» file_to_run.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

file_to_run.exe

The application file_to_run.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “pcregservice Service”. The file has been seen being downloaded from d18okb3pa33axu.cloudfront.net.

File name:

file_to_run.exe

MD5:

0be26aec1226bdaf6a6928a366f1c3c5

SHA-1:

7caf68ae494211893d64a7134ad53786e9fdb07d

SHA-256:

3cf99a1510cd0668316f9b139c4a33531582aa74709589d0d13ace6f54ab4185

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 1:09:16 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Service.L

188163

Dr.Web

Adware.Plugin.110

9.0.1.0358

Reason Heuristics

PUP.Service

16.10.8.17

Trend Micro House Call

TROJ_GEN.F47V0924

7.2.358

File size:

24.5 KB (25,088 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\wrapper_inst\file_to_run.exe

File PE Metadata

Compilation timestamp:

9/23/2013 6:12:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

768:IGdS1JrpeZnA8+2t0ALo4ooKQYQPbocyNGjLiEcEONug6:6peZ7Ox6

Entry address:

0x39F0

Entry point:

E8, 44, 05, 00, 00, E9, B3, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, 81, 40, 00, 89, 0D, B4, 81, 40, 00, 89, 15, B0, 81, 40, 00, 89, 1D, AC, 81, 40, 00, 89, 35, A8, 81, 40, 00, 89, 3D, A4, 81, 40, 00, 66, 8C, 15, D0, 81, 40, 00, 66, 8C, 0D, C4, 81, 40, 00, 66, 8C, 1D, A0, 81, 40, 00, 66, 8C, 05, 9C, 81, 40, 00, 66, 8C, 25, 98, 81, 40, 00, 66, 8C, 2D, 94, 81, 40, 00, 9C, 8F, 05, C8, 81, 40, 00, 8B, 45, 00, A3, BC, 81, 40, 00, 8B, 45, 04, A3, C0, 81, 40, 00, 8D, 45, 08, A3, CC, 81, 40... 
[+]

Entropy:

5.8057

Code size:

12.5 KB (12,800 bytes)

Service

Display name:

pcregservice Service

Service name:

pcregservice

Type:

Win32OwnProcess

The file file_to_run.exe has been seen being distributed by the following URL.

http://d18okb3pa33axu.cloudfront.net/.../pcreg.exe

Remove file_to_run.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.