nostale bot (hit).exe

Nostale Bot

This is a setup program which is used to install the application. The file has been seen being downloaded from s6017.chomikuj.pl and multiple other hosts.
Product:
Nostale Bot

Version:
1.0.0.0

MD5:
e7e91a250192a1eeeb3f45e6cd1efe82

SHA-1:
624b7ef013db5320c0c4d26055d7b85b193f7e86

SHA-256:
6ce5d67dd4e05f79970e3396c0510e5f45c0ef2b9d84b655ae89d88237ca7e5b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 8:16:39 AM UTC  (today)

File size:
79 KB (80,896 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2009

Original file name:
Nostale Bot.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\nostale bot (hit).exe

File PE Metadata
Compilation timestamp:
10/23/2009 3:02:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:DqV/fNAq2/BQrYJ/9JQ+MX0eRT6XOvjxwceNmqV7fNAq2:Dm/14/Y49MX/S8xheNmm714

Entry address:
0xFEDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
56 KB (57,344 bytes)

The file nostale bot (hit).exe has been seen being distributed by the following 4 URLs.

http://s6017.chomikuj.pl/File.aspx?e=R7PSOtfuQWEy-h6dO3vAayvp31IfkOhIR0gkAgE5co_Zh9Ozoxj9YUA7g-d1tZeoehOyl6DmvelG5-Z7v7mJ08Fs9mTDySH2NS-aF13icMWRyLE3O7_17ZcAPg-1Dy5XdBFfwW8NCbx9zmFQJ3edWw&pv=2

http://s6017.chomikuj.pl/File.aspx?e=R7PSOtfuQWEy-h6dO3vAa3INpQHC4R9uj6YJzPOBggKLYYG3Zlm5sxTKF7OoEqBopRnjaCB87xEakT01XADLN6nFZC-14cDNFPqg7ZPUnenJ4xua73E_y3WRVk8UcKEjXsjY_ZlTVm2VeXqt0VtjvA&pv=2

Scan nostale bot (hit).exe - Powered by Reason Core Security