home

picexa0625.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.170 and multiple other hosts.
MD5:
1ede1b40277f63626dc01c29064079ec

SHA-1:
c126481a438225453e345b9e94eee01d8deca0fa

SHA-256:
3fb73ae3b7fbb40d5820295340b5ebb6826b9a388539705294573040edc6459a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 8:34:25 PM UTC  (today)

File size:
1.2 MB (1,309,247 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\fp5esydi\picexa0625.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24576:nRx+yN1/QN4pdd7QOhyoiDSGnNFBiX86yVXOHUW4JuxL4bbNXgC8:Rkyni47QOhyPemjBi9yV+HZ4qOxXY

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, 80, 61, AB, 90, A1, A3, 49, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, EE, 3D, 3D, 77, BB, C1, 41, BA, 59, 07, 00, 40, 56, 18, E2, A0, CC, 05, CC, 82, 28, 88, 79, CA, 13, 84, 85, E9, C6, C7, 79, 7F, DC, 62, 4C, 99, FE, 76, 6F, CA, 31, B4, 9C, 9A, 1C, D3, 54, A5, E2, B2, AD, FD, 41, E4, 85, 26, 82, 23, 18, E4, 95, 93, 97, F3, 23, FD, 76, 09, 6B, A5, 25, 0A, 7E, 4A, 0A, 53, 59, 6A, 1E, 22, B8, 52, 35, B2, D3, 9E, FA, A9, 12, D4, 51, D9, F9, D4, 47, A3, 9A, D0, D1, 82...
 
[+]

The file picexa0625.exe has been seen being distributed by the following 5 URLs.

http://113.171.224.170/.../picexa0625.exe

http://113.171.224.166/.../picexa0625.exe

http://113.171.224.212/.../picexa0625.exe

http://113.171.224.214/.../picexa0625.exe

http://dl0529.puphelp.com/download/.../picexa0625.exe

Scan picexa0625.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.