» ekey1017.exe
Overview
Analysis
File Details
Downloads (2)

ekey1017.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.emega.com.tw and multiple other hosts.

File name:

ekey1017.exe

MD5:

ea9ee6c54106e0b596d1f6fe19a2652c

SHA-1:

9063e2e81cd6617d94ee62d31fc2c2c6a6d858f1

SHA-256:

aa61bb6712606994dd89daa3a53f1b67a020e602af40536fbeff857a93b2cdbe

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/15/2024 4:31:03 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Suspicious

7.1.1

Bkav FE

HW32.CDB

1.3.0.4923

File size:

414.2 KB (424,162 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ekey1017.exe

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:StI3EHl2NOqIqrwmHB8ZYoQ0YybVZ+vqo/Pblzi:V6gOqITG8ZnQ0YO4zhi

Entry address:

0x34046

Entry point:

B8, 00, 40, 43, 00, 68, 88, 87, 42, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 8B, D8, 03, 00, 68, F4, 1D, 01, 00, 6A, 00, FF, 50, 1C, 89, 43, 08, 68, 00, 00, 40, 00, 8B, 3C, 24, 8B, 33, 66, 81, C7, 80, 07, 8D, 74, 1E, 08, 89, 3B, 53, 8B, 5E, 10, 56, 6A, 02, 68, 80, 08, 00, 00, 57, 6A, 2B, 6A, 09, 56, 6A, 04, 68, 80, 08, 00, 00, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 5C, 81, C6, 80, 01, 00, 00, F3, A5, FF, D3, 58, 8D, 90, C0, 01, 00, 00, 8B, 0A, 83, C2, 14, 8B... 
[+]

Entropy:

7.9913

Packer / compiler:

PEtite v2.2

Code size:

161.4 KB (165,298 bytes)

The file ekey1017.exe has been seen being distributed by the following 2 URLs.

https://www.emega.com.tw/.../ekey1017.exe

http://www.emega.com.tw/.../ekey1017.exe

Scan ekey1017.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.