home

lfs - smoke mod [new].exe

LFS - Smoke Mod

TryStatements

This is a setup program which is used to install the application. The file has been seen being downloaded from wix-dropbox.elasticbeanstalk.com.
Publisher:
TryStatements

Product:
LFS - Smoke Mod

Version:
1.0.0.0

MD5:
c160ee6dab9675a489ca6b1a403a3ead

SHA-1:
ef15d6bb2057e6de70fe85257cf0924b7bb9a714

SHA-256:
821cb49dd8ab060ff130248eec70af6f1c49bb505d375afebc210da1c0c54607

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 4:06:42 PM UTC  (today)

File size:
583.5 KB (597,504 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
LFS - Smoke Mod.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\lfs - smoke mod [new].exe

File PE Metadata
Compilation timestamp:
9/22/2015 5:13:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:1BWq4oOzKc5ES0G4IbPHJZ4G7q4D3gjqQi0BW:HwzNPHJL7VDw1i

Entry address:
0x7A7BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, 81, 00, 56, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, C0, 07, 00, 1C, 8C, 07, 00, 52, 53, 44, 53, 36, F4, 71, 67, F8, 3C, 9B, 41, 99, C7, 70, 86, B4, B3, D9, D2, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 42...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
482 KB (493,568 bytes)

The file lfs - smoke mod [new].exe has been seen being distributed by the following URL.

http://wix-dropbox.elasticbeanstalk.com/link-to-file?instance=qaR2pk639Yw_TCuYdr0mLekzB9OV05o2P54Tmapbe3M.eyJpbnN0YW5jZUlkIjoiMTNmMmJjZjgtOWU1ZS0zMzIxLWQ5MzAtZTIxOTQzNDU2MjFlIiwic2lnbkRhdGUiOiIyMDE1LTEwLTAxVDA3OjE3OjM4LjkwMVoiLCJ1aWQiOm51bGwsInBlcm1pc3Npb25zIjpudWxsLCJpcEFuZFBvcnQiOiIxMDMuNDcuMTM0LjIzLzYyNTIyIiwidmVuZG9yUHJvZHVjdElkIjpudWxsLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6ImI2NzYwMGQ1LWE4OWEtNDNhMy05ZTViLTBjMzkyODA2NzRiZiIsImJpVG9rZW4iOiJhZjQ4MzA1Zi00YjExLTdjZGQtNGQ1Zi1iODM3YzUzZTQ4NDIiLCJzaXRlT3duZXJJZCI6IjFmNzU0ZDEzLTFjNjctNGFlMS1hYTYxLTI1YjhjYmVmYzJhYyJ9&compId=iddqw5tq&path=/.../LFS - Smoke Mod [NEW].exe

Scan lfs - smoke mod [new].exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.