picexa0514.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.177 and multiple other hosts.
MD5:
0192a4e379653bb8f7dc0b6f2f812a9a

SHA-1:
5cb64ccba9043793d182dc5a23ee0a6fc5e42d18

SHA-256:
4015f0ef3499e7645ba2b3b26cc05ecbcde074a62e9e6f806b7a8342e9342dba

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/29/2024 12:55:17 AM UTC  (today)

File size:
21.1 MB (22,137,584 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\924woelk\picexa0514.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
393216:pYXAeGoke0MzGOPaR3ncvnd91/gpUh142j7Gb8avI7oeGESi7XQC:pYQkkLOO3cvndb/vwQoFwMe9zQC

Entry point:
37, 7A, BC, AF, 27, 1C, 00, 03, 79, B9, 70, D1, AB, CA, 51, 01, 00, 00, 00, 00, 25, 00, 00, 00, 00, 00, 00, 00, B5, 99, 9C, E2, 00, 36, 88, 18, CF, 53, E8, 37, 2C, 27, F1, 1F, EA, 95, 37, 90, A8, 1A, 0F, 78, 16, EB, 8E, 20, 9A, ED, D0, 63, FC, 17, F8, 39, 79, 60, DE, 4A, 8B, 55, 49, A4, 3E, AB, D6, CF, 45, AE, DD, 8A, 07, 75, A7, BF, BA, 51, 56, C3, 7C, AD, 63, 55, E2, 71, DD, 74, 0C, 86, 07, 95, E0, 99, 6B, D6, 8A, D8, CE, ED, 07, 73, BD, 2A, CE, A1, F1, A4, CF, F1, 7E, 00, 40, 7E, C1, 0F, CF, 7A, A6, 7A...
 
[+]

Entropy:
8.0000  (probably packed)

The file picexa0514.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.177/.../picexa0514.exe

Scan picexa0514.exe - Powered by Reason Core Security