home

lab7.exe

MD5:
01f25d93ecc16951e86490b60ed3ad62

SHA-1:
8f53a031a6c766714d1a40f22e3609de5818e4c2

SHA-256:
e92098050a6022988620580dacfa896e8246492d3163e7a0aee3cca03089563e

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/14/2024 2:45:13 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader17.51661
9.0.1.0358

F-Prot
W32/Graftor.BR.gen
v6.4.7.1.166

NANO AntiVirus
Trojan.Win32.DownLoader12.doutmk
0.30.26.4437

Qihoo 360 Security
HEUR/QVM01.1.Malware.Gen
1.0.0.1077

File size:
980.4 KB (1,003,946 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\lab7.exe

File PE Metadata
Compilation timestamp:
10/14/2015 8:27:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
12288:x/PB0ojzpDDcgpMN6UHR1Vhkmxufudm9mIvklAifc8AccX4c6j/WNPPPzc4IVY3s:x/JjtDcNN6UHR7xufomZ3IvLF0h8

Entry address:
0x1280

Entry point:
83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 40, 53, 48, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 40, 53, 48, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 78, 53, 48, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 68, 53, 48, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, A1, 60, 32, 47, 00, 85, C0, 74, 41, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 40, 47, 00, E8, E9, 6C, 02, 00, BA, 00, 00, 00, 00...
 
[+]

Entropy:
6.0894

Code size:
456 KB (466,944 bytes)

The file lab7.exe has been seen being distributed by the following URL.

https://webfiles.txstate.edu/Handlers/.../lab7.exe

Scan lab7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.