home

mecanet.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ioc.xtec.cat and multiple other hosts.
MD5:
4efa9002c6e7dcbf1023cc4c9c40b052

SHA-1:
3ceb16154c36a3545e2d2afe9c88c5fd1992279f

SHA-256:
a9bb1fb8e715c389bc747a0ac6085e3ba09c84c9067106d8167bcf1e5b030fd3

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
2/26/2025 9:55:14 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0810
7.2.10

File size:
1.6 MB (1,680,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mecanet\mecanet.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:13zJCYKi7KWSMil1aETzcbropCEFdC1+ejSJAV5JZdlUkLBosvDG+GcovR:RJCX7l1QbkddcbFxBokDxA

Entry address:
0xB48B8

Entry point:
55, 8B, EC, 83, C4, F4, 53, 56, E8, CF, EB, F4, FF, E8, A6, 04, F5, FF, E8, 65, 44, F5, FF, E8, E4, B4, F5, FF, E8, B3, C2, F5, FF, E8, 9E, 39, F6, FF, E8, 55, 59, F6, FF, E8, B0, D0, F6, FF, E8, 67, 01, F8, FF, E8, 5E, 05, F8, FF, E8, 3D, 30, F9, FF, E8, E0, 5D, F9, FF, E8, 8B, 7C, F9, FF, E8, F2, 8A, F9, FF, E8, 59, CF, FC, FF, BB, 78, 75, 4B, 00, BE, 48, 80, 4B, 00, 8B, 03, E8, 9C, 2F, F6, FF, 68, 98, 4C, 4B, 00, A1, 14, 70, 4B, 00, 50, E8, 68, 0C, F5, FF, 8B, C8, BA, 64, 00, 00, 00, A1, 7C, 75, 4B, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
719.5 KB (736,768 bytes)

The file mecanet.exe has been seen being distributed by the following 3 URLs.

https://ioc.xtec.cat/campus/mod/.../view.php?id=368340

http://181.198.81.213/pluginfile.php/43132/mod_assign/.../MecaNet.exe

http://ioc.xtec.cat/campus/mod/.../view.php?id=315975

Scan mecanet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.