home

pando_suddenattack.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dwcdn.axeso5.com.
MD5:
5f24ad4604c303450f556176e0189997

SHA-1:
8cc45dec0a9369785314cde19bf40e7be5f7b8a7

SHA-256:
0ac63add9d1c0b2df9ca3dcc5e4d574935c62e9820b0d6369df3d238e2d33fb0

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/6/2024 2:02:01 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
W32/Obfuscated_M.GAF
11.20160106

Trend Micro House Call
TROJ_GEN.R47H1J5
7.2.6

File size:
2 MB (2,047,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pando_suddenattack.exe

File PE Metadata
Compilation timestamp:
8/31/2012 7:30:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:zMgyl2b4bs0FwbeJNEGVj92YB1yHiy73fQ5oc:Yqko0FwbenJjYYWCO3fQ

Entry address:
0x6A98E0

Entry point:
60, BE, 15, F0, 8B, 00, 8D, BE, EB, 1F, B4, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1.9 MB (2,011,136 bytes)

The file pando_suddenattack.exe has been seen being distributed by the following URL.

http://dwcdn.axeso5.com/pando_suddenattack.exe

Scan pando_suddenattack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.