» ess_trial_rus.exe
Overview
Analysis
File Details
Downloads (11)

ess_trial_rus.exe

ESS Distribution LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from mirror2.esetnod32.ru and multiple other hosts.

File name:

ess_trial_rus.exe

Publisher:

ESS Distribution LLC (signed and verified)

MD5:

94bb0d6165b0697d37d0677358a19ff1

SHA-1:

96552d20d8a7781f7762c94916ec7151f9421057

SHA-256:

73c34e120247857614adc4adc489249fa8fecb5d2a1452e1abf77e2da2fedada

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 8:43:28 AM UTC (today)

File size:

12.5 MB (13,089,200 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ess_trial_rus.exe

Digital Signature

Signed by:

ESS Distribution LLC

Authority:

Symantec Corporation

Valid from:

7/19/2016 3:00:00 AM

Valid to:

9/17/2017 2:59:59 AM

Subject:

CN="""ESS Distribution"" LLC", O="""ESS Distribution"" LLC", L=Moscow, S=Moscow, C=RU

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

703B94BC275C976CE5275C13D7F17966

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.24

CTPH (ssdeep):

196608:rfZhExCX98lGFEEp7joZtqDf0ogXlxSlp8SxDDtXTJTYaXQCJHH+dns+/cZnIk7:rkxZlGF3LcXlUPVVlc+QeHH+ebZnIk7

Entry address:

0x14C0

Entry point:

83, EC, 0C, C7, 05, 5C, 00, 50, 00, 01, 00, 00, 00, E8, 5E, DA, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 5C, 00, 50, 00, 00, 00, 00, 00, E8, 3E, DA, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 38, 1C, 50, 00, C7, 04, 24, 00, C0, 41, 00, FF, D3, 89, C6, 83, EC, 04, B8, A0, F9, 40, 00, 85, F6, 74, 29, C7, 04, 24, 00, C0, 41, 00, FF, 15, 58, 1C, 50, 00, 83, EC, 04, A3, F0, 03, 50, 00, C7, 44, 24, 04, 13, C0... 
[+]

Code size:

102 KB (104,448 bytes)

The file ess_trial_rus.exe has been seen being distributed by the following 11 URLs.

https://mirror2.esetnod32.ru/home/trial/.../ess_trial32_rus.exe

https://download.esetnod32.ru/home/trial/.../ess_trial64_rus.exe

https://mirror3.esetnod32.ru/home/trial/.../ess_trial_rus.exe

http://download.esetnod32.ru/home/trial/.../ess_trial64_rus.exe

https://mirror2.esetnod32.ru/home/trial/.../ess_trial64_rus.exe

http://download.esetnod32.ru/home/trial/.../ess_trial32_rus.exe

https://download.esetnod32.ru/home/trial/.../ess_trial_rus.exe

https://mirror1.esetnod32.ru/home/trial/.../ess_trial_rus.exe

https://download.esetnod32.ru/home/trial/.../ess_trial_rus.exe

https://download.esetnod32.ru/home/trial/.../ess_trial32_rus.exe

Scan ess_trial_rus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.