noactivex-52143604.exe

Kaseya Remote Control Relay Client

Kaseya International Limited

Publisher:
Kaseya International Limited

Product:
Kaseya Remote Control Relay Client

Description:
Kaseya Remote Control Relay Client - Connector

Version:
6, 5, 0, 0

MD5:
ca69a292f58d747307c278ae6fe4f711

SHA-1:
5f60139f8f4dd04bdb3af8d93ecc961a29764e26

SHA-256:
ff7d5a97b194ee599619abd906736b3b4b7aa0ba535deaab342ce0b01770396d

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 12:27:31 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
1.0.0.1015

File size:
3.7 MB (3,845,826 bytes)

Product version:
6, 5, 0, 0

Copyright:
Copyright © 2001-2014 Kaseya International Limited. All Rights Reserved.

Trademarks:
http://www.kaseya.com/jp/trademark-guidelines.aspx

Original file name:
KRlyCCon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\noactivex-52143604.exe

File PE Metadata
Compilation timestamp:
9/23/2014 5:02:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:pYJtxdFN3Z2PatnxPCKIc9wLV1kHi1dQZDUWqgVLvIi/0LsP:pKtxdTUUCAwvfQZIWqgVjIq

Entry address:
0x5FDD2

Entry point:
E8, 41, CE, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C...
 
[+]

Entropy:
6.4978

Code size:
620.5 KB (635,392 bytes)

The file noactivex-52143604.exe has been seen being distributed by the following URL.

Scan noactivex-52143604.exe - Powered by Reason Core Security