messenger-reviver_2-4-5_fr_429721.exe

Messenger Reviver 2

Jonathan Kay

This is a setup program which is used to install the application. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
Publisher:
Jonathan Kay

Product:
Messenger Reviver 2

Version:
2.4.5.0

MD5:
aad3d7db438834450c08872879eef23e

SHA-1:
f7559a63a21a3618a750822041b0183f443cc40c

SHA-256:
dc622f4376d693d50bf436961f32a2a62d556cafcb518881e9be9049941e1a67

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 6:20:16 AM UTC  (today)

Scan engine
Detection
Engine version

nProtect
Trojan/W32.Agent.427008.AC
15.12.31.01

File size:
417 KB (427,008 bytes)

Product version:
2.4.5.0

Copyright:
Copyright ©2015 Jonathan Kay

Original file name:
MessengerReviver.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\logiciel\menssenver revive\messenger-reviver_2-4-5_fr_429721.exe

File PE Metadata
Compilation timestamp:
4/13/2008 8:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:p/0uoDNr7IKkP/boGBeRMfddE8B2bK84a9Jplt6RGc4tCDsKVRuJxR5uscaPD:pJgNr7IKkP8UNQmBa9X4vfVRUH/D

Entry address:
0x645C

Entry point:
E8, 0A, 00, 00, 00, E9, 7A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, D0, B2, 00, 01, 85, C0, 74, 07, 3D, 40, BB, 00, 00, 75, 4D, 56, 8D, 45, F8, 50, FF, 15, 70, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 6C, 11, 00, 01, 33, F0, FF, 15, 68, 11, 00, 01, 33, F0, FF, 15, 64, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 60, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, C6, 25, FF, FF, 00, 00, 5E, 75, 05, B8, 40, BB, 00, 00, A3, D0, B2, 00, 01, F7, D0, A3, CC, B2, 00, 01, C9, C3, CC, CC, CC...
 
[+]

Developed / compiled with:
Microsoft CAB SFX

Code size:
38.5 KB (39,424 bytes)

The file messenger-reviver_2-4-5_fr_429721.exe has been seen being distributed by the following 9 URLs.

http://www.ranchsendgift.com/vLvMs8xNhR8rvlsFQfc9sVRi_lA1RvbU7kjo 9Dgw8UhpvzhfYoQ Molx569TMJ4SWhTASfG76f34NWQviSqnkExIi_h7lDN6EYEp wgrgBVmnzu2u9e vedHREzWIeREdTM3HAkaeKBmfwBIpnaaFSHHgitpgTf3rA iaPzMblRUeQL8XAP_GU87x87 3jE8WdPurMRYjAW8h0knjEzQbrhN562PA==-GzsAAARqczG9QbTElYV yBgrBhlswIFT4TrBIDZM5ESCtuR81lhR7V0S3aILblkW_Zs5Q8sVSuMD

http://www.towerbitscenter.com/bD5 ra4mBLACiEjfQ5VT4ngYmv1jOHVJMSKAHfH6WC6SoaPKWhXk4QkAz2NHWt_4iW_zjHVrG xByq96l oxegwETPPi4Z04ngQYDXh6zu9 _6duGLWb3TqCAKNnMEesU9YPK3bcUMlcTPbgViCE2_W6uqNL4cfrlcahQVi9Jx0CtGZbIJ3QpCd6ygriPQWIvSyo9hLQt2HOiodSvxRfOQrA5HUeIw==-GzsAAARqczG9QbTElYV yBgrBhlswIFT4TrBIDZM5ESCtuR81lhR7V0S3aILblkW_Zs5Q8sVSuMD

http://www.ranchsendgift.com/Ekm1vodRlpu3q8DiEDjHPdd3UkUEO237sXq9KmhSneLiiCf6 sLg6lEv0neKsYdpdgFZ0v0v3wnikIfhAspPqXGuEZrUUnbwIQpw9M050jjwVokTmlAaGP_ux2Nt7WwbUEuo fagR91h4TbE7yooJJMCmzsS3dczTfdI25OB8j4wLMoQmlbrfZodSCUrVrxt4olUuhWCWSoioz8Rn0Y8V8R0wFCp7A==-GzsAAARqczG9QbTElYV yBgrBhlswIFT4TrBIDZM5ESCtuR81lhR7V0S3aILblkW_Zs5Q8sVSuMD

http://www.towerbitscenter.com/WqGwEt8tVDB01IZWSeHFrV3l17z3bh1VHUQb3D99uK5nn6PEW2yeVQfaNabik6090buR7EdVhL6uQNaq88zUT2uwX4S3YqbYo_vqgd4_pCLY6gXyKZZVpok6SQCrkAljuK5cpABI_78T9n6p9i7XyOeGGeyw8yJuivfj J2IW6qiad2Xm0JdIZG9GMf1R704jNDyCQFyFXm5i1Dgw7NpGJMLmKDwGg==-GzsAAARqczG9QbTElYV yBgrBhlswIFT4TrBIDZM5ESCtuR81lhR7V0S3aILblkW_Zs5Q8sVSuMD

http://www.ranchsendgift.com/1P9KjtS0Fv0YEn0AFVEZ_Dq2vJMroCd SrI45neFZ0QAxyNlm08YFX4d81ad1ctg1igkPZVUFAtHAhlThGaylWvzs7fxwi 4NqLO2vjneEcQfZJvoJ9hxxc5G g24S9BIa2IBswmOluiW YP2Gf6FCpTKgtteCBUQKs0uSdlJu5JbfuGXsqtZ 410ZsGl2Lt4jtYc ZONMaOYVlm7GQXFfUMKhRUuA==-GzsAAARqczG9QbTElYV yBgrBhlswIFT4TrBIDZM5ESCtuR81lhR7V0S3aILblkW_Zs5Q8sVSuMD

http://www.ranchsendgift.com/tz6Le2BWioyP4awJ1qwgK06yIaujbUc4BccKy5BFqOESA9ZPUpUOTd2wsoFWosLzQ uYM9eUVgbA6YwvAEmS0ZpiTSWeHyRHnQO 6zTy 8ROYb1R1ruUs4 CnbJVViyP8JJM7JC2qq2FLmYrvzO4YnTSns3a6aQD8WcCmDfam8KY2sutwfziPMkMONkhLdG hZqFcurGOwHexTZtuSB5IkEV4rdjzg==-GzsAAARqczG9QbTElYV yBgrBhlswIFT4TrBIDZM5ESCtuR81lhR7V0S3aILblkW_Zs5Q8sVSuMD

Scan messenger-reviver_2-4-5_fr_429721.exe - Powered by Reason Core Security