geany-1.24_setup.exe

Geany

The executable geany-1.24_setup.exe has been detected as malware by 2 anti-virus scanners. The file has been seen being downloaded from download.geany.org.
Product:
Geany

Description:
Geany Installer

Version:
1.24

MD5:
4ad0fc560550b1e68e5a03cec67769f7

SHA-1:
a179e0084b596d7cff5a47a3fd6efc5d04e39d71

SHA-256:
dcaf0d2f50691aec759174968321f056bafbc231b9df7891ddc82de5d0491b33

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/25/2024 4:10:05 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160327-1

ESET NOD32
Win32/Kryptik.AXWG trojan
8.0.319.0

File size:
58.5 KB (59,923 bytes)

Product version:
1.24

Copyright:
Copyright 2005-2014 by the Geany developer team

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\geany-1.24_setup.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:a1cVhpQI2EQK0G3PDh84nScF15GYbWjXO3XJijXPxBMMMMMMMMjM3MMMMMtyuKMx:YQpQ5EP0G3jnRTXJixi9Nt2

Entry address:
0x323C

Entry point:
B7, 2B, F2, 84, ED, 48, 69, F1, 9B, FE, 76, 82, 85, FB, 0F, B7, C7, 10, F5, 8A, E5, 38, FB, 4B, 3D, A9, 30, 7B, 90, 1C, 6B, F7, C6, DE, 18, 51, 98, E8, 00, 00, 00, 00, 5F, F3, 74, 03, F6, C1, 8F, 0F, AF, CF, B6, 6D, 8B, CD, 0F, B7, C7, 2B, ED, 69, DE, E6, 55, EB, 90, 1D, 42, B0, DE, DC, EB, 03, C6, C7, 8F, 02, F0, 31, C9, 25, A6, 4D, 79, 61, 6B, DB, 00, 84, C5, 0F, BF, D2, 81, EB, 11, 03, 00, 00, 86, E4, 87, D6, 4E, 81, C3, 0E, 01, 00, 00, 8B, D2, 85, EE, 80, DD, 13, 0F, C1, DD, 86, D5, 87, CA, 81, C5, 04...
 
[+]

Entropy:
5.6706

Code size:
23 KB (23,552 bytes)

The file geany-1.24_setup.exe has been seen being distributed by the following URL.

Remove geany-1.24_setup.exe - Powered by Reason Core Security