home

execurl2.exe

Digital Pine, LLC - ООО ”Диджитал Пайн”

The application execurl2.exe by Digital Pine, - ООО ”Диджитал Пайн” has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fastloadmedia.ru and multiple other hosts.
Publisher:
Digital Pine, LLC - ООО ”Диджитал Пайн”  (signed and verified)

MD5:
d5d56a076db821c9072ed6c7ed8b9eac

SHA-1:
4e14e5ece4023c81e722239d4cdde9ef93ea4a34

SHA-256:
3a4a43a6675a69ccae312d9e1248b98713a617c566193c87f808c4fde5a76bb7

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 3:26:56 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Fraudster.641
9.0.1.018

Reason Heuristics
PUP.DigitalPine.Meta (M)
15.7.24.22

Trend Micro House Call
TROJ_GEN.F47V1218
7.2.18

File size:
35.8 KB (36,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\execurl2.exe

Digital Signature
Signed by:
Digital Pine, LLC - ООО ”Диджитал Пайн”

Authority:
StartCom Ltd.

Valid from:
9/3/2013 7:15:05 AM

Valid to:
9/3/2015 11:03:30 PM

Subject:
E=admin@digitalpine.ru, CN="Digital Pine, LLC - ООО ”Диджитал Пайн”", O="Digital Pine, LLC - ООО ”Диджитал Пайн”", L=Moscow, S=Moscow City, C=RU, Description=a2b4fJBztjGiwcqe

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0AE6

File PE Metadata
Compilation timestamp:
11/25/2013 6:12:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
768:kqPJTnPay/ija+1I+5HaCiYVsJMNprHIe5izbmUWVVP5E1z:kqPJTmHaZYaJMzrom4aq9

Entry address:
0x70CC

Entry point:
55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, E8, 4E, 40, 00, E8, BC, D8, FF, FF, 33, C0, 55, 68, 6E, 72, 40, 00, 64, FF, 30, 64, 89, 20, E8, 75, DB, FF, FF, 85, C0, 0F, 8E, 50, 01, 00, 00, 68, 7C, 72, 40, 00, E8, 7F, D9, FF, FF, 8B, D8, 68, 94, 72, 40, 00, 53, E8, F6, D8, FF, FF, 8B, D8, 85, DB, 0F, 84, 2F, 01, 00, 00, 8D, 45, E8, E8, 6C, DC, FF, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, D7, DC, FF, FF, 8B, 55, EC, B8, 88, BB, 40, 00, E8, 52, CA, FF, FF, 6A, 00, 6A, 00, A1, 88...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
23.5 KB (24,064 bytes)

The file execurl2.exe has been seen being distributed by the following 3 URLs.

http://fastloadmedia.ru/upload/kr/f8/.../execurl2.exe

http://fastloadmedia.ru/upload/hw/UC/.../execurl2.exe

http://fastloadmedia.ru/upload/5i/RM/.../execurl2.exe

Remove execurl2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.