home

H1Z1.exe

H1Z1

Skidrow

This is a setup program which is used to install the application. The file has been seen being downloaded from dl.dropboxusercontent.com and multiple other hosts.
Publisher:
Skidrow

Product:
H1Z1

Version:
1.0.0.0

MD5:
5ee53475ba2888f1c738fb0db220e1dc

SHA-1:
e843ceb38dccadf0d0471f94716f28b25cd90072

SHA-256:
ded0a5999fb035d70b01a2c0e7f8e6117ad5b6595ee416c5f298892c9b35b767

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 1:46:29 PM UTC  (today)

File size:
4.8 MB (5,079,040 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Acer 2015

Original file name:
H1Z1.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\h1z1.exe

File PE Metadata
Compilation timestamp:
9/13/2015 8:23:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:7wJrPeoFu2sJyiFmJq6vYdhjeBAGYTck5EvNXTo4ghh787L89I2Yghh787L89I2j:6rPeosP/FkqxiBNzz5ToZG389ZG389aq

Entry address:
0x4B95AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 37, BF, F5, 55, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, A0, 4B, 00, 1C, 7A, 4B, 00, 52, 53, 44, 53, EE, CF, E1, 0C, 80, C1, 6E, 43, 9F, 6A, 62, 55, 61, 92...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.7 MB (4,945,408 bytes)

The file H1Z1.exe has been seen being distributed by the following 5 URLs.

https://dl.dropboxusercontent.com/content_link/.../file?dl=1

http://s6859.chomikuj.pl/File.aspx?e=1g0GtKWQ47XFFyKxTy1lLE1MQ-Gd5mCOi7Qhxh3fVY9VIL6oKySlbe3O7UY29-QRGg6HqNqPbDreaJ-O9MZ4f819p6i0_yNKtvaLpwKcwlrJCu0qxjdPYSMOE5G7gWHZpWLEZUHVSZ12PIjpEZnGqw&pv=2

https://dl.dropboxusercontent.com/content_link/.../file?dl=1

https://dl.dropboxusercontent.com/content_link/.../file?dl=1

http://pcgramypc.pl/h1z1

Scan H1Z1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.