home

oziexp.exe

MD5:
17e2fc8626f869911e61ef78e1c01df0

SHA-1:
08efa430bb66c54448326618096b56b7932e26ad

SHA-256:
8d62865b4290dbb83dc08dc62d492d69de84b3175e6d541dff972769026e1997

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/8/2024 7:52:35 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
21667

Norman
Suspicious_Gen2.UYZPV
11.20150504

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0C1H05LO14
7.2.124

VIPRE Antivirus
Trojan.Win32.Generic
39110

File size:
2.5 MB (2,646,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\compressed\oziexplorer.3.95.5n.cracked-tsrh - copie\oziexp.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:GfoovVHVoZ3J/YJFyhZ7Q3r9AFEWNXnXc5YRsmfiMgcOU7m6tlD:6ocV6BJ/iyhFG2EWdnXcHNMjOU7tlD

Entry address:
0x1000

Entry point:
68, 01, F0, 60, 03, E8, 01, 00, 00, 00, C3, C3, B5, 78, 17, D3, 0C, 80, 82, DF, B3, A5, 71, 8F, D9, 4F, F2, 66, AC, 14, 7F, DD, A3, B6, 10, 55, 4D, FF, 8C, 80, 29, B4, D6, 11, 6A, F1, 5C, 52, DB, F8, 14, AE, C9, B7, 97, 60, 52, 07, 55, B2, CB, 96, D5, C9, 6B, 39, A6, F8, 11, 15, A1, 98, B2, F1, 5C, 01, 53, 88, 13, 58, CA, 85, B4, 19, FA, 96, 4B, 71, 7B, C9, B3, 69, F5, BE, 95, FA, 7B, 86, 65, 6A, 33, C2, A9, 39, D6, D5, AE, 69, 2C, 76, D6, 0E, FE, B4, A5, 26, 9E, F9, CA, E1, DF, FE, A5, B2, F4, 55, 8F, 43...
 
[+]

Entropy:
7.9814

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
5.4 MB (5,655,552 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ozie.oziexplorer3.com  (198.1.75.152:80)

Scan oziexp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.