home

dat0322.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.244 and multiple other hosts.
MD5:
cf8841db049a95cf96ea477a0756fa83

SHA-1:
07b5a385902da798c8ac2d14bb0c17d059fc507b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:45:48 PM UTC  (today)

File size:
20.5 MB (21,495,643 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\dat0322.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
393216:aAtoyvbSlKpZyJ1x+VCGiLYimi/t0/5I21be+CcscumwwC+SWrvfZ4mqseRNI:aESlKpZy0UGiL6i/t0RAZ3+HC+Xrvfe2

Entry point:
37, 7A, BC, AF, 27, 1C, 00, 04, 6B, 6C, 66, 98, 17, FF, 47, 01, 00, 00, 00, 00, 24, 00, 00, 00, 00, 00, 00, 00, 9B, BE, 7B, 03, 01, DD, 0B, 6D, 20, E6, F5, 7D, 46, 00, 5E, E8, 38, 1E, 49, 81, 8B, 7A, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, D3, C8, 76, 56, BB, D6, 7A, BA, 59, 07, 00, 40, 56, 58, E2, A0, CC, B5, 25, F5, 33, 05, 7C, 2F, ED, F3, 94, 44, 88, 35, C0, DE, F8, 8B, 7E, 81, 7B, 77, ED, 78, F9, 07, D9, 5C, 06, 35, 76, 0F, CA, 21, 8E, 74, BC, 16, 69, 39, 49, 46, EF, CF, 71, F8, BE, A6, D6...
 
[+]

Entropy:
8.0000  (probably packed)

The file dat0322.exe has been seen being distributed by the following 4 URLs.

http://113.171.224.244/.../dat0322.exe

http://113.171.224.208/.../dat0322.exe

http://113.171.224.178/.../dat0322.exe

http://dhd29up7zcdyt.cloudfront.net/download/.../dat0322.exe

Scan dat0322.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.