heal+ran.exe

The executable heal+ran.exe, “Auto Heal RAN Online” has been detected as malware by 11 anti-virus scanners. The file has been seen being downloaded from download1733.mediafire.com and multiple other hosts.
Description:
Auto Heal RAN Online

Version:
1.0.0.0

MD5:
0fde40fe21eefc7c46e97ca079679dfc

SHA-1:
fd571b04e033fe890ca70cf8581f444f18d935af

SHA-256:
a05625f6ff8ea3ea3ec906ee2acb631ee47ca140272933c138208c7e866d9c4a

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/25/2024 4:17:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11260746
547

Arcabit
Trojan.Generic.DABD34A
1.0.0.425

avast!
Win32:Patched-ABX [Trj]
2014.9-150806

Bitdefender
Trojan.Generic.11260746
1.0.20.1090

Emsisoft Anti-Malware
Trojan.Generic.11260746
8.15.08.06.01

F-Secure
Trojan.Generic.11260746
11.2015-06-08_5

G Data
Trojan.Generic.11260746
15.8.25

IKARUS anti.virus
Win32.Patched.ABX
t3scan.1.9.5.0

McAfee
Artemis!0FDE40FE21EE
5600.6681

MicroWorld eScan
Trojan.Generic.11260746
16.0.0.654

nProtect
Trojan.Generic.11260746
15.07.01.01

File size:
558 KB (571,392 bytes)

Product version:
1.0.0.0

Copyright:
-Navi- @2008

File type:
Executable application (Win32 EXE)

Language:
Indonesian (Indonesia)

File PE Metadata
Compilation timestamp:
6/20/1992 8:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:O45/HEjEzFx8Eg/tJaHB8vcmWqDH0PbPdPnPz:OU/EKFKJ/tcBeaOUPbPdPnPz

Entry address:
0x5C474

Entry point:
55, 8B, EC, 83, C4, F0, B8, 5C, C2, 45, 00, E8, 70, 98, FA, FF, A1, BC, E0, 45, 00, 8B, 00, E8, 28, 84, FF, FF, 8B, 0D, B4, E0, 45, 00, A1, BC, E0, 45, 00, 8B, 00, 8B, 15, D0, BA, 45, 00, E8, 28, 84, FF, FF, A1, BC, E0, 45, 00, 8B, 00, E8, 9C, 84, FF, FF, E8, B3, 78, FA, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.8324

Developed / compiled with:
Microsoft Visual C++

Code size:
365.5 KB (374,272 bytes)

The file heal+ran.exe has been seen being distributed by the following 6 URLs.

http://download1733.mediafire.com/j27l18bq98tg/.../Heal Ran.exe

http://download30.mediafire.com/kbx7dqi2di8g/.../Heal Ran.exe

Remove heal+ran.exe - Powered by Reason Core Security