» lhaz240.exe
Overview
Analysis
File Details
Downloads (14)

lhaz240.exe

Lhaz

ちとらsoft

This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

lhaz240.exe

Publisher:

ちとらsoft

Product:

Lhaz

Description:

lhaz240.exe

Version:

2, 4, 0, 0

MD5:

b395cd81b8e2d2f3094ba5ff0e42483c

SHA-1:

91d7621846cb5a43a5f3cc83907bdccb1d804a51

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 2:32:08 PM UTC (today)

File size:

970.8 KB (994,055 bytes)

Product version:

2, 4, 0, 0

Original file name:

lhaz240.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\documents and settings\aqua\デスクトップ\instalsoft\lhaz240.exe

File PE Metadata

Compilation timestamp:

8/31/2013 11:12:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:vOWW4GjHackQ7g+qXnfaPBmDJ5VqbxY6mMRKgqIyE2:vOWijmQ7l2fCBM/VUxY6mMcgXyE2

Entry address:

0x17980

Entry point:

60, BE, 00, 20, 41, 00, 8D, BE, 00, F0, FE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Entropy:

7.9880

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

24 KB (24,576 bytes)

The file lhaz240.exe has been seen being distributed by the following 14 URLs.

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1459392838&Signature=WQNNYbHXjC82qvRtbo7gGxZ1nbbFgQU~3uUuY49~leZgp2JnH2G1cG6A5SyA9bkvfCVDrc9cl8vFC1sPoE-5A69HLLhvpc4TcAWCatgKm-YCcSx3qQN-O~OxEVszCDnhv7m550eSCsxouPGar9a4hXKkorXAlLTtTaU74d0I6bI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1482624276&Signature=XwN~h1jfK9WFV0MmxJVAu6Q7ybaAW6VU3X-YxPSWqsrc5WokJQ86R-b4fYEBneSEMGBu8QkjwfjJhysP6uBDQdI4EMvnNpL~aaiz0wGk8q1jlyjjOBwEVPn8flRPfy98QkKHcFbNjHWtPcQom3fhe0~292mWJT3r9pc7YS1Vj24_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1477254132&Signature=hQg52DC6vsMLTkeVEWMXmtcxKs9g70~RgvZwgq60xJ0GuVBnjeQKQEJH6c3n062fFNIpD3g-OziELgj2UJWGm4i8p73PP2lmCv7n5Oyq9duo-~T5cuvIoQTRyuq7Gl40BSRDBq8QrNtqDzYL4Z-cFPHmtPRHhY77TtVNeuY7wes_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1480224161&Signature=eVUvN7C4MmI6O8Eq6m6d09He5gZ~MmK~aYlUUbDsJxYizuFs2arrxNdkS7zo~O0zQ2tvqjZhIMRZ2JlyN80Ms1now~ansVy8vZp7NIqhppPRTCMvHlG2inbc8AbBgaFSWcd2NXrTHe9gddllOLdxBTyxJyF5AqHQm9sTa4VsaLU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1481932026&Signature=EQEGZh6~qWpUkz6RtKm5lOmcKj5an6TWEet-RL8DijRxIggU0y-I246g2qScaVojSSX01P-bqW6v8nJbgNMITf7Xe2UXhcqDfohAl58W4Pg8SGeNe39chzW8NgDlWLEH1yK6ez0qwrn~raRt7o3gKskKeeA0Md0X-N2qLmjciUg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1472380090&Signature=GG7jIqLptlA1HDJYe0Ca7r8kOEIwd6LuTiC~y7LyzcwMYLXGWtAnjfZ9k5P~Oq6~DxbWmU2GNr4fMBvf3Bp71dJ2eArB2VhPejsDC9B8rnj4z-gMJPB-Y-ue0iZFghRSA122xxFy9qr-4nPyBWk2ILOACppyutpwfl4MSqG4Xdo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

https://docs.google.com/uc?authuser=0&id=0B9lIUVILRCwvajY3MHZqdjZ2cms&export=download

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1478013839&Signature=dFmkca7x1NWRPWDvoyXbkBPejuY3-8eM9ZLu0Eb9oI~OK~TAqlXbkYPTv56RqYtJ-EXUaetDhuWcLuofSxDs4LylYG2~U9ekx9cEgDH3OZ6RkVvkz4Nm~PjKxfQD9ZlWlOCxOWJ8T2r1Zib-V9CYWyyLCxrccvIKDpdPn1AcDv0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1472355660&Signature=CQ0UdRPdzy8IzmEdWsc-4vpGOx2aXcefSbdgK716TCs~xQ3VDiBVSaDQIHWM86AeRTd0ta4NANzkzUNCexlv2TdfuH-3c6Pt5jDA2JncuYJ3siOd2Q4v-QBAqrBs7DBETL18yLcPF5Sh17YTLI~aHthAChufBLt6rhHfSGJOgyA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1447659377&Signature=X4zdn35QMNQQ5smjIoFDdRQkVIlFLJGoOQcdVBD5ihfDLoEfrmv0EfHXgO~9e0iGcm5QrXRVDjsJItynwHm6uckLQzCWWuDkQoaMdFsIGRJZBkHOuaQSMDydptJfTW0ZIEVi-qlienIde5xalYEfSJHGVMa2~D00VxLIoq8foxA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1457290086&Signature=W3GC1V313xa3GID4JOSPHk~rq4fsETvLXBHgE2r7Kz8OC4B6pQsRufXoZjvHSnLIKa6d26~K-JZnVNv1uJ9OelV0xEakak-lCSmQkfz-o5RRHFKTDdZOS7aaXbEGxCCG9sdHYjF4ydYZ4M34a-seNBK~giGI36JKeFowa0viPvg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

http://gsf-cf.softonic.com/91d/762/.../file?SD_used=0&channel=WEB&fdh=no&id_file=245518&instance=softonic_jp&type=PROGRAM&Expires=1443301643&Signature=cKFQEvpUtvRYvYuwpdM6e7AwKd5YBzrDCvqhxoE1BC29sRNZ3eINRfvHt2A5aMA6l2OcbY2rUU-PyAJIzrGK9WOKej3K2sNX4zqpbZDczLX0y8um0ovhd79~LVBsP4kM~ttrpgWPbyAvTU9mYPGamsvFUPzz~93FciJIIbDmidU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=lhaz240.exe

https://doc-0o-74-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/887jv8plg178i1qq6o1k84atkseg0910/1424397600000/15520639828014582061/.../0B9lIUVILRCwvajY3MHZqdjZ2cms?e=download

https://docs.google.com/uc?id=0B9lIUVILRCwvajY3MHZqdjZ2cms&export=download

Scan lhaz240.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.