» ew2009kg.exe
Overview
Analysis
File Details
Programs (1)
Downloads (8)

ew2009kg.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download.wetransfer.com and multiple other hosts.

File name:

ew2009kg.exe

MD5:

b6f6780b5d67c4182e692976e861d447

SHA-1:

cfa8d3bcfb808a7b5e07ca9b3e063c2dbd6d5976

SHA-256:

630dae689e2fa2ba8e1b6ab833c01b1b499f2ec17c90a99cb82dd3dbefe97c47

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/15/2024 11:37:26 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

File size:

6.5 KB (6,656 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

9/28/2009 4:47:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

96:diXOp2O9vwyIEtSCU4uu7OluJB0sVnNUULMxUJY6:diXO7CF19uQuJasVN2B6

Entry address:

0x126A

Entry point:

6A, 00, E8, 5D, 04, 00, 00, A3, 00, 32, 40, 00, 6A, 00, 68, 90, 12, 40, 00, 6A, 00, 68, E8, 03, 00, 00, 50, E8, 68, 04, 00, 00, 50, E8, 38, 04, 00, 00, 55, 8B, EC, 8B, 45, 0C, 3D, 10, 01, 00, 00, 75, 64, E8, 32, 04, 00, 00, A3, 43, 3C, 40, 00, 68, 9A, 02, 00, 00, FF, 35, 00, 32, 40, 00, E8, 59, 04, 00, 00, 50, 6A, 00, 68, 80, 00, 00, 00, FF, 75, 08, E8, 4F, 04, 00, 00, 68, 00, 30, 40, 00, FF, 75, 08, E8, 4E, 04, 00, 00, 6A, 00, 68, EC, 03, 00, 00, 68, 11, 01, 00, 00, FF, 75, 08, E8, 2E, 04, 00, 00, 6A, 00... 
[+]

Packer / compiler:

TASM / MASM

Code size:

2 KB (2,048 bytes)

The file ew2009kg.exe has been discovered within the following programs.

EasyWorship 2009 by Softouch Development, Inc.

www.easyworship.com

About 9% of users remove it

The file ew2009kg.exe has been seen being distributed by the following 8 URLs.

https://download.wetransfer.com/us2/.../EWS 2009 & CRACK_2009_Kgn.exe

https://www.dropbox.com/pri/get/.../EW2009KG.exe

http://bmail.uol.com.br/attachment?msg_id=NDc2Mw&ctype=EW2009KG.exe&disposition=attachment&content_id=<56ba70958eed6_78eb15d48a1ef3ec29326@a4-winter18.mail>&folder=INBOX&attsize=9172

temp:EW2009KG.exe

https://doc-04-3s-docs.googleusercontent.com/docs/securesc/qtdqsfht703gm1tg0sglt5gmcs7947n7/qrhjobs4nu3h835gmog59i9ojrg0b13h/1480644000000/12311369823204729820/.../0B59Nq_4J3aKsRFJSSnEtUlFJWG8?e=download

http://dc467.4shared.com/download/.../EW2009KG.exe

about:internet

http://dc498.4shared.com/download/.../EW2009KG.exe

Scan ew2009kg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.