» gl-lokeer blue 2012-12-13-(c).exe
Overview
Analysis
File Details
Downloads (1)

gl-lokeer blue 2012-12-13-(c).exe

File name:

MD5:

7ece97d381435e86b27e97ea27f57512

SHA-1:

d0204e3a597c1dcd54fe04fe2d8df096d8132106

SHA-256:

b174a7bc0bdcf48fe5595910e50c31da7b8501a5c1854d54af2c0ecf82067251

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/15/2024 3:16:56 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.55.50

F-Prot

W32/Heuristic-KPP

v6.4.6.5.141

Trend Micro House Call

TROJ_GEN.RCBH1LO

7.2.177

File size:

486.3 KB (498,015 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\gl-lokeer blue 2012-12-13-(c).exe

File PE Metadata

Compilation timestamp:

12/13/2012 1:53:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.56

CTPH (ssdeep):

12288:lUdUREUyPN4p8NxtCi7iwfUHztxzxHVi2bQCkk4a8ok/ZcEin/3IWV9xac9hn:lUdUREUyPN4poqtxzlVU1/M

Entry address:

0x1220

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 01, 00, 00, 00, FF, 15, 90, F2, 44, 00, E8, C8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 90, F2, 44, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, D0, F2, 44, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, B8, F2, 44, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 5D, E9, 57, F0, 00, 00, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 28, 8B, 45, 10, 89, 04, 24, E8, EF, 41, 01... 
[+]

Entropy:

6.0574

Packer / compiler:

Dev-C++ 4.9.9.2

Code size:

260 KB (266,240 bytes)

The file gl-lokeer blue 2012-12-13-(c).exe has been seen being distributed by the following URL.

http://rs774p11.rapidshare.com/.../rsapi.cgi?sub=download&fileid=3718114887&filename=GL-LokeER BLUE 2012-12-13-(C).exe&directstart=1

Scan gl-lokeer blue 2012-12-13-(c).exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.