» getdataback-for-fat.exe
Overview
Analysis
File Details
Downloads (3)

getdataback-for-fat.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.

File name:

MD5:

bf9ee469c72c1686d4b6fddbc4d1d67d

SHA-1:

140fa0bebf228d7c1c6d908f4d552a6176a66924

SHA-256:

9e32ba21f1719eda761463ce8d8d3735a1ea4c993548b41954fc905068a0022a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 9:25:31 PM UTC (today)

File size:

2.5 MB (2,650,119 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\getdataback-for-fat.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

49152:FJFu8BpX/cHMN5JgCfisgfLAixmPylKQf2LLaFUPZpoosqtIy5x9tAdxRo1eIZI:Fnu8Pv+MrmCasgfLPtlVICaZpyexV1e5

Entry point:

50, 4B, 03, 04, 14, 00, 02, 00, 08, 00, 16, 4A, B7, 42, 41, 54, 30, 93, 93, 6F, 28, 00, 38, D5, 28, 00, 09, 00, 00, 00, 53, 65, 74, 75, 70, 2E, 65, 78, 65, EC, FB, 67, 54, 93, 4F, F8, F7, 8B, A6, 27, 24, 21, 09, BD, 13, 90, DE, 41, 90, 16, 90, D0, 7B, EF, 1D, A4, 2B, 02, 42, 42, F9, D1, 02, A1, 85, 88, 80, 0D, 15, 15, B0, 17, 54, 14, 15, 44, A4, 85, 2A, 2A, 45, A5, 08, 4A, 90, A8, 68, 40, 42, 11, A2, 94, 6C, FD, 3F, FB, D9, EB, 9C, FD, 66, AF, 75, 5E, 9C, 75, 5E, 9C, 79, 31, 73, 67, AE, CF, 5C, F7, 77, 26... 
[+]

The file getdataback-for-fat.exe has been seen being distributed by the following 3 URLs.

http://www.ranchsendgift.com/vHGOLgzbOI1G9VQQCc8b0TIiRaK6N6MzIZI2GziqcFhKRWik4qFHizbDgt4ktsKfm3KOi_nKC0dOayk_be79z4bjBfYf7JCUjTQ4d5gCj ptyI4DtgWqKBln6ikhJy3IZvKHZawrHdpkqf92cyatK7b9Sdjb5e0aQgAu7bDkPsdyt0pcbp1BZzxjDyaz5HZ1xXanK0E8TbthrCGQXgwF9JsiIZpv4A==-GyIAAMRtbD7vEEUcQTTrQgyZRBaNceCJGgsKt0w0lvuI C4=

http://www.storelab-rc.ru/.../gdb.zip

http://download.runtime.org/gdb.zip

Scan getdataback-for-fat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.