home

dat0512.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dhd29up7zcdyt.cloudfront.net.
MD5:
17b763976056906b00ca3482f1b1ff59

SHA-1:
1e89b68de1ca3938a021eaf8f8931d2fa0ef39da

SHA-256:
fde8b749f0dd426d404cf5233580587f65be21211d8489e475bc560176bc9349

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 1:15:35 PM UTC  (today)

File size:
18.4 MB (19,317,253 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dat0512.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
393216:6xehsGbhKiz6vcAhl+IdQgvLxqGTTZFwsQr9Js72bup+iajkLr:6xe2nemcAhFQ+VRmsW3Zmajm

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 59, 97, 47, 3A, 0D, E4, 9B, 7C, 5B, 00, 00, 00, 00, 7D, 00, 00, 00, 00, 00, 00, 00, 72, CD, DF, A2, 00, 40, 57, 18, EA, C7, F9, 46, 17, 95, C1, C4, 3A, F1, E8, EC, 7F, 64, 78, C9, 9D, 10, F7, FE, 71, 61, 3C, 51, 92, B8, 12, 67, 5D, D0, 81, D1, 93, 8D, F4, C6, 67, 92, 7B, CB, 68, 44, 7D, FC, 5A, 8E, C9, 26, D4, 1B, 50, D4, 1F, 90, 58, 3C, D9, 2C, 61, 12, E5, 8C, 92, AF, 06, D5, 30, AC, BF, 15, 54, 7F, 0B, E7, 77, 5A, 20, 0F, 28, AE, 51, BA, D3, 4E, 28, BC, FC, 93, AC, 8D, 49, C7...
 
[+]

Entropy:
8.0000  (probably packed)

The file dat0512.exe has been seen being distributed by the following URL.

http://dhd29up7zcdyt.cloudfront.net/download/.../dat0512.exe

Scan dat0512.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.