home

hsbc bank confirmation copy.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from u2746078.ct.sendgrid.net.
MD5:
34b81168d7c5e8daa40ee9717b11520d

SHA-1:
07677fe4ee748e6677d7d7777cfccc35c5124be4

SHA-256:
61245702704480e395e63d9d8b1ca3f43643748943e5929ab742a89c9b1d33dd

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 8:38:03 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Backdoor:W32/Netwrcddns.07677fe4ee!Online
5.15.96

Kaspersky
Backdoor.MSIL.NanoBot
15.0.0.562

File size:
256 KB (262,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hsbc bank confirmation copy.exe

File PE Metadata
Compilation timestamp:
5/5/2016 2:56:02 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:eD3tLurNUvOeK9Ud+pEpVbJYrSXiUaooFlS9:erQujK9GlztiU/d

Entry address:
0x2B62

Entry point:
FF, 25, C8, 30, 40, 00, 03, 30, 01, 00, 07, 00, 00, 00, 00, 00, 00, 00, 16, 80, 0C, 00, 00, 04, 2A, CC, 03, 30, 01, 00, 07, 00, 00, 00, 00, 00, 00, 00, 16, 80, 02, 00, 00, 04, 2A, CC, 03, 30, 01, 00, 07, 00, 00, 00, 00, 00, 00, 00, 16, 80, 07, 00, 00, 04, 2A, CC, 03, 30, 01, 00, 07, 00, 00, 00, 00, 00, 00, 00, 16, 80, 0F, 00, 00, 04, 2A, CC, 03, 30, 01, 00, 07, 00, 00, 00, 00, 00, 00, 00, 16, 80, 0A, 00, 00, 04, 2A, CC, 03, 30, 01, 00, 07, 00, 00, 00, 00, 00, 00, 00, 16, 80, 12, 00, 00, 04, 2A, CC, 03, 30...
 
[+]

Entropy:
7.8855  (probably packed)

Code size:
7 KB (7,168 bytes)

The file hsbc bank confirmation copy.exe has been seen being distributed by the following URL.

https://u2746078.ct.sendgrid.net/.../click?upn=Vl0ULTkbLR0qWdfrVX6LhMwbTo-2BNZWTiJZ-2FuyL7JlhoQSqHeSwamGKfmTv1e4Z588PPjaIzuR5Tcp4944BRA-2B47Etmjxqw6EkV5i00mtggk-3D_lK9AKePbleWybjw27PpYombhmn-2FWxpi0-2FawCFZyKUsYLvY-2BdpqdLOgQJ0wbtRWnCE2jxCi45mD-2FUx2z4KxiYlULcqZK6DWS9Z0x-2Bxx4OxQMujVm252IEuzHJBtgS0NMCzqJQWDz4kZn0kULYp8S-2Biqn9Ti-2Fz6XKoB7daButW6t-2Fq3ZljcXWg6devPspaVavo0vWjNkYdOUwMgBFvcUHFiQwUaej9IO-2BBTYyPWzUZ1-2Fs-3D

Scan hsbc bank confirmation copy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.