home

lhaca076.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dforest.watch.impress.co.jp and multiple other hosts.
MD5:
fd90b0bd9feb2e64999711790bcbd7bd

SHA-1:
eb1e185f27749ecde6137d87b8940e5601360300

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 10:42:33 AM UTC  (today)

File size:
116.4 KB (119,240 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\lo\デスクトップ\アプリ\lhaca076.exe

File PE Metadata
Compilation timestamp:
1/10/2000 5:12:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.2

CTPH (ssdeep):
3072:Y1f05kLiFKL9Pic6elZfbVGAEPQRS6pgGnNq/Mw7hRT:uiFyPic6elZfRGAUsNguq/MaT

Entry address:
0x1DD1

Entry point:
6A, 00, FF, 15, 68, D1, 40, 00, A3, 70, 4A, 40, 00, FF, 15, 40, D1, 40, 00, E8, CF, 02, 00, 00, 6A, 00, 68, 09, 1E, 40, 00, 6A, 00, 6A, 66, FF, 35, 70, 4A, 40, 00, FF, 15, 14, D2, 40, 00, 6A, 00, FF, 15, 64, D1, 40, 00, C3, 55, 8B, EC, 8B, 45, 0C, 53, 56, 2D, 10, 01, 00, 00, 57, 74, 61, 48, 75, 4D, 0F, B7, 45, 10, 48, 74, 3D, 48, 74, 47, 2D, E9, 03, 00, 00, 75, 3C, E8, 33, 05, 00, 00, 85, C0, 74, 33, BE, EA, 03, 00, 00, 68, A0, 4B, 40, 00, 56, E8, 9D, 00, 00, 00, 6A, 01, 56, FF, 75, 08, FF, 15, FC, D1, 40...
 
[+]

Entropy:
7.9166

Packer / compiler:
FASM v1.5x

Code size:
8 KB (8,192 bytes)

The file lhaca076.exe has been seen being distributed by the following 6 URLs.

http://dforest.watch.impress.co.jp/library/p/pluslhaca/.../Lhaca076.EXE

http://download.forest.impress.co.jp/pub/win/p/.../Lhaca076.EXE

http://ftp.vector.co.jp/43/40/.../Lhaca076.EXE

http://download.forest.impress.co.jp/pub/library/p/pluslhaca/.../Lhaca076.EXE

http://ftp.vector.co.jp/pack/win95/util/.../Lhaca076.EXE

http://park8.wakwak.com/~app/.../Lhaca076.EXE

Scan lhaca076.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.