home

picexa.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.downxkyah.com and multiple other hosts.
MD5:
2e442b2316937afc8cca2ea02fa6d524

SHA-1:
a28b4ad1da9a3a5aedb1e786f9cb75bccb99123d

SHA-256:
7ecf572cbb0e28e2b48095a9d0e95799527466b57cef20b5767abd41ec0cc5ba

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/4/2024 6:26:42 PM UTC  (today)

File size:
1.2 MB (1,309,250 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\picexa.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24576:evcRb+yN1/QN4pdd7QOhyoiDSGnNFBiX86yVXOHUW4JuxL4bbNXgCkv:hRCyni47QOhyPemjBi9yV+HZ4qOxXw

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, BB, D2, AA, AF, A4, A3, 49, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 0A, A2, 1B, 3F, BB, C1, 41, BA, 59, 07, 00, 40, 56, 18, E2, A0, CC, 05, CC, 82, 28, 88, 79, C0, 9A, 83, 08, B6, 4E, 8B, 64, 57, AB, 08, 9D, CB, 32, 6A, E0, 4B, 0D, 70, 6B, 47, 9A, F3, 1F, F2, 2E, 24, AC, 09, CF, F8, 1A, BD, 65, CD, C1, 04, CD, DF, 97, 37, E6, B2, 91, E5, E7, B4, AD, AA, 2C, 76, 6F, 28, 37, 3D, B9, 29, A1, A5, E6, EC, E1, D1, D9, 40, 14, 6B, DC, FC, 91, 32, B8, E6, BB, 18, 07, AA...
 
[+]

The file picexa.exe has been seen being distributed by the following 7 URLs.

http://www.downxkyah.com/Public/softs/lim2/9283/.../picexa.exe

http://www.reqsfhxn.com/Public/softs/lim2/9283/.../picexa.exe

http://www.downkegja.com/Public/softs/lim2/9283/.../picexa.exe

http://www.reqqeupe.com/Public/softs/lim2/9283/.../picexa.exe

http://www.reqovahp.com/Public/softs/lim2/9283/.../picexa.exe

http://www.requbjvb.com/Public/softs/lim2/9283/.../picexa.exe

http://www.reqchugd.com/Public/softs/lim2/9283/.../picexa.exe

Scan picexa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.