explorer.exe

cu

This is a setup program which is used to install the application. The file has been seen being downloaded from fs13n1.sendspace.com.
Product:
cu

Version:
1.0.0.0

MD5:
3716a6ebf9dba30c1b66d0e0686b3b01

SHA-1:
03f0f3e2e9bb0c30d8b0ca381eca6d3d0fde562e

SHA-256:
b9be4ee8cc2ad37a1e15fba0b7900f8a8a8a9d760a1d22ef021fb0078422a87f

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/8/2024 9:06:49 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Kryptik.GFL trojan
8.0.319.0

File size:
19.5 KB (19,968 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
cu.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\deivison\explorer.exe

File PE Metadata
Compilation timestamp:
5/30/2016 8:56:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:mFx/Nt61UPTexN3c2BwM4hKNjb+LTwfUExm3KVLZ+l:qFt61UPTe/DwAN3cExmam

Entry address:
0x503E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
12.5 KB (12,800 bytes)

Windows Firewall Allowed Program
Name:
explorer.exe


The file explorer.exe has been seen being distributed by the following URL.

Scan explorer.exe - Powered by Reason Core Security