if36u5tsl5.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from frux0cheats.com.
MD5:
1f67b306eb97147cef314006ba39bda4

SHA-1:
f3a5740b887bb867b551c1977a777098902928e4

SHA-256:
3264c55d0bb49bc627a13f442d1ccd39d6e539858a18884b7c5ac034cadbac19

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/29/2024 11:19:37 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Packed.VMProtect.ABO trojan
8.0.319.0

File size:
5.1 MB (5,355,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\if36u5tsl5.exe

File PE Metadata
Compilation timestamp:
5/29/2016 12:16:01 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:Ov9PxCqs1UpEL+yoDd+GkebYEcLKmpDOQF0EkUSvBiuP3Z:WxC9qXdEekrmiOQWEkUSvEu

Entry address:
0x571F30

Entry point:
9C, E9, 41, 8A, 00, 00, 0F, 88, BA, 7D, CF, A1, 72, E6, E3, AC, 87, 02, 56, 2A, 01, 06, DD, 5E, A8, D8, 53, B0, F6, 6E, 50, 10, DB, 58, F3, 44, BA, BA, 24, 48, 76, 06, D8, A4, AF, ED, EB, DA, DD, E1, 12, B5, 6B, 19, E5, 6F, 99, D1, 67, 0A, 38, AE, 12, 01, AB, 6D, 06, 0D, 68, 72, 57, 07, 33, 1D, 06, 25, EE, B7, B4, 75, 9F, 3C, 12, 4F, 38, FF, 67, DB, A7, 3B, 68, 6B, DB, 8D, DC, 7F, BE, EC, 1F, F9, 69, 89, BA, 68, 06, 49, C2, 90, C1, AD, E2, EC, 98, 45, A4, AC, A7, C7, C2, C6, 9A, 65, BE, 6E, D5, 52, 80, B8...
 
[+]

Code size:
373.5 KB (382,464 bytes)

The file if36u5tsl5.exe has been seen being distributed by the following URL.

Scan if36u5tsl5.exe - Powered by Reason Core Security