decrypt_111autolocky.exe

Emsisoft Decrypter for AutoLocky

Emsisoft Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from decrypter.emsisoft.com and multiple other hosts.
Publisher:
Emsisoft Ltd  (signed and verified)

Product:
Emsisoft Decrypter for AutoLocky

Version:
1.0.0.11

MD5:
4a4a8fd8f727d1e520387ec0a547dde1

SHA-1:
82dc6ebd8621960d9544208ab47cfb33698b128d

SHA-256:
8c9f7095650b3595ea4be47b0669863582b228b3e2f04ce011e5ed3d7b7d740a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/24/2024 1:43:24 AM UTC  (today)

File size:
1.3 MB (1,355,144 bytes)

Product version:
1.0.0.0

Copyright:
(C) 2016 Emsisoft Ltd

Original file name:
decrypt_autolocky.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\152e221a8bef8d2d13c58f995563a1a1\d3efa409f1e071c9cc1a8644587d057b\decrypt_111autolocky.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
4/28/2015 2:00:00 AM

Valid to:
5/2/2018 2:00:00 PM

Subject:
CN=Emsisoft Ltd, O=Emsisoft Ltd, L=Nelson, C=NZ

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
03ECEFF46E099F9778C617290FEC2492

File PE Metadata
Compilation timestamp:
4/16/2016 6:57:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:0IUKMtSZzStGA1cynncHSrgPpIU4p6ZXLi/Yc6pZr+P+Nt84ZOBd4:0IUztSYrg2U4p5/Yc6vrk+Nt84ZOo

Entry address:
0x3C4A90

Entry point:
60, BE, 00, E0, 6C, 00, 8D, BE, 00, 30, D3, FF, C7, 87, 18, 5C, 2D, 00, 6D, 5C, 9D, 4C, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 72, 20, 3C, 00, 57, 83, C3, 04, 53, 68, 7F, 6A, 0F, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
992 KB (1,015,808 bytes)

The file decrypt_111autolocky.exe has been seen being distributed by the following 2 URLs.

http://decrypter.emsisoft.com/.../autolocky

Scan decrypt_111autolocky.exe - Powered by Reason Core Security