home

file.exe

RecA

The application file.exe by RecA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from fs09n4.sendspace.com.
Publisher:
RecA  (signed and verified)

MD5:
593329f80cc25dd47e05a79e2880197c

SHA-1:
4eb244a0c96b413086e2e50622454631a17e54ad

SHA-256:
9785a6aa2c9c27b9be241edf3abb2129a6b337946cdd29c4a8604c71e3ab3b9e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:48:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RecA (M)
16.7.10.1

File size:
517.4 KB (529,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\file.exe

Digital Signature
Signed by:
RecA

Authority:
RecA

Valid from:
7/2/2016 9:12:39 PM

Valid to:
7/3/2026 9:12:39 PM

Subject:
E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Issuer:
E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Serial number:
008FE7E51E617A60CF

File PE Metadata
Compilation timestamp:
7/3/2016 2:46:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:+9QJi88EO4uMLoB630QslCwSKW1hDF0NpJSro9dYePcsNh/:+qQ8/oBOsXW1xF0XhCE

Entry address:
0x7ECAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8121

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
500 KB (512,000 bytes)

The file file.exe has been seen being distributed by the following URL.

https://fs09n4.sendspace.com/dl/41b725a199b0b3aac674f3ad8d3cd10d/57794eeb58968cb6/.../file.exe

Remove file.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.