5ZDAxYmRhNGM0ZGIzNDBmYTExNDE2ZjI3&captcha=343238

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=OTM0MDA0ZWFkZjEwNGY3NGNkZDczODE1MDc2YmY4NGQxYmExMWVkYmYyMzdlMmQ4MWE4NTczNDMxNjdhMGJlZDI4&captcha=313139

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YzlhNjNiYTBlM2UzYTEyYjQ2MmQ1YmE1NTYzYTg0YTBmZTA2YjgyNDNjMDIwNjY0OTU2MWI4MmVhMjliY2JmNEE0&captcha=323438

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=ZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2UwMDg2OGNhZWJjZDEzODBiMmRkMjU1MDJjYjk4NGE2OTM1&captcha=

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YTU0ZjliN2ExMmI2MjFkZGUzN2UyZWZmYTA4NDkxZDU0ZDYwZDk4MGMzZTA1NTM2ZDhkYWNjNjQ0M2QwYTFlMDEx&captcha=333931

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=ZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2VlNjkxZDY3NmNmOGJjNDA5MDFkYzc5YjA3YmZhN2FlYjI3&captcha=

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=ZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2UxYjI3YjBjZDM2ZTg2YjZjOTc0NGUyYTk2N2UyYThhYjc2&captcha=

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MzhhYTExYWE4OTlkMDZjNDY5ZmNiMzQzOGQwMGQxNGU0ZGUwNmU2NzEyNGZjYzY3OGM3Yzk2MGZhOWNjZmY4MkEx&captcha=363234

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=ZmE3ODg3ZDcyYTRkNWRlYzdiYTdjNDAyODc1NGFiNzk4YjE2ZjZhZDcyM2YwYmFiYzc1MjE3MGQ0YTYyM2JhMkI1&captcha=313630

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=M2Q0YTM5ZDA5OTAwM2RiN2RmMzhhZTUwYWU4N2U2NTRhM2U5MTI0NmUzZjA3NzBkMTE1OTM3NGU1YjBlODc5NjI4&captcha=353639

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=ODc3NmNlNDEwMzQxNjI3OTQ3NTFlM2VkMzQ2MWViZGJlODRkMjBmNjI0ZDI0MWZmMzUwZGZiMTRkMjgwZDY4ZkEy&captcha=383132

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=YzcxNDU2YzgzNWJhMDQ0NDQ2MTg4ZTc3YzI2ODY4MTJjYTRjMTU2NTFiMDBjYTE4YmU0OTBkNGUwNTllZDcxOTI3&captcha=353832

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MjA3MDcwNGM2NmY0NDg4N2ZkMWQ0ZTVmMmIzNmY5NTViOTNkZDM0OGMwYjkwMGMzOThlZTM5ZGUwYzZkZWQwYzAx&captcha=323434

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=NWY3OWY2NTI1NzUyNWU1NGIwNWJjZmE3YTdkOTM5ZWZjMTVlN2ZkYTFjYzFhY2E3OTMyYjcwNzNlYzFhNzY4Y0Iy&captcha=353631

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=MmRmNWExZjA3OTU3YzFhN2YzODU3OWMyODkyODE0MmZjODk3OGYzMTNhODZiNDY3YzA3NzU0ZjUyOGJiYTZkMTIw&captcha=343130

http://www.bin.ge/getfilee.php?id=BDD0A4DD&access_key=NTI3OTc1NjlmNjU5ODQ5NDc0M2UyNzhjMjBjMzY2M2UzNTlmMjM1MGQyODI3NDU5YzAwY2MxMmI2MGNiMWVlY0Iy&captcha=383137

Latest 30 of 93 download URLs

Scan cs1.6_cz1.2_file.ge.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.