download_san_brocade_switches_simulator_downloader.exe

The executable download_san_brocade_switches_simulator_downloader.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from dll513.yfdownloader.net.
MD5:
b58dc9f04815a88e674e332f11252fe3

SHA-1:
42e0dc6ca4016001370ad8eb9fbc5e2ed2e3e2d5

SHA-256:
20c7cc8c2d952112c90c6a26c62d709c5d04bdda4c653c1f3a4d7f02b0b29757

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/14/2024 9:21:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.14.5

File size:
2.8 MB (2,926,482 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\download_san_brocade_switches_simulator_downloader.exe

File PE Metadata
Compilation timestamp:
1/24/2015 4:25:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:MkWv7lZ+m0s+trKWPdGfbtsx0RDRfclQQCkWp/wK0yR1:MkiQFGfbGx0/f/NkWtwVyj

Entry address:
0x4B3A1A

Entry point:
68, D8, E4, 29, 83, 60, 60, C7, 44, 24, 40, DD, 22, 21, C0, 9C, C7, 44, 24, 40, 80, 11, 20, 7F, 89, 24, 24, 9C, 8D, 64, 24, 44, E9, 96, 7D, 32, 00, 9C, 60, 8D, 4C, 49, 0A, 9C, 9C, 9C, 9C, 8D, 64, 24, 50, E9, 61, DB, F9, FF, BB, BE, 96, EF, 70, 2A, 5A, 5C, B9, A9, EC, 4A, E6, F5, EA, 62, F4, AF, A6, EB, 70, 1B, 42, 4C, 10, 6F, F2, B7, 9C, 01, 56, 4D, 08, 9E, B6, DE, 7C, 2A, E0, AC, D5, 77, 59, 71, 75, A1, E0, 2A, 30, 09, 00, 2F, E6, 23, 58, D6, 2A, E6, 8C, F9, 63, E9, 50, 64, AC, 87, A1, C7, CF, F9, 65, 1A...
 
[+]

Entropy:
7.9992  (probably packed)

Code size:
786 KB (804,864 bytes)

The file download_san_brocade_switches_simulator_downloader.exe has been seen being distributed by the following URL.