home

dabr_hidoctor8013_6qbc232.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download.centralx.com and multiple other hosts.
Version:
3.0.0.38

MD5:
f9b36a7d004edf06b9fb97e9386235bd

SHA-1:
86112549eac5bac050c20c7a918552d7ba6fbbfd

SHA-256:
907968e7fa6b08759024686bf35046146f6797839e8377338f19bf0d868d5225

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/4/2024 5:03:44 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader10.63249
9.0.1.08

NANO AntiVirus
Trojan.Win32.DownLoader10.cyvmvp
0.28.6.63850

File size:
942.1 KB (964,756 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\downloads\dabr_hidoctor8013_6qbc232.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:1DUCk5fRiHN7iaqCavgYCkS/Tfc8DvGyHa/c:14Np6tKyX/TTHh

Entry address:
0x48DAC

Entry point:
55, 8B, EC, 83, C4, F4, B8, B4, 8B, 44, 00, E8, 58, D3, FB, FF, E8, 17, FB, FF, FF, E8, 52, AB, FB, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 02, 00, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 8D, 40, 00, 94, 47, 40, 00, 94, 47, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 21, 40, 00, 98, 22, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
287.5 KB (294,400 bytes)

The file dabr_hidoctor8013_6qbc232.exe has been seen being distributed by the following 2 URLs.

http://download.centralx.com/.../dabr_hidoctor8013_6qbc232.exe

http://docs.cx/813

Scan dabr_hidoctor8013_6qbc232.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.