home

hasan-shamaei-zadeh-khoda-hafez-dasteto-bezar-too-dastam.exe

ALEKSEY STOLBIHIN

The executable hasan-shamaei-zadeh-khoda-hafez-dasteto-bezar-too-dastam.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
ALEKSEY STOLBIHIN  (signed and verified)

MD5:
c32513cdb4ef7d74acb7a7d1ba523a68

SHA-1:
6c82e1028fa65a204b0346237b46456ec4e07979

SHA-256:
c1da7586cd2f0d12bb5d3f5c21eeaf3b2df43b02953e1f487d0403b4920b224a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 2:33:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.8.8.5

File size:
206.7 KB (211,656 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\temp\hasan-shamaei-zadeh-khoda-hafez-dasteto-bezar-too-dastam.exe

Digital Signature
Signed by:
ALEKSEY STOLBIHIN

Authority:
Unizeto Technologies S.A.

Valid from:
7/8/2014 11:55:31 AM

Valid to:
7/8/2015 11:55:31 AM

Subject:
E=astolbihin@bk.ru, CN=ALEKSEY STOLBIHIN, O=ALEKSEY STOLBIHIN, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
48D391796E8509062C5D377A8BAF93DB

File PE Metadata
Compilation timestamp:
5/6/2012 4:31:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:24EpNF5pEwShO/QaY+584myQ8jNhPRl7lE:vELTpDz8dC7lE

Entry address:
0x702E

Entry point:
E8, 0D, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, 1C, 41, 00, E8, 1C, 17, 00, 00, E8, DA, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, A0, 11, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D3, 06, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.7505

Code size:
48.5 KB (49,664 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.