geemod_0.9.12_f.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from wot.modhoster.de.
MD5:
ffbdc7c2e7f2f49871fef490bbd08871

SHA-1:
4aea1803b9963fd3b6c48ff73fbcfbf5ba244c07

SHA-256:
20028ca32480e7971fd26fd9f30cce1d58027366706a4169de0e3844875451e1

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/29/2024 3:52:44 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16305

Zillya! Antivirus
Trojan.Inject.Win32.169063
2.0.0.2701

File size:
70.4 MB (73,847,019 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\geemod_0.9.12_f.exe

File PE Metadata
Compilation timestamp:
1/24/2015 8:14:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
1572864:CqfSEBSsrAC9UjE8qeEvseOulaVERUW3itI8eHFL/ktgmbKl:CvEzrFUjEfeEUeOuljUva8eHB/kumbKl

Entry address:
0x1000

Entry point:
68, 18, 02, 00, 00, 68, 00, 00, 00, 00, 68, 10, AE, 46, 00, E8, 10, 91, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 0F, 91, 00, 00, A3, 14, AE, 46, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, FC, 90, 00, 00, A3, 10, AE, 46, 00, B8, 40, A7, 43, 00, A3, 28, AE, 46, 00, E8, 42, 86, 02, 00, E8, 70, 68, 02, 00, E8, B7, 64, 02, 00, E8, 0E, 63, 02, 00, E8, DB, 61, 02, 00, E8, C2, 58, 02, 00, E8, BB, 4A, 02, 00, E8, F6, 46, 02, 00, E8, D3, 2F, 02, 00, E8, D7, E9, 01, 00, E8, 39, B7, 01, 00...
 
[+]

Packer / compiler:
PKLITE32, 0x1.1

Code size:
194.5 KB (199,168 bytes)

The file geemod_0.9.12_f.exe has been seen being distributed by the following URL.

Scan geemod_0.9.12_f.exe - Powered by Reason Core Security