dabr_hidoctor8012_6inmej2.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from docs.cx.
Version:
3.0.0.38

MD5:
22748dcdcae16f2a8e263dc670f60ef5

SHA-1:
c5f8d699993b70f773756d763350f794e1960b51

SHA-256:
4d83e8cf4ec564f77a8cf72f95151fa014caca7260fe52f74004461f67e6f687

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/4/2024 5:04:52 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader10.63249
9.0.1.05190

File size:
940.3 KB (962,899 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\downloads\dabr_hidoctor8012_6inmej2.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:1DUCk5fRiHN7iaqCavgYCkS/Tfc8DvGyHa/Z:14Np6tKyX/TTH2

Entry address:
0x48DAC

Entry point:
55, 8B, EC, 83, C4, F4, B8, B4, 8B, 44, 00, E8, 58, D3, FB, FF, E8, 17, FB, FF, FF, E8, 52, AB, FB, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 02, 00, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 8D, 40, 00, 94, 47, 40, 00, 94, 47, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 21, 40, 00, 98, 22, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
287.5 KB (294,400 bytes)

The file dabr_hidoctor8012_6inmej2.exe has been seen being distributed by the following URL.

Scan dabr_hidoctor8012_6inmej2.exe - Powered by Reason Core Security