file_to_run.exe

The application file_to_run.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “pcregservice Service”. The file has been seen being downloaded from d18okb3pa33axu.cloudfront.net.
MD5:
0be26aec1226bdaf6a6928a366f1c3c5

SHA-1:
7caf68ae494211893d64a7134ad53786e9fdb07d

SHA-256:
3cf99a1510cd0668316f9b139c4a33531582aa74709589d0d13ace6f54ab4185

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:41:11 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Service.L
188163

Dr.Web
Adware.Plugin.110
9.0.1.0358

Reason Heuristics
PUP.Service
16.10.8.17

Trend Micro House Call
TROJ_GEN.F47V0924
7.2.358

File size:
24.5 KB (25,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wrapper_inst\file_to_run.exe

File PE Metadata
Compilation timestamp:
9/23/2013 6:12:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
768:IGdS1JrpeZnA8+2t0ALo4ooKQYQPbocyNGjLiEcEONug6:6peZ7Ox6

Entry address:
0x39F0

Entry point:
E8, 44, 05, 00, 00, E9, B3, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, 81, 40, 00, 89, 0D, B4, 81, 40, 00, 89, 15, B0, 81, 40, 00, 89, 1D, AC, 81, 40, 00, 89, 35, A8, 81, 40, 00, 89, 3D, A4, 81, 40, 00, 66, 8C, 15, D0, 81, 40, 00, 66, 8C, 0D, C4, 81, 40, 00, 66, 8C, 1D, A0, 81, 40, 00, 66, 8C, 05, 9C, 81, 40, 00, 66, 8C, 25, 98, 81, 40, 00, 66, 8C, 2D, 94, 81, 40, 00, 9C, 8F, 05, C8, 81, 40, 00, 8B, 45, 00, A3, BC, 81, 40, 00, 8B, 45, 04, A3, C0, 81, 40, 00, 8D, 45, 08, A3, CC, 81, 40...
 
[+]

Entropy:
5.8057

Code size:
12.5 KB (12,800 bytes)

Service
Display name:
pcregservice Service

Service name:
pcregservice

Type:
Win32OwnProcess


The file file_to_run.exe has been seen being distributed by the following URL.

Remove file_to_run.exe - Powered by Reason Core Security