» download_san_brocade_switches_simulator_downloader.exe
Overview
Analysis
File Details
Downloads (1)

download_san_brocade_switches_simulator_downloader.exe

The executable download_san_brocade_switches_simulator_downloader.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from dll513.yfdownloader.net.

File name:

MD5:

b58dc9f04815a88e674e332f11252fe3

SHA-1:

42e0dc6ca4016001370ad8eb9fbc5e2ed2e3e2d5

SHA-256:

20c7cc8c2d952112c90c6a26c62d709c5d04bdda4c653c1f3a4d7f02b0b29757

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/14/2024 9:21:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.3.14.5

File size:

2.8 MB (2,926,482 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\download_san_brocade_switches_simulator_downloader.exe

File PE Metadata

Compilation timestamp:

1/24/2015 4:25:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:MkWv7lZ+m0s+trKWPdGfbtsx0RDRfclQQCkWp/wK0yR1:MkiQFGfbGx0/f/NkWtwVyj

Entry address:

0x4B3A1A

Entry point:

68, D8, E4, 29, 83, 60, 60, C7, 44, 24, 40, DD, 22, 21, C0, 9C, C7, 44, 24, 40, 80, 11, 20, 7F, 89, 24, 24, 9C, 8D, 64, 24, 44, E9, 96, 7D, 32, 00, 9C, 60, 8D, 4C, 49, 0A, 9C, 9C, 9C, 9C, 8D, 64, 24, 50, E9, 61, DB, F9, FF, BB, BE, 96, EF, 70, 2A, 5A, 5C, B9, A9, EC, 4A, E6, F5, EA, 62, F4, AF, A6, EB, 70, 1B, 42, 4C, 10, 6F, F2, B7, 9C, 01, 56, 4D, 08, 9E, B6, DE, 7C, 2A, E0, AC, D5, 77, 59, 71, 75, A1, E0, 2A, 30, 09, 00, 2F, E6, 23, 58, D6, 2A, E6, 8C, F9, 63, E9, 50, 64, AC, 87, A1, C7, CF, F9, 65, 1A... 
[+]

Entropy:

7.9992 (probably packed)

Code size:

786 KB (804,864 bytes)

The file download_san_brocade_switches_simulator_downloader.exe has been seen being distributed by the following URL.

http://dll513.yfdownloader.net/j5GhWHXepVRn0OZMa9b6IXzTtiZ2pfI4Ya2pLHKtknhtpYgiTrGdNFTymSwX6cVRHeTFUAXRyk1FkZ8GXtUwQw7fMEN11nkaNIBjGjineOdzzzPzIGF/7T9nQvsjeESubCpG wtzQqZXMln7GUdZzB1oCNMaRVjPBUpY21RLLt5YWCHE3VMmzuhAP8a3cR/l/.../seZfxPzOJoP6i3yL7IwXyOzHSJbV2l pzdkSyI6zUpDI AY1if4JIMDwVyzTtDozhOZzKva8enT063ovqtgxJvrcYhrh0WJE7Yg6HOjJVU8=

Remove download_san_brocade_switches_simulator_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.