home

greenchristmastree.exe

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Green Christmas Tree’. The file has been seen being downloaded from mega.nz and multiple other hosts.
MD5:
fa5736226d0ab879975d4d1a84eb9e12

SHA-1:
69ea6fb0bf6a3181bc9122456058b6840012a9f1

SHA-256:
05de2d8d50facd5b686a680c7445f9218726cc1e61a74ceb625fd469acc525b3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 2:34:48 PM UTC  (today)

File size:
1.1 MB (1,170,432 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:55r7mNJG//19XnGJXQaXlubv9bNVyvg3EfzGr:v2OnLWQiu9bNVyIuz

Entry address:
0x7A794

Entry point:
55, 8B, EC, 83, C4, F0, B8, 1C, A5, 47, 00, E8, 64, B7, F8, FF, A1, 30, E2, 47, 00, 8B, 00, E8, 38, 71, FD, FF, 8B, 0D, 38, E1, 47, 00, A1, 30, E2, 47, 00, 8B, 00, 8B, 15, C8, 8D, 47, 00, E8, 38, 71, FD, FF, A1, 30, E2, 47, 00, 8B, 00, E8, AC, 71, FD, FF, E8, F7, 97, F8, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 8D, 40, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
486 KB (497,664 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Green Christmas Tree

Command:
C:\downloads\elochki\greenchristmastree.exe


The file greenchristmastree.exe has been seen being distributed by the following 5 URLs.

https://mega.nz/temporary/.../eBYn2ALL

http://poczta.onet.pl/download.html?kid=30066959

https://downloader.disk.yandex.ru/disk/9ef7b935722bd168bb513ef61500b305a900b2463d9c4c87ba9899b182b543c7/56846fbd/.../x-msdownload&fsize=1170432&hid=50a952eb05e5a69517b4e0de6fd2d020&media_type=executable&tknv=v2

http://www.jobrab.com/.../??????.exe

https://cloclo18.datacloudmail.ru/weblink/get/.../?????? GreenChristmasTree_01_0.exe

Scan greenchristmastree.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.