download windows xp sp3 32 or 64 bit activator and wat remover.exe

The executable download windows xp sp3 32 or 64 bit activator and wat remover.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from b.datacardbar.info.
MD5:
b3bb387ad205cf6972d7434cb0efe41e

SHA-1:
a34f3b1d6261bdf11042732b16da3094495d6cee

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/23/2024 10:30:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.17.13

File size:
450 KB (460,800 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\download windows xp sp3 32 or 64 bit activator and wat remover.exe

File PE Metadata
Compilation timestamp:
4/9/2012 10:09:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:qQQaRMSsxlxGNsphOzeAdTKn9fpjZl1rEVzvDRaRetAW0O6YgAxQV9S74KSTuIFV:h7MT/LweA9mrNbIVvLD3N8U

Entry address:
0x408DB

Entry point:
E8, E6, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, B2, 44, 00, E8, EF, 17, 00, 00, E8, B3, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, 79, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 28, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3819

Code size:
278.5 KB (285,184 bytes)

The file download windows xp sp3 32 or 64 bit activator and wat remover.exe has been seen being distributed by the following URL.