home

iraqi_tattoo_downloader.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dw901.go-for-files.biz.
MD5:
ad75d81f3edc09d894ecbcba4ab58c10

SHA-1:
ae2f5f52ee42bb91a21f99f7784a0b3fdee1d044

SHA-256:
052ab4267fe06623a9ba773fa70b30024e87a1dd8277c76ae35409678981f2a9

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/14/2024 9:24:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
150828-0

AVG
Adware Generic_r.AFE
2015.0.4355

F-Prot
W32/AdLoad.BJ.gen
v6.4.7.1.166

Qihoo 360 Security
Win32/Trojan.97a
1.0.0.1015

File size:
429.1 KB (439,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\iraqi_tattoo_downloader.exe

File PE Metadata
Compilation timestamp:
11/20/2014 3:29:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:qdoGn7uTF4ZYpbfd9srv83OWwlmvshl+FMJOU+BXIMh:qdok74x7g837cmvs2+XOh

Entry address:
0x3F7D0A

Entry point:
60, 68, 2F, D3, F3, 5E, 88, 7C, 24, 0C, C7, 44, 24, 20, D2, B9, E9, 3B, 9C, C7, 44, 24, 20, 5E, D6, 5B, BD, 9C, 66, C7, 44, 24, 04, 02, EF, 8D, 64, 24, 24, E9, A7, 85, 35, 00, 00, 00, 53, 48, 47, 65, 74, 56, 61, 6C, 75, 65, 57, 00, 8D, 64, 24, 04, 0F, 84, EA, F3, 34, 00, 9C, 2C, 30, 83, C4, 04, 9C, 88, 14, 24, 3C, 09, 66, C7, 04, 24, B1, 15, E9, 41, 7B, FF, FF, F8, C6, 04, 24, 59, 34, 7C, A8, 47, 2C, 0E, 68, C0, DE, D2, 2A, F8, F5, 3A, 07, E8, 19, C9, 34, 00, F6, 20, FD, 8C, 51, 78, 09, 54, EF, 2C, 02, F0...
 
[+]

Code size:
782.5 KB (801,280 bytes)

The file iraqi_tattoo_downloader.exe has been seen being distributed by the following URL.

http://dw901.go-for-files.biz/j5GMRWPBoGRS1blLZdf3N32B5HMj9 l IPbteDy7lDF3qNhmEuDbbxfynT5YrJ8GXIOcAw/.../z5hfOspZkTncG9K kRkTeg5d0LqBGxD2lNUZ4EARVjHKUdRxhlDHt0REXeR9lQ65O9EcIe5FmDwvxJt8bxyaf2wMTyQ8ikSu6MpUraXaFrtwjVVvshqQoeXbRTf01Ed3IJcH9iIXrmQ2krwlv8zwd2qE7CapF7yYrpBuDb08OtksvH e4XhxS7tqtEqgA==

Scan iraqi_tattoo_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.