» jz_2005_1.10.16_080304.exe
Overview
Analysis
File Details
Downloads (9)

jz_2005_1.10.16_080304.exe

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from s10490.chomikuj.pl and multiple other hosts.

File name:

Description:

AGC - JZ 2005 Setup

Version:

1.10.16

MD5:

655d0390fbcf736062934bf6216988d3

SHA-1:

443a062ea40b55095c3179dc7c6a3136a73f2442

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 1:34:19 PM UTC (today)

File size:

2 MB (2,117,698 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\jz_2005_1.10.16_080304.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:i2KpxnTpnlxotFnGPhpdDdWNop0HhxJG1JJd1HD5ln:z0nllxg6dDdWq0HQ1Xj5ln

Entry address:

0x9A54

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 72, 96, FF, FF, E8, 79, A8, FF, FF, E8, A4, CA, FF, FF, E8, EB, CA, FF, FF, E8, 12, F3, FF, FF, E8, 79, F4, FF, FF, 33, C0, 55, 68, 02, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, CB, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 06, FA, FF, FF, 8D, 55, F0, 33, C0, E8, B0, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 23, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36.5 KB (37,376 bytes)

The file jz_2005_1.10.16_080304.exe has been seen being distributed by the following 9 URLs.

http://s10490.chomikuj.pl/File.aspx?e=hsz0Nc3C1-EW2I0x-LqlOAeMnekW1JK_BEVj_UzagWCjgbHaWiXTB2mFw8avrOQECSRZG7kruEa1Vcmup-BJzgZrqgsX5w5furoLjKnt-LVFhbcriG1113w8A7npqtC1RXlfDJkuM5Yg_DlkbhfKN96rRSAJM_k9mhJCogbIzNw&pv=2

http://www.pliki.drypa.pl/entry-acca7287972d8aba4b5d0fc29e83d41e.htm

https://docs.google.com/uc?authuser=0&id=0BwoYMRbJjXj1OGdkekRVcGI1T28&export=download

http://s10490.chomikuj.pl/File.aspx?e=hsz0Nc3C1-EW2I0x-LqlOFJg9noMTXv-cJwa0UVbUAUe6De15V5h8XuBWq7lYwE_-uVUr9ywalDWi5n5tbYKbcdKTmvI3ThArHm5CWhCPUjOD_q2R5qUIP_x80v28r6rRIB71-WbcPJlHS8rlSVrNI_C-icaomIUFeWQ1UjfjVo&pv=2

http://s6672.chomikuj.pl/File.aspx?e=hsz0Nc3C1-EW2I0x-LqlOFJg9noMTXv-cJwa0UVbUAXWGbyEb2dB7Jl5_bas7j7eKK8UGEeTC-Eg6G0r4o9ImSc_P6CEBWF_YEw-9a1sxhqH5fa2japog4CFqRCZ4T6OKxdKWSWIhCfYfChGO-xs69wrOQeB6P4mptfrfOWsgJo&pv=2

http://www.autogas-lpg.co.uk/.../JZ_2005_1.10.16_080304.exe

http://www.pliki.drypa.pl/entry-457c7c73f322515586f45a4a92d271fe.htm

http://www.agcentrum.pl/.../JZ_2005_1.10.16_080304.exe

http://en.agcentrum.pl/.../JZ_2005_1.10.16_080304.exe

Scan jz_2005_1.10.16_080304.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.